In this release, VMware workloads introduces the following enhancements:

VM consistency support per schedule tier: You can now enable VM-consistent and app-consistent backups for specific schedule tiers when configuring protection policies for VMware workloads. Yearly, monthly, and weekly tiers are supported.

For details about protecting VMware workloads, refer to Protect VMware workloads overview.

Ransomware Resilience now offers security orchestration, automation, and response (SOAR) playbooks for Microsoft Sentinel and Splunk. The playbooks enable easier threat response management, automating tasks testing and essential ransomware response efforts including creating snapshots and taking a volume offline.

For more information, see Integrate SOAR playbooks.

You can now manage proxy settings on the NetApp Console agent for Cloud Volumes ONTAP, even if you lose connection or the proxy is set up incorrectly. Previously, if the Console agent could not connect to Cloud Volumes ONTAP for 20 minutes, it overwrote your manual proxy settings with default settings. This caused communication failures, including issues with AutoSupport messages. To retain your proxy settings for existing systems, run the following API call:

PUT /occm/config

Include the following parameter in the request body:

The default mode is standard, which means the Console agent overwrites your proxy settings with defaults if it cannot connect to Cloud Volumes ONTAP for 20 minutes.

Configure modifiable NetApp Console parameters

The 4.5.0 release supports both standard mode and restricted mode.

This release of the Console agent includes security improvements and bug fixes as well as the following new feature.

You can validate that the required ports for the Console agent are open using configuration checks. You can perform configuration checks from the Console or the Agent maintenance console. Learn more about running configuration checks on the Console agent.

You can assign Keystone roles to partner users to allow those users to manage Keystone resources in a partner organization. Learn more about assigning Keystone roles to partner users.

In this release, ONTAP Volumes workloads introduces the following enhanced capabilities:

For details about protecting ONTAP Volume workloads, refer to Protect ONTAP Volume workloads overview.

In this release, VMware workloads introduces the following enhanced capabilities:

For details about protecting VMware workloads, refer to Protect VMware workloads overview.

To ensure reliability, Data Classification now validates available memory and disk resources across scanning, report generation, and actions. When memory usage exceeds 95% or disk space falls below 6 GB, Data Classification automatically pauses operations. Operations resume once resources are sufficient.

To monitor your system resources, see Monitor the health of Data Classification.

The copy and move functions are now supported for CIFS destinations. The per-file size limit for both actions has increased to 1 GB from the previous limit of 50 MB. The operation limits for both actions have increased to 1 TB or 5 million files.

For more information, see Copy, move, and delete data.

Changes to Active Directory (AD) integration settings in Data Classification are now restricted to administrators. Viewers no longer have the ability to modify AD settings.

For more information about the Classification viewer role, see Data service roles.

Data Classification has added Red Hat Enterprise Linux v9.7 for manual on-premises installation, including dark site deployments.

The following operating systems require using the Podman container engine, and they require Data Classification version 1.30 or greater: Red Hat Enterprise Linux version 8.8, 8.10, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6, and 9.7.

Data Classification now supports transparent proxy configurations, enabling smoother deployment in proxied or restricted network environments.

For more information about deploying in restricted environments, see Install NetApp Data Classification on a Linux host with no internet access.

When you create a replication plan in Disaster, you can now exclude specific datastores from replication. For situations where a VM is configure to use multiple datastore, this allows you to limit which ones are replicated.

For details, see Create a replication plan.

Disaster Recovery removed password restrictions on vCenter passwords to allow passwords that contain spaces.

For more information, see Add on-premises and Amazon EVS vCenter clusters in NetApp Disaster Recovery.

Disaster Recover now includes new menu options to trigger vCenter refreshes from the replication plan dashboard. You can access the submenu from the replication plan dashboard's action menu: select Plan Health then Refresh Source vCenter / Refresh Target vCenter.

For more information, see Modify a replication plan.

Disaster Recovery now includes improved network discovery to support a broader array of network configurations.

Ransomware Resilience now supports uploading a JSON list of users to exclude from user behavior activity alerts in addition to the existing UI and CSV-based options.

For more information, see Exclude users from alerts.

Ransomware Resilience has improved insights into user behavior by adding email alerts and including user behavior events in supported SIEM event data (AWS Security Hub, Microsoft Sentinel, and Splunk Cloud). These enhancements provide more accurate insights into your security and compliance monitoring.

