What to know when procuring Linux laptops
Rhys Knipe
on 23 December 2024
Tags: Certification , Ubuntu
Technology procurement directly influences business success. The equipment you procure will determine how your teams deliver projects and contribute to your success. So what does being “well-equipped” look like in the world of Linux laptops?
In this blog, we’ll lay down the best practices for procurement professionals who have been tasked with procuring Linux laptops. We’ll cover how you can ensure you get the most out of your hardware, meet your compliance goals and ensure long-term success.
Defining Linux laptops
You’ve received your requirements, and your mission is to stay faithful to them. Whether you’re procuring Linux laptops for specialized use cases (like AI and graphics), or general desktop use, it’s important to define the term “Linux laptop”.
Given that by design, Linux is hardware agnostic, you could describe nearly every laptop as a “Linux laptop.” All you have to do is install Linux. However, given the diversity of Linux distributions, and the different support models available from both software and hardware vendors, the task goes beyond just hardware. Procuring Linux laptops requires taking the whole picture into account – starting with balancing hardware and software.
Balancing software and hardware
Hardware and software are interdependent: you need to find the right combination to reach your security, stability and performance goals. You’ll likely find that the more specialized the use case, the more of a role hardware will play in your overall decision. That’s because specialized hardware is less abundant. Whilst Linux broadens your horizons, your choice of distribution and support model will likely need to accommodate stricter performance requirements than you would find with a general desktop.
By choosing a Linux distribution that is proven to perform at a high-level across a range of different laptops, you can ensure that you retain a large degree of choice at the hardware level. That’s where certification comes in.
The value of certification
Regardless of which Linux distribution you choose to use, you need to know that it works on the hardware in question, and can support your specific needs. This is where certification programs come in. Certification programs are when a publisher tests and optimizes their OS, in a laboratory setting, to ensure it can run smoothly on the hardware. This is especially important if your Linux laptops are for specialized use cases where there is no tolerance available for malfunctions.
Consistent experience
It’s important to check how thorough an organization’s certification program is, and that they’re transparent about how they decide to award (or not) certification. For example, Ubuntu is certified for over 1,000 laptops, from consumer and corporate to prosumer and workstation devices. Canonical documents Ubuntu laptop compatibility and the thorough testing that each device receives in coverage guides, with certification being withheld in the case that a device does not meet the required standard. This ensures a consistent experience for all users.
Continuous performance
Certification is not just about creating a consistent experience across different devices, but ensuring they continue to perform as required, through updates and patching. Taking Canonical as an example, all Ubuntu certified laptops receive support, through patching and maintenance, until the specific Ubuntu release reaches end of life. In addition, through direct partnerships with Dell, Lenovo and HP, Canonical works proactively to meet device-specific needs. We work closely to fix any issues during the certification process, ensuring that each device performs as expected.
Demonstrating compliance
What makes a compliant Linux laptop? This is decided by the compliance requirements of your organization and the legislation that governs where you operate. It suffices to say that it’s a non-starter if your laptop fails your compliance tests.
Certification is an important part of compliance. By using an OS that is supported on your specific laptop model, you reduce the risk of unexpected behaviors or processes that may give rise to vulnerabilities or exploits. Taking Ubuntu as an example, certification includes the testing of in-built security features like secure boot, to ensure they function as intended. This enables you to demonstrate that your chosen hardware-software combination is supported and secure.
In addition, Ubuntu long term support releases include security and patching for 5 years, with the option of extending this to 12 years with an Ubuntu Pro subscription and Legacy support add-on. This demonstrates the importance of selecting both the right distro and the right support model – it can make the difference between your laptop’s end of life and continued high performance.
Beyond certification
Certification is an important part of the procurement picture, but it’s important to also consider what the OS brings to the table outside of certification. Beyond keeping your laptops up and running, you’ll need an OS that helps you achieve your goals at scale, across a fleet of laptops. This section will focus on manageability, and use Ubuntu to illustrate the key points you should consider.
