Home

What's new in Ubuntu Server Edition

This page provides a summary of the new features in Ubuntu Server Edition since version 8.04LTS.

  1. Ubuntu Server Edition 9.04

    1. Boot performance
    2. Linux Kernel 2.6.28
    3. Ext4 Filesystem
    4. Cloud Computing
    5. Turn-key mail servers
    6. Power management
    7. Screen-profiles
    8. Server virtualization
    9. LVM by default
    10. Microsoft Exchange Support (openchange)
    11. Samba 3.3
    12. Support for OEM pre-installation
    13. /etc under revision control
    14. Uncomplicated Firewall (ufw) new features
    15. New apparmor profiles
    16. Boot from multipath devices

     

  2. Ubuntu Server Edition 8.10

    1. Boot degraded raid settings
    2. Compiler security-hardening features by default
    3. DKMS
    4. Encrypted private directory
    5. Free portion of Landscape client inform administrators
    6. Network services compiled as position independent executables
    7. New installation profiles
    8. Notable inclusions in main repository
    9. "OpenLDAP using cn=config"
    10. Pam authentication framework
    11. Samba 3.2
    12. Select-editor command
    13. Server virtualization
      1. python-vm-builder
      2. Ubuntu as a Xen guest
      3. JeOS now an option of the server installer
      4. Simplified KVM virtualization environment setup
    14. Service command now supported
    15. Service-aware uncomplicated firewall (ufw)

 

Ubuntu Server Edition 9.04 (Jaunty Jackalope)

Boot performance

A number of improvements to the Ubuntu start-up process bring significantly improved boot performance to Ubuntu 9.04.

Linux kernel 2.6.28

Ubuntu 9.04 RC includes the 2.6.28-11.37 kernel based on 2.6.28.8.

Ext4 filesystem support

Ubuntu 9.04 supports the option of installing the new ext4 file system. ext3 will remain the default filesystem for Jaunty, and we will consider ext4 as the default for the next release based on user feedback. There has been extensive discussion about the reliability of applications running on ext4 in the face of sudden system outages. Applications that use the conventional approach of writing data to a temporary file and renaming it to its final location will have their reliability expectations met in Ubuntu 9.04.

Ext4 support in GRUB was provided by Colin King. If you choose to upgrade your / or /boot filesystem in place from ext2 or ext3 to ext4 (as documented on the ext4 wiki), then you must also use the grub-install command after upgrading to Ubuntu 9.04 to reinstall your boot loader. If you do not do this, then the version of GRUB installed in your boot sector will not be able to read the kernel from the ext4 filesystem and your system will fail to boot.

Cloud computing

Ubuntu 9.04 Server Edition makes it easy to experiment with cloud computing. Eucalyptus, an open source technology which is included in Ubuntu as a technology preview, enables you to use your own servers to deploy, experiment and test your own private cloud that matches the Amazon EC2 API, which is Ubuntu's first step at creating an Ubuntu Enterprise Cloud. You can dynamically create virtual machines, configure multiple clusters into a single Cloud and even provide an EBS (elastic block storage) equivalent and an S3 compatible storage manager.

More on Ubuntu Enterprise Cloud >>

Turn-key mail servers

The dovecot-postfix package in Ubuntu 9.04 provides an easy-to-deploy mail server stack, with support for SMTP, POP3, and IMAP with TLS and SASL.

dovecot-postfix was packaged by Ante Karamatić.

Power management

Suspend, resume, hibernate

Some features, previously available on the desktop edition, are now provided on Ubuntu Server. In addition to energy savings:

  • resuming from suspend would provide a faster boot for some servers,
  • hibernate could allow some hardware maintenance and restoration of previous state,
  • hibernate is useful for security forensics/research following a security break.

See blueprint for more details

Power Capping

Through the pwrkap project, Ubuntu Server provides a set of utilities to monitor computer energy consumption and enforces an upper limit on the amount of power consumed by the computer at any given time.

Screen-profiles

screen-profiles is a new package that provides a colored text interface with tabbed windows, ability to background processes, dynamically updated status indicators for the distro, release, reboot-required, updates-available, ec2-cost, system load, num-cpus, cpu-frequency, total memory, memory used, date/time, etc..