For more information, see Connect NetApp Ransomware Resilience to a SIEM.

Three new columns, Hot data, Cold tier (%), and Hot tier (%), are added to the Volumes in clusters tab in Assets. To learn more, refer to View assets associated with a Keystone subscription and View assets across your Keystone subscriptions.

The accrued burst billing graph in the Consumption trend tab now displays invoiced, uninvoiced, and provisional burst usage. To learn more, refer to View accrued burst.

The Monitoring view includes the following updates:

To learn more, refer to View and manage alerts for Keystone subscriptions and View and create alert monitors for Keystone subscriptions.

NetApp Console now shows the Console agent status for FSx for ONTAP file systems in Workloads. The status indicates whether the agent is running and able to communicate with the FSx for ONTAP file system. This information can help you troubleshoot connectivity issues.

A new private mode release is now available to download from the NetApp Support Site

Cloud Volumes ONTAP 9.16.1 and later now support Google Cloud Infrastructure Manager (IM) instead of Cloud Deployment Manager (DM) for new private mode deployments in Google Cloud. Google will deprecate Deployment Manager as an infrastructure service in the near future for the more advanced Infrastructure Manager.

Beginning February 25, 2026, Cloud Volumes ONTAP uses Infrastructure Manager for new and existing private mode deployments. This table explains the basic workflows for you:

In private mode deployments, you need a few configuration changes for Cloud Volumes ONTAP to start using Infrastructure Manager. Refer to Infrastructure Manager configuration for private mode deployments.

KVM workload support is now generally available (GA) in NetApp Backup and Recovery.

For details about protecting KVM workloads, refer to Protect KVM workloads overview.

Kubernetes workload support is now generally available (GA) in NetApp Backup and Recovery. This release of Kubernetes workloads also introduces the following enhanced capabilities:

Reporting support: You can now generate protection activity reports for Kubernetes clusters and applications protected by NetApp Backup and Recovery.

For details about protecting Kubernetes workloads, refer to Protect Kubernetes workloads overview.

You can now deploy Cloud Volumes ONTAP 9.12.1 GA and later in single and multiple availability zones in Azure in the following regions. This includes support for both single-node and high-availability (HA) deployments.

For a list of all regions, refer to the Global Regions Map under Azure.

The 4.4.1 release supports both standard mode and restricted mode.

This release of the Console agent includes security improvements and bug fixes.

This release includes the following:

This release includes the following:

You can access a free trial of NetApp Data Infrastructure Insights from within NetApp Console. Go to Governance > Data Infrastructure Insights to sign up to explore insights and analytics about your data environment.

With 9.18.1, NetApp transitions new Cloud Volumes ONTAP deployments off N2 VMs to the next generation Google Cloud C3 series VMs for a faster and more scalable experience. You can now take advantage of C3 series VMs while deploying Cloud Volumes ONTAP 9.18.1 and later in Google Cloud. The C3 series machines offer improved performance and higher capacity limits by using Google Virtual NIC (gVNIC) and Hyperdisk Balanced disks that ensure dynamic performance for intensive workloads.

If your Cloud Volumes ONTAP system runs 9.18.1 or later, the preconfigured packages that you use for easy single node deployments automatically use C3 VMs, while enabling you to customize the IOPS and throughput parameters based on your workload needs. Similarly, while creating aggregates, you can add Hyperdisk Balanced disks to achieve better performance and scalability in Google Cloud. Additionally, you can select the LSSD variants of the C3 series machines for default Flash Cache support.

You can't change the disk type for C3 VMs when adding volumes to aggregates because C3 supports only Hyperdisk Balanced disks. Similarly, when replicating a system with N2 VM types to a C3 VM, the disk type is set by default to Hyperdisk Balanced.

Supported configurations for Cloud Volumes ONTAP in Google Cloud

Google documents: C3 machine series

Cloud Volumes ONTAP 9.18.1 and later deployments in Azure single and multiple availability zones support Azure Virtual Network (VNet) encryption as part of its layered security strategy to protect data in transit. Cloud Volumes ONTAP leverages Azure's native Datagram Transport Layer Security (DTLS) protocol to secure communication between ONTAP nodes, management interfaces, and other Azure services, preventing interception and unauthorized access. This network-level encryption complements ONTAP's built-in storage and data-at-rest protections to deliver end-to-end security of your data.