Support for modern enterprise applications
Your Linux laptops have the ultimate goal of performing to the standards your end users expect. Beyond your OS running smoothly with your hardware, at the application level you should be on the lookout for a mature ecosystem of applications that can run natively on your OS.
Linux offers the flexibility to onboard new apps via APIs, however you should aim for this to be the exception, rather than the rule. It’s simply not scalable for your administrators to spend time on onboarding and maintaining the core applications for a fleet of laptops with diverse needs. Additionally, non-native applications may not deliver the performance your end users expect.
By selecting an OS like Ubuntu, you gain access to an extensive ecosystem of over 36,000 toolchains and applications that span from productivity to coding, graphics and AI. Backed by both a community of users who are passionate about contributing to Ubuntu, and Canonical’s long-term security maintenance and support, end users gain access to an ecosystem that runs natively and is stable.
Compliance hardening tools
Auditing, hardening and maintaining Linux systems in order to conform to standards like CIS or DISA-STIG is a time consuming, but essential process. Choosing a distro that incorporates tools for compliance and hardening will reduce both time and errors in the process. A distro that commits to these tools is likely to be a reliable long-term choice.
Taking Ubuntu as an example, Canonical tests its long-term support release against standards such as FIPS-140, NIST, DISA-STIG and Common Criteria, and offers automated hardening tools for these standards and others, through an Ubuntu Pro subscription.
IT management and governance
Going beyond individual laptops, your laptop fleet as a whole needs to be manageable from a governance perspective. Manually managing large fleets of laptops is inefficient, but also dangerous. A report by Verizon estimates that sysadmins are responsible for around 11% of data breaches, usually due to misconfigurations. Even with the most secure hardware in the world, without the right approach your Linux laptops will be vulnerable.
Your chosen OS must provide you with both visibility, in order to audit the current state of your devices, and manageability, allowing you to manage access and roll out updates at scale without large amounts of manual effort.
For example, Ubuntu supports identity management protocols such as Entra ID (for Microsoft) and AuthD, the open standard supported by the vast majority of enterprise and consumer identity providers. Ubuntu can also be integrated with your chosen device management platform, or you can use Canonical Landscape.
Minimal attack surface
The best distros will build on the hardware security built into your Linux laptops through regular firmware patching, and ensure that the software layer is secure by adopting a zero trust approach. Overall, your distro should actively work to reduce the attack surface of your Linux laptop, rather than increase it.
Taking Ubuntu as an example, you would encounter a set of pre-configurations designed to reduce the attack surface of your laptops to the bare minimum, by ensuring that any access to your Linux laptops is granted on a “need to know” basis, rather than by default. This includes automatic security patching, password hashing, no open ports (important for physical security) and restrictions on unprivileged users.
Long-term support: where compliance and performance meet
Ultimately, your Linux laptop needs to last the distance, which means remaining supported and secure. If either of these two criteria stop being true, then it usually means you’ve reached the end-of-life. When does this occur?
You should aim for a laptop that can realistically outlast your desired lifespan in order to give yourself some breathing room.
This is where the value of long term support comes into play. You should investigate the support offered by both your hardware vendor and your software provider, in order to calculate an accurate estimate. Ubuntu LTS releases are maintained for 5 years as standard, with the option of expanded security maintenance taking the total to up to 12 years. This includes security patching and maintenance for over 36,000 packages, wherever Ubuntu LTS is running – including on any certified devices.
Find out more about where to find the best Ubuntu laptops by visiting our certification page.
Further reading
Talk to us today
Interested in running Ubuntu in your organisation?
Newsletter signup
Related posts
Canonical announces public beta of optimized Ubuntu image for Qualcomm IoT platforms
Today Canonical, the publisher of Ubuntu, and Qualcomm® Technologies announce the official beta launch of the very first optimized image of Ubuntu for...
Entra ID authentication on Ubuntu at scale with Landscape
Authd allows Entra ID authentication on both Ubuntu Desktop and Server. Learn how to configure Authd at scale using Landscape and Cloud-init
Profile-guided optimization: A case study
Software developers spend a huge amount of effort working on optimization – extracting more speed and better performance from their algorithms and programs....