Server virtualization

Modern, even more full featured KVM (v84) with a number of stability and performance improvements, and early preview support for nested virtualization (virtual machines running virtual machines).

KVM has supported live migration for well over a year already, but it now support this all the way through the stack, from hypervisor (KVM itself) through libvirt and all the way to virt-manager.

KSM is a new technology within KVM which allows for memory aggregation. Identical memory blocks accross virtual machine are detected and aggregated allowing for a much higher density of guests on a given host when running similar virtual machines.

PCI passthrough feature of KVM allows to assign PCI devices directly to a given guest (up to 8 guests per PCI with supporting PCI devices), bringing performance to an unprecented level.

LVM by default

Default support of LVM in the installer allows for easier setup and maintenance of servers. Also, recognition of LVM storage in the LiveCD allows for a smoother migration from a system currently using LVM.

Microsoft Exchange Support

The openchange library is available in jaunty to enable Ubuntu system to interact with Exchange servers: libraries, command line tools and evolution plugin.

Samba 3.3

Samba 3.3 now adds, Extended cluster support and even better behaviour with current Microsoft Windows(TM) clients and servers

Support for OEM pre-installation

The oem-config tool now supports server pre-installation, allowing server hardware manufacturer to pre load Ubuntu Server Edition on their servers. The tool also allow appliance and virtual appliance makers to define a set of questions that will be ask to the end users the first time the system is booted to finalize the configuration.

/etc under revision control

Modifications to server configuration files are now easily tracked, audited and reverted through the bazar revision control system using the updated etckeeper package.

Uncomplicated Firewall new features

Version 0.27 of ufw brings many easy to use new features:

  • ufw now has debconf support, which means that you can enable ufw and setup some basic rules via the installer, and most importantly for server, via preseeding. Any "simple" rule can be preseeded (ie: ufw allow 22/tcp) as well as application profiles (ie: Cups, DNS, Imap (Secure), Pop3 (Secure), SSH, Samba, Smtp, WWW, WWW (Secure)), but not complex one (ie: ufw allow from 192.168.0.0/16 to any port 22 proto tcp).
  • ufw can now be used to add iptables REJECT directives now, both for rules and as the default policy.
  • Rules can now be inserted, rather than just appended to the end.
  • ufw now has the concept of log levels (off, low, medium, high, full) and can log on a per rule basis as well.
See the updated manpage for more details.

New apparmor profiles

Three new services are now apparmor protected by default when installed:

  • dhcpd3
  • dhclient3
  • tcpdump

Boot from multipath devices

Ubuntu systems can be booted from multipath devices to increase availability.

Ubuntu Server Edition 8.10 (Intrepid Ibex)

The following is a summary of the new features provided by Ubuntu Server Edition 8.10. In addition to this, you might be interested in looking at the Releases Notes.

Boot degraded raid setting

Traditionally, booting an Ubuntu installation with the root filesystem on a degraded RAID drops the system into a busybox prompt in the initramfs. This is the safest choice as it will prevent any further possible harm to data and let administrator pick what to do, but was causing issues with server hosted in remote locations. A system administrator can now statically configure their machines to continue on booting even if a disk is bad in the array by issuing the following command: 

echo "BOOT_DEGRADED=true" | sudo tee -a /etc/initramfs-tools/conf.d/mdadm

Additionally, this can be specified on the kernel boot line with the 

bootdegraded=[true|false]

parameter.

Compiler security-hardening features by default

The gcc compiler now defaults to enabling several security hardening features and warnings. This stops many undiscovered security vulnerabilities, rendering them unexploitable.

DKMS

DKMS (by Dell) is included in Ubuntu 8.10, allowing kernel drivers to be automatically rebuilt when new kernels are released. This makes it possible for kernel package updates to be made available immediately without waiting for rebuilds of driver packages, and without third-party driver packages becoming out of date when installing these kernel updates.

Encrypted private directory

The ecryptfs-utils package now provides support for a secret encrypted folder in your Home Folder (by Michael Halcrow, Dustin Kirkland, and Daniel Baumann).