Networking for Azure VNet encryption

The Disaster Recovery UI has been refreshed to improve performance and user experience based on feedback.

The Disaster Recovery API Swagger documentation can now be accessed in a regular browser; incognito mode is no longer required. To access the API documentation, browse to the Disaster Recovery dashboard, select the top-right context menu then API Documentation to open the Swagger documentation. You can also bookmark the URL.

Ransomware Resilience now supports Azure NetApp Files systems, enabling you to efficiently detect and respond to ransomware threats in Azure NetApp Files. When you discover workloads, Ransomware Resilience now presents Azure NetApp Files and displays them in the protection dashboard. Ransomware Resilience support for Azure NetApp Files includes detection and protection strategies with snapshots only. Support for Azure NetApp Files is currently in preview.

For more information, see Learn about Ransomware Resilience.

Ransomware Resilience now enables you to exclude specific users from user behavior alerts. Excluding trusted users can prevent false positives and unnecessary alerts.

For more information, see link:For more information, see Exclude users from alerts.

Ransomware Resilience protection groups now support detection policies for suspicious user behavior detection. When you apply a ransomware protection strategy to a protection group, it applies a policy across workloads, streamlining management of your cybersecurity posture.

For more information, see Create a protection group.

NetApp Workload Factory now supports migration for storage VMs. This feature allows migration of ONTAP storage system data and configurations from on-premises ONTAP systems or first-generation FSx for ONTAP file systems to second-generation FSx for ONTAP file systems. You can replicate storage VM data and configuration settings to move to the new file system with minimal downtime and disruption to users and applications.

To use this feature, create a replication relationship and select Migration as the use case. To complete the migration process, you must cut over the storage VM and its replicated volumes immediately to permanently migrate data and storage VM configuration settings to the target FSx for ONTAP file system.

The Data Infrastructure Insights (DII) add-on consumption now displays in the Current consumption and Consumption trend tabs. To learn more, refer to View DII consumption.

Beginning with Cloud Volumes ONTAP 9.18.1, you can deploy Ebdsv5 and E104ids_v5 VMs for single-node and high-availability (HA) deployments and upgrades.

Ebdsv5 VMs within the Eb family of Azure virtual machines are optimized for higher remote storage performance. You can use these VMs for memory-intensive and I/O-heavy enterprise workloads, such as relational databases, in-memory analytics, and other demanding business-critical applications.

E104ids_v5 is an isolated VM instance that helps you better handle scheduled maintenance windows. Compared to E80ids_v4, it offers much higher disk throughput and IOPS, along with better overall network performance.

Supported configurations for Cloud Volumes ONTAP in Azure

Azure documentation: Edsv5 sizes series

The 4.4.0 release supports both standard mode and restricted mode.

This release of the Console agent includes security improvements and bug fixes.

This release includes the following:

You can associate Backup and Recovery workloads (Oracle and Microsoft SQL Server) with projects. After assigning to a project, users who are assigned a Backup and Recovery role for the project can work with the workloads. Other workloads are not supported with role-based access at this time.

Learn more about setting up role-based access for Backup and Recovery workloads.

Microsoft Hyper-V workload support is now generally available (GA) in NetApp Backup and Recovery.

VMware workload support is now generally available (GA) in NetApp Backup and Recovery.

This release of Kubernetes workloads introduces the following enhanced capabilities:

For details about protecting Kubernetes workloads, refer to Protect Kubernetes workloads overview.

This release of Oracle Database workloads introduces the following enhanced capabilities:

For details about protecting Oracle Database workloads, refer to Protect Oracle Database workloads overview.

This release of Data Classification includes bug fixes and the following updates:

You can now enable Amazon FSxN for ONTAP systems directly from the NetApp Console canvas, enabling you to more quickly launch Data Classification for your FSxN systems.

For more information about using Data Classification with Amazon FSxN for ONTAP, see Scan Amazon FSxN for ONTAP volumes.

When you're exporting an investigation report about directories from the Investigation dashboard, you can now include 10,000 rows. This increase from the previous limit of 5,000 rows supports larger-scale investigations of data governance and compliance.

