What's new in Element 12.0

Element 12.0 introduces multi-factor authentication, session-based web UI logins, external key management (EKM) enhancements, faster upgrades, customizable protection domains, and contains stability and functionality improvements.

Element 12.0 firmware updates

Note: For H610S storage nodes that are running Element 11.7 or older, the upgrade to Element 12.0 requires a power disconnect process. If you are upgrading an Element 11.8 storage cluster to Element 12.0, the power disconnect process is not required.

See Upgrades overview for details on the software upgrade procedure and Knowledge Base article for information on the power disconnect process.

NetApp H610S storage node power off and on procedure

Contact NetApp Support for assistance before beginning the upgrade.

The following firmware updates for H610S storage node hardware components are included with this release:

Component Firmware version
NVDIMM Gen1 3.1
BMC 3.78.07
YafuFlash2 4.16.21

Multiple vCenter VASA support

VASA support for up to 10 vCenters is available as an upgrade patch if you have already registered a VASA provider with your vCenter. To install, follow the directions in the VASA39 manifest and download the .tar.gz file from the NetApp Software Downloads site.

Note: The NetApp Element VASA provider uses a NetApp certificate. With this patch, the certificate is used unmodified by vCenter to support multiple vCenters for VASA and VVols use. Do not modify the certificate. Custom SSL certificates are not supported by VASA.

Customizable Protection Domains

Beginning with Element 12.0, you can customize protection domain layouts to cover zones of storage nodes within a rack, or between multiple racks. This enables you to have more flexibility in data resiliency and to improve storage availability, especially in large scale installations. When you enable the feature, you must have at least 3 domains, and at least 2 storage nodes per domain.

The following are Element API methods related to Protection Domains (the Element API Reference Guide has more information):
  • SetProtectionDomainLayout
  • GetProtectionDomainLayout
  • ListAllNodes
  • ListActiveNodes
  • ListPendingNodes
  • AddDrives
  • ListProtectionDomainLevels
  • CheckProposedNodeAdditions
  • CheckProposedCluster

Faster upgrades

Element 12.0 brings decreases in upgrade times. Upgrades from Element 12.0 to future Element releases are significantly faster than upgrades from previous versions.

Enhanced external key management

Element 12.0 external key management (EKM) now supports the following key management services:
  • Gemalto SafeNet KeySecure
  • SafeNet AT KeySecure
  • HyTrust KeyControl
  • Vormetric Data Security Manager (new in Element 12)
  • IBM Security Key Lifecycle Manager (new in Element 12)

Learn more.

Multi-factor authentication

With multi-factor authentication (MFA) support, you can now integrate the Element web UI and the storage per-node web UI with your single sign-on (SSO) infrastructure.

MFA supports the following SAML 2.0-based identity providers (IdPs):
  • MS Active Directory Federation Services (ADFS) 2016
  • Shibboleth 3.4.4
The following are Element API methods related to MFA (the Element API Reference Guide has more information):
  • CreateIdpConfiguration
  • UpdateIdpConfiguration
  • DeleteIdpConfiguration
  • ListIdpConfigurations
  • EnableIdpAuthentication
  • DisableIdpAuthentication
  • ListProtectionDomainLevels
  • GetIdpAuthenticationState
  • ListCurrentClusterAdmins
  • DeleteAuthSession
  • DeleteAuthSessionsByClusterAdmin
  • DeleteAuthSessionsByUsername
  • ListActiveAuthSessions
  • ListAuthSessionsByClusterAdmin
  • ListAuthSessionsByUsername

New storage node terminal user interface (TUI)

The Element TUI is now restructured and features easier to use navigation and input fields.

New storage per-node web UI

The Element 12.0 storage per-node web UI now uses the look and feel of NetApp Hybrid Cloud Control. You can access this UI at https://<Node IP address>:442/hcc.

Security enhancements

Element 12.0 resolves many security vulnerabilities for storage nodes and the management node. Learn more about these security enhancements.

Session-based authentication

The Element API now supports token authentication and authorization, enabling you to log on to the Element web UI or individual storage per-node web UIs with either the local cluster admin credentials or LDAP-based cluster admin credentials. One browser login session token covers multiple web UI logins, so you can log in to the Element web UI and then log in to all individual storage per-node web UIs in that storage cluster and not have to re-authenticate with each one.

The following are Element API methods related to session-based authentication (the Element API Reference Guide has more information):
  • ListAuthSessionsByClusterAdmin
  • ListActiveAuthSessions
  • ListAuthSessionsByUsername