Ubuntu Pro - FAQ

Community flavours are maintained by the community, not Canonical.

Ubuntu LTS gets security maintenance for Ubuntu Main for 5 years from Canonical, and community maintenance for the Universe.

With Ubuntu Pro subscription both Main and Universe are security maintained by Canonical for 10 years. You can also add 24/7 enterprise-grade phone/ticket support.



The free license works for up to 5 machines (can be 5 VMs) and is limited to personal and small-scale commercial use. For details, check the Ubuntu Pro Personal - terms of service, but the unlimited VMs offer doesn’t apply here.

Paid licenses can benefit from unlimited VMs if:
(1) all physical nodes are covered,
(2) you’re running on a “covered hypervisor” (any of: KVM | Qemu | Boch, VMWare ESXi, LXD | LXC, Xen, Hyper-V (WSL, Multipass), VirtualBox, z/VM, Docker.)

You will receive a token to attach an Ubuntu Pro subscription to your machines. The token is the same for each machine you attach to a single subscription. Check this tutorial to find out how to obtain a token and attach a subscription to your Ubuntu machines.

On the commecial note, let’s say you have 50 physical machines. Then, if you buy 50 x Ubuntu Pro subscription, you can attach the token to 50 physical machines and an unlimited number of VMs running on top of those machines.

hope it helps!

1 Like


We are very proud to see many organisations moving to Ubuntu Desktop, which continues to be the preferred Linux OS for experienced developers. Thanks to features such as AD integration, developers find it easier than ever to use Ubuntu officially in their workplace.

As you know technically Ubuntu Desktop is an Ubuntu Server with the GUI, and you can install it on your rack-mount server machine in the datacenter. That’s why, in the service description, we specifically called out “a desktop use-case”.

The easiest way to test if Ubuntu Pro Desktop is applicable is by asking 2 questions:

  • is there a human in front of the screen, or can the machine run “on its own”?
  • is the software installed on this machine typical for desktop use-cases, or is it something typical for servers?

Therefore, if you run a server use-case you should buy the servcer subscription, because our support will be limited to the desktop use-cases.

hope it helps!

1 Like

Thank you, that’s a great question.

Technically, you can detach a subscription, same way you attach it. simply use ‘sudo pro detach’ command.

That said, it’s possible that you’d get rid of a VM without detaching a subscription. Then, you might struggle to find a way to detach it.

This is why we don’t prevent you from attaching more machines than the number of entitlements you have (either free or paid). Instead, we monitor how many active machines you have at any given moment. In other words, you should ensure that the number of active machines does not go over the limit.


Thank you for your response. It would be great if you could answer a few more clarification questions:

  • Do the terms of service forbid using Ubuntu Pro Desktop for non-desktop use cases (e.g., a web server), or is it just not recommended? (I.e., is the “should” in your last sentence actually a “must”?)
  • Is the set of packages that receives security updates the same for Ubuntu Pro Desktop and Ubuntu Pro Server, or does Desktop receive less updates?
  • Does the restriction “our support will be limited to the desktop use-cases” of Ubuntu Pro Desktop has any further effect if I buy the Ubuntu Pro Desktop without support, i.e., where I would not get support anyway?
1 Like

Hi Philipp,

Using Ubuntu Pro Desktop on non-desktop use cases would violate the terms of service and is not allowed.

Security patches are the same for Ubuntu Pro, whether running a desktop or a server.

I hope it helps!


5 posts were split to a new topic: Pro on Non-Ubuntu Systems

Thanks for clarification. :+1:t4:

Good Morning,

is this correct?

If there are 10 physical Hypervisor Hosts in a cluster and we use anti-affinity-rules so that the VMs can only be moved between 2 pysical hosts of the 10 hosts cluster, then we only need 2 licenses for unlimited Ubuntu 18.04 Guests on those 2 physical hosts?