For more information, see Investigate data.

When copying or moving files, you can now move files up to 250 MB, an increase from the previous limit of 50 MB.

For more information, see Copy, move, and delete data.

Data Classification has improved its display performance for low-resolution screens, enhancing the user experience.

Cloud Volumes ONTAP 9.16.1 and later now support Google Cloud Infrastructure Manager (IM) instead of Cloud Deployment Manager (DM) for new deployments in Google Cloud. Google will deprecate Deployment Manager as an infrastructure service in the near future for the more advanced Infrastructure Manager.

Beginning February 09, 2026, Cloud Volumes ONTAP uses Infrastructure Manager for new and existing deployments. This table explains a few workflows for you:

Now, deploy Cloud Volumes ONTAP to automatically use Infrastructure Manager or switch your existing deployments in Deployment Manager to Infrastructure Manager by running a conversion tool. The conversion is a one-time process, after which your systems will start using Infrastructure Manager. Refer to Configure existing Cloud Volumes ONTAP deployments for Google Cloud Infrastructure Manager for instructions on running the conversion tool.

Cloud Volumes ONTAP systems that use Infrastructure Manager use Google Cloud Storage buckets to store data and records in the zone of the first deployment to store deployment records, which are reused for subsequent deployments. You might incur extra costs for these buckets, but do not edit or delete the buckets or their content:

Data replication is now available between a Cloud Volumes ONTAP system and an FSx for ONTAP file system from the NetApp Console.

Replicate data

Digital Advisor now includes a Security Report that provides a unified view of ONTAP security risks across your storage environment. This report enables faster detection of misconfigurations, compliance gaps, and security issues across clusters, SVMs, and volumes, helping you maintain a secure storage infrastructure.

Upgrade Advisor now generates upgrade reports for clusters where nodes run different patch levels within the same ONTAP major release. This enhancement ensures that customers can proceed with upgrades seamlessly as long as the cluster is not mixed across major versions, providing greater flexibility in upgrade planning.

Upgrade Advisor now supports generating upgrade plans for ONTAP versions that have reached end of limited support, with a 9‑month grace period. This feature helps customers take timely action and avoid upgrade disruptions by providing clear guidance during the transition period.

The Accrued burst by days table in the Consumption trend tab now supports interactive filtering. Select any bar in the accrued burst billing graph to view only the days within that billing period. To learn more, refer to View daily accrued burst data usage.

The accrued burst billing graph in the Consumption trend tab now displays full date ranges for each billing period, such as Oct 01, 2025 to Oct 31, 2025, instead of only the month and year.

The Subscriptions tab includes an option to expand all subscriptions and view performance service levels information for each subscription simultaneously. To learn more, refer to View details about your Keystone subscriptions.

The Subscriptions tab includes a Usage type column that displays whether the subscription is billed based on provisioned, physical, or logical usage. To learn more, refer to View details about your Keystone subscriptions.

This release of ONTAP volume workloads introduces the following enhanced capability:

Support for multiple buckets: (Private preview) Beginning with ONTAP 9.17.1 and newer, you can now protect the volumes within a system with up to 6 buckets per system across different cloud providers.

Learn more about backing up ONTAP volume data using NetApp Backup and Recovery.

This release of VMware workloads introduces the following enhanced capabilities:

Learn more about restoring guest files and folders.

This release of Hyper-V workloads introduces the following enhanced capabilities:

Learn more about restoring Hyper-V VMs with NetApp Backup and Recovery.

The KVM workloads preview now protects KVM hosts and virtual machines that are managed by Apache CloudStack.

For details about protecting KVM workloads, refer to Protect KVM workloads overview.

Ransomware Resilience reports now capture information about supported and unsupported volumes in the Summary report. Use this information to diagnose why volumes in a system might be ineligible for ransomware protection.

For more information, see Download reports in Ransomware Resilience.

This release of Data Classification includes bug fixes and the following updates:

Data Classification now supports creating custom categories for your data. You can upload files to fine-tune an AI model that Data Classification uses to apply the category marker to data. The interface for all custom classifications has been improved.

For more information, see Create a custom classification.

