# Who is responsible for updating and patching the SGA?

- We do **not** modify customer SGA VMs. No OS or security patches are applied to manually or automatically deployed SGAs.
- Security updates and version updates are delivered by providing a **new SGA VM**, which the customer can deploy manually or through automation.
- The SGA does not include an internal patching mechanism. Upgrades are done through **node replacement**: add a new node via cPanel, then remove the older node.
- Customers using **Cloud PC Complete** or **DaaS + Admin Services** have SGA updates fully managed by Dizzion.
- using Cloud PC Complete or DaaS + Admin Services, then we handle all SGA upgrades for them.