1 Like

FYI: I can’t finish the order form, the button is inactive even though there are no errors in the form and the captcha is solved. I am using the latest version of chrome, no proxy.


Just one box to check-mark left.

Hi, thanks for posting! There was an issue discovered with this button which we’re in the process of fixing and it should be resolved by next week.

The main cause of this problem is the information entered into section 1 of the form not being saved. This then blocks the button and makes it un-clickable.

To solve it, please can you check that the information has been saved in the earlier sections. If it hasn’t saved, please re-enter any missing information and save it, and you should then be able to submit the form without any problems.

If you’re using Ubuntu on 10 Hypervisor Hosts, then it should be 10 licenses, even if not all Guest VMs are Ubuntu VMs. If you only use Ubuntu Guests VMs on 2 physical hosts in your cluster, then it should be 2 licenses, as you suggested.

1 Like

Thank you for the response. I can’t get the button to work, everythings seems to be saved. I’ll wait till next week.

As I didn’t find it anywhere, could you please comment on the following?

  1. What is the frequency of the CVE security patches on average?
  2. What is the time difference between security patches between PRO and upstream?

Thank you

In this blog post you can find detailed information. But to summarize, the Ubuntu security team is triaging, fixing and releasing updated software packages for known vulnerabilities every day. On average, the team is providing more than 3 updates each day, and the most vital updates are prepared, tested and released within 24 hours.

It will depend on the CVE priority. As stated above, critical vulnerabilities are released within 24 hours. Then, on average, high CVEs are patched within 30 days, and medium CVEs within 60 days since they are known to the Ubuntu Security Team. This criteria applies to every package affected by the vulnerability, across every Ubuntu release actively supported.

In general, preparing a security update requires not only a proper understanding of the security issue and its impact on the package(s), but also a great engineering effort to make sure that the issue is fixed and no regressions are introduced. Please note that the security team might need to backport the upstream fixes/patches to older versions of the vulnerable software as they are present in the different affected Ubuntu releases.

In this wiki you can find more details about the processes and tools involved in preparing, testing and releasing security updates. Also, please note that packages which have autopkgtest enabled will have their tests run automatically on the Ubuntu infrastructure whenever they get updated or any of their dependencies change. This means any other package that depends on the one being updated, will also have their tests run every time security engineers release a security update.

These strong building and testing processes and infrastructure, contribute to make Ubuntu as one of the most robust and secure Operating Systems.

1 Like

FYI: The wording is kind of strange here. “Machines” seems to be used for hosts and virtual machines in the backend? There are 4 licenses for hypervisor-hosts, and 7 attached Ubuntu VMs in the screenshot. It looks to the visitor, as if the ubuntu vms are counted as licenses, and so 3 licenses are missing.


Could you please clarify how Ubuntu Pro subscription works with CI? To have a specific example, let’s say I build docker images from Ubuntu base and want to install “pro” security patches in them, how many licenses do I need? There’s just one build agent where images are built, but many places where containers are run. So is it one license for the builder, or many licenses for however many machines I run containers on? Does it matter if those containers themselves run on Ubuntu or not?

I have not been able to find a way to see what hosts are subscribed to Ubuntu Pro, from a centralized view. I have searched all hosts that I have access to, and can only account for 4 installations, though it says I have 5.

I’m trying to figure out how an enterprise, paying $500/license minmum, would audit for abuse, and track down unauthorized licensing of assets (e.g. An admin licensing their personal hosts).

I have not been able to find any docs or screens on hostnames, IPs or other identifiers for hosts that are licensed. …and with that, will there be a way to centrally detach / ban clients or replace keys.

Any assistnace is appreciated…Thanks!

1 Like

So I created an account, used one of my five free pro tokens to register a VM, then crashed it (I was experimenting with realtime kernel on 512MB of memory, oops). I blew it away… deleted the VM… now, have I lost that one free pro token, no way to revoke it and get it back?

1 Like