Getting started with SMC Appliance maintenance

SMC Appliance patches can include improvements, enhancements, and upgrades for the SMC software, the operating system, and the appliance firmware.

The SMC Appliance patch (SAP) format is specific to the SMC Appliance. The SAP numbering is appended to the version number. Patch digests are calculated using an SHA-512 hash and signed with an ECDSA key.

There are two kinds of SMC Appliance patches:

  • Hotfix patches include improvements and enhancements for the current SMC Appliance version.

    Hotfix patch files use the letter P as a separator between the version number and the patch number. Example: 6.5.1P01

  • Upgrade patches upgrade the SMC Appliance to a new version.

    Upgrade patch files use the letter U as a separator between the version number and the patch number. Example: 6.5.1U01

When you install a patch, a configuration backup and a file system snapshot are automatically created for the SMC Appliance. The backup and snapshot allow you to roll back the SMC Appliance to its previous configuration if needed. If the patch activation fails, the appliance reverts to the snapshot automatically. The file system of the SMC Appliance has two partitions: an active partition and an alternative partition. Some patches update the alternative partition. You can toggle between the partitions to roll back the SMC Appliance upgrade.

Note: SMC Appliance patches apply only to the SMC Appliance hardware or to SMC Appliance software installed on a virtualization platform. SMC components installed on third-party platforms do not offer a patching and rollback feature that includes the SMC software, the operating system, and the appliance firmware.

You can patch and upgrade the SMC Appliance remotely using the Management Client or using the appliance maintenance and bug remediation (AMBR) patching utility on the command line.

Configuration overview

  1. Check for new SMC Appliance patches.

    There is no automatic notification when new SMC Appliance patches are available. We recommend checking for new SMC Appliance patches once a month.

  2. Obtain the patch files.
    • You can use the Management Client or the AMBR utility to automatically download patch files directly into the Management Client or onto the SMC Appliance.
    • In environments without Internet connectivity, you must manually download patch files, then import them into the Management Client or transfer them to the SMC Appliance.
  3. (If automatic license upgrades have been disabled) Upgrade the licenses.
  4. Upgrade any locally installed Management Clients by running the Security Management Center installer and any Web Start distributions that are on an external server.