To enable this feature, either activate it during installation or type the following from any command prompt: 

sudo aptitude install ecryptfs-utils
ecryptfs-setup-private

Free portion of Landscape client informs administrators

The open source client from Canonical's Landscape web system's management, now provides information to administrators when they log in to their servers regarding it's current usage and potential problems.

Network services compiled as position-independent executables

To take advantage of the kernel's ability to randomize the in-memory location of executables, many network services were compiled as position-independent executables (PIE), including: apache2, bind9, openldap, postfix, cups, openssh, postgresql-8.3, samba, dovecot, dhcp3. This makes certain kinds of security vulnerabilities even harder to exploit.

New installation profiles

Two new installation profiles have been added to the server software selection list (tasksel):

  • Tomcat Java Server: Tomcat 6 and Sun's Java OpenJDK 6
  • Virtualization Host: KVM and Libvirt

Notable inclusion in the main repository

The following packages have been included in the main repository and are now supported options that can be of particular interest for server administrators:

  • Sun's Java OpenJDK 6 - an open source implementation of the Java development kit
  • Apache's Tomcat 6 - A Java servlet container
  • ClamAV - a virus detection engine that can be coupled to mail servers. Note that ClamAV is protected by default by an AppArmor profile.
  • SpamAssassin - A spam detection engine that can be coupled to mail servers

OpenLDAP using ''cn=config''

The default installation of the OpenLDAP server now uses the cn=config extension, which allows automatic synchronization between LDAP replicas of configuration changes made.

PAM authentication framework

Ubuntu 8.10 features a new pam-auth-update tool, which allows simple management of PAM authentication configuration for both desktops and servers (by Steve Langasek). Packages providing PAM modules will be configured automatically, and users can adjust their authentication preferences by running sudo pam-auth-update.

More information can be found in the Ubuntu wiki.

Samba 3.2

A lot of new features have been added in Samba 3.2, including:

  • clustered file server support
  • encrypted network transport
  • IPv6
  • better integration with current Microsoft Windowsâ„¢ clients and servers.

Select-editor command

Running the 

sudo select-editor

command now allows you to pick which editor will be used by default to edit documents.

Server Virtualization

  • python-vm-builder

This is a complete rewrite of ubuntu-vm-builder featuring a better template system, a plugin architecture allowing support for other distributions, front-ends and additional functionalities such as post install task (--exec, --copy) or first boot (--first-boot, --first-login). It provides a compatibility mode with the previous command-line syntax and adds better reporting.

Python-vm-builder allows you to create a new virtual machine in a few minutes without going through the interactive installation process. It can be very useful for developers, software vendors or system administrators. A tutorial is available at https://help.ubuntu.com/community/JeOSVMBuilder

  • Ubuntu as a Xen guest

Using Ubuntu as a Xen guest is now a supported option included in the standard server kernel and is a choice when building virtual machines with python-vm-builder.

  • JeOS is now an option in the server installer

In an effort to simplify our build process and avoid confusion when trying to install JeOS on real hardware, JeOS is no longer provided as a separate ISO. Instead, it is an option that is activated on the server installer by pressing F4 on the first screen and selecting the "Install a minimal virtual machine" option.

  • Simplified KVM virtualization environement setup

Two new meta packages have been added to setup a virtualization environment using KVM:

  • ubuntu-virt-server will install and configure the tools you need to run KVM guest on a server,
  • ubuntu-virt-mgmt will install and configure the tools you need to administer a KVM server from a client.

Service command now supported

Fedora or Red-Hat administrators will now feel a bit more comfortable using Ubuntu as the service command they had been using to manage daemons is now standard on Ubuntu. In addition to the traditional 

sudo /etc/init.d/<service> [start|stop|restart]
way of managing a process, it is now also possible to use 
sudo service <service> [start|stop|restart]

To complete this, numerous standard services now support the status option so that, e.g., 

sudo service postfix status

will now report if the service is running or not.

Service-aware Uncomplicated Firewall (ufw)

Common services now inform ufw of the ports that are recommended for their proper enabling, so the administrator can open them in a single simple command 
ufw allow <service>