Users Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Installation, Upgrade, and Downgrade Guide
- Contents
- About this guide
- Installing SmartFabric OS10
- Preparing for an upgrade
- Dell EMC SmartFabric OS10 certificate expiration and recommended action
- Supported upgrade paths—Full Switch mode deployments
- Supported upgrade paths—SFS mode in Dell EMC VxRail deployments
- Supported upgrade paths—Dell EMC PowerEdge MX deployments
- Platform-specific prerequisites
- Prerequisites for solution deployments
- Upgrading OS10 software
- Downgrading OS10 software
- Upgrade PCIe firmware from DIAG OS
- Upgrade PCIe firmware from OS10 hshell
- Links to ONIE Firmware Updater and DIAG OS Release Notes
- Frequently asked questions
Postupgrade certificate configurations
Switches running OS10 Release 10.5.0.7P3 and previous supported releases, that have VLT or SmartFabric Services enabled,
use secure channels to communicate with each other. To establish secure channels, OS10 uses X.509v3 certificates. If you have
installed custom certificates (self-signed or CA certificates), you must reinstall the custom certificates after upgrade.
NOTE: This procedure is applicable only if you have installed custom certificates, and are running OS10 release 10.4.3.0
or later. If you are running OS10 releases between 10.4.1.4 and 10.4.2.x, upgrade to a later release. This procedure is not
applicable if you are upgrading to one of the following releases:
● 10.4.3.7
● 10.5.0.9
● 10.5.1.9
● 10.5.2.6
Configuration notes
● From 10.5.1.0 release onwards, there is no need for X.509v3 certificate in a VLT domain if both the VLT peers are running
OS10 software version 10.5.1.0 or later. However, you still need the certificates during VLT upgrade from 10.4.3.x releases to
10.5.1.0 or later. The upgraded VLT device has to communicate with the other VLT peer in a domain until the other device is
also upgraded to 10.5.1.0 or later.
● If untrusted devices access management or data ports on an OS10 switch in your deployment, Dell Technologies
recommends that you replace the default X.509v3 certificate-key pair used for cluster applications. See the Dell EMC
SmartFabric OS10 Security Best Practices Guide for information about generating and installing certificates on OS10
switches.
After you upgrade OS10 to a new release, the certificate is present in the system. To reinstall the certificate, remove and readd
the cluster security profile using the following commands:
1. Remove the cluster security profile.
OS10(config)# no cluster security-profile
2. Add the cluster security profile again for the certificates to be reinstalled.
OS10(config)# cluster security-profile profile-name
30
Upgrading OS10 software