Data Classification now allows you to customize the definition of stale data so it suits your organizational needs. Previously, stale data was defined as any data that was last modified three years ago. Now, stale data can be identified based on when it was last accessed or last modified; the time period can range from 6 months ago to 10 years ago.

For more information, see Customize the stale data definition.

Loading times for all pages in Data Classification, the data mapping report, and filters on the Investigation page have been shortened.

When you download an investigation report, Data Classification now displays the estimated time for the download to complete.

The 4.3.0 release supports both standard mode and restricted mode.

This release of the Console agent includes security improvements, bug fixes, and the following features:

You can now validate network connections of connected Console agents directly from the NetApp Console. This feature helps verify connectivity and troubleshoot issues with Console agents. This is in addition to the existing ability to run network diagnostics from the Console agent maintenance console command line interface (CLI).

Learn how to run configuration from NetApp Console.

This release includes the following:

NetApp Console supports assigning roles to federated groups (for example, Active Directory groups), allowing administrators to automate user onboarding and offboarding based on group membership in the organization's identity provider (IdP). This feature reduces administrative overhead, and ensures secure, consistent access by instantly updating Console access as group memberships change.

Learn how to provide access to a federated group to your organization.

You can now enable federation for a NetApp Console organization that is in restricted mode. This allows users to log in to the Console using their corporate credentials while maintaining the security benefits of restricted mode.

You can set a NetApp Console organization to read-only mode. In read-only mode, users can view resources and settings but cannot make any changes. An Org admin or Super admin can enable read-only mode for an organization. When read-only mode is enabled, users with administrative roles must manually elevate their permissions to make changes as needed.

Learn how to enable read-only mode for a Console organization.

Learn how to elevate your role when your organization is in read-only mode.

If you're using Disaster Recovery on-premises, you can now deploy a Console agent for each vCenter instance, improving resiliency.

For example, if you have two sites (Sites A and B), Site A can have Console agent A attached to vCenter 1, ONTAP deployment 1 and ONTAP deployment 2. Site B can have Console agent B attached to vCenter 2 and ONTAP deployments 3 and 4.

For information about the Console agent in Disaster Recovery, see Create the Console agent.

When failover is triggered, any replication plan using datastore-based protection includes VMs that have been added to the datastore, provided they have been discovered. You must provide mapping details for the added VMs before failover completes.

For more information, see Fail over applications.

Disaster Recovery now provides email notifications for the following events:

You can now access the Swagger documentation from within Disaster Recovery. In Disaster Recovery, select Settings then API documentation to link to the Swagger, or visit this URL in your browser's incognito/private mode: https://snapcenter.cloudmanager.cloud.netapp.com/api/api-doc/draas.

Disaster Recovery now provides improved warnings and error resolutions. This release fixes an error that prevented canceled jobs from displaying in the user interface. Canceled jobs are now visible. There's also a new warning when the same destination network is mapped to multiple different source networks.

When you create a replication, the new default is to retain the VM folder structure. If the recovery target does not have the original folder hierarchy, Disaster Recovery creates it. You can deselect this option to disregard the original folder hierarchy.

For more information, see Create a replication plan.

Ransomware Resilience now supports adding replication of snapshots to a secondary ONTAP site. With protection groups that use a replication policy, you can replicate to the same destination or different destinations for every workload. You can create a ransomware protection strategy that includes replication or use the predefined strategy.

For more information, see Protect workloads in Ransomware Resilience.

Ransomware Resilience now supports excluding specific workloads in a system from protection and the Ransomware Resilience dashboard. You can exclude workloads after discovery, and re-include them if you want to add ransomware protection. You aren't billed for excluded workloads.

For more information, see Exclude workloads.

Ransomware Resilience now allows you to mark alerts as "In review." Use the "In review" label to improve clarity across your team when triaging and managing active ransomware threats.

For more information, see Manage alerts in Ransomware Resilience.

You can now select a preferred billing option for calculating your Cloud Volumes ONTAP usage and overages. Since the limited availability of the Bring Your Own Licenses (BYOL) licensing model on June 25, 2025, NetApp has added preferred charging methods in the Licensing and Subscriptions section of the NetApp Console. You can use either your annual marketplace subscription for billing and overages or the existing BYOL model as the preferred option. This gives you the flexibility to choose the charging method that best fits your organization's financial strategy and usage patterns.

Billing preferences and overages.