Nov 3 – 5, 2023
Riga, Latvia
Europe/Riga timezone

Using Ubuntu’s new snapshot service at scale with Azure and AKS

Nov 5, 2023, 4:00 PM
Sigma – Talks (Radisson Blu Latvija)

Sigma – Talks

Radisson Blu Latvija

Talk (50 Minutes) Infrastructure


Colin Watson (he/him)
David Duffey
Mr Koshy John
Ye Wang


The Ubuntu archive publishes the current state of Ubuntu, which is
fine for standard systems that stay up to date manually or using tools
such as unattended-upgrades. Launchpad keeps track of historical
versions of packages as well, but until recently that wasn't made
available in a particularly convenient form. Canonical's Launchpad
team has now built an Ubuntu snapshot service, running on, that provides full history of the Ubuntu archive
starting from February 2023; this allows developers to explore the
evolution of the archive over time much more easily, and it allows
admins to update fleets of Ubuntu systems from snapshots using safe
deployment practices, phasing the deployment over time while ensuring
that all systems end up with the same set of updates. In the first
part of this talk, Canonical engineers will explain the technical
changes we made to Launchpad and to apt to support this, and show some
useful things you can do with it.

A major use case for the snapshot service is in cloud deployments, and
so Canonical also worked closely with the Azure team to integrate this
service into the update mechanisms for VMs using Azure Guest Patching
Service and containers using Azure Kubernetes Systems. When enabled,
this makes the system more reliable by providing a consistent and
predictable roll-out mechanism for updates that can be tested,
monitored, and paused if anything goes wrong, and it brings a feature
to Ubuntu that is already familiar to customers using Windows. In the
second part of this talk, experts from the Azure team will explain
some of the challenges that led to this project, describe the changes
made in response to them, and show how their users can take advantage
of the new mechanisms.

Session author's bio

Maulik Shah is a Senior Product Manager with Microsoft Azure’s Core Compute team in Dallas, Texas. His collaboration with Linux publishers such as Canonical has streamlined the VM patch management process for customers.

Koshy John is the Technical Lead for Linux Patching in Microsoft Azure’s
Core Compute team in Redmond, Washington. One of the architects behind the design of the Azure-orchestrated safe deployment of patches on Linux in Azure, his focus is always on industry-leading solutions to improve customer experience on the Azure platform.

Ye Wang is a Principal Software Engineer and Tech Lead for Node Security Patching in Microsoft Azure Kubernetes Service (AKS) team in Redmond, Washington. He is the chief designer of node patching solutions for AKS, a managed Kubernetes service from Azure. He is one of the collaborators of the Canonical Snapshot service solutions and designed and architected the AKS integrations.

David Duffey, Principal Software Engineering Manager.  David is based out of Austin, Texas and leads the Azure Core Linux teams for Microsoft’s Linux Repositories (, Azure Serial Console, and Azure Linux Provisioning and Supportability.

Colin Watson is a Staff Engineer at Canonical, originally from Ireland and now living in Cambridgeshire, England. He has been contributing to Ubuntu since the beginning, and is the current architect of Canonical's Launchpad development platform (

Social Media
Level of Difficulty Intermediate

Presentation materials

There are no materials yet.