Hello, The documentation page you point to is concerned with enabling the external CLI, if not enabled. This requires a reboot, and as in any other case where a reboot is requirement, it makes sense to put the node in maintenance mode prior to this activity to avoid killing active user sessions with the reboot. However, you seem to be concerned about updates to the remote CLI and your Java version, which is completely different. In that case you would have the external CLI enabled already and no action is required on the PAM server side. The remote CLI is not a service and consists of a jar file and a script. You can update those at any time. The remote CLI does not include a private JRE, but uses a public JRE that you install. You can update that JRE any time. As stated in the documentation page, we recommend to use the lastest JRE 8 version.