There are two major security features that have been introduced with ONTAP 9.14.1. Open Authorization (OAuth 2.0) is a token-based framework that can be used to restrict access to your ONTAP storage resources. You can use it with clients that access ONTAP through the REST API. Configuration can be performed with any of the ONTAP administrative interfaces including the REST API. The ONTAP 9.14.1 release also includes support for Cisco Duo which provides two-factor authentication for SSH logins. You can configure Duo to operate at the ONTAP cluster or SVM level. In addition to these two new features, several endpoints have been added to improve control over your key stores.

FPolicy provides a platform for ONTAP policy management. It provides a container for the various components or elements, such as events and the policy engine. You can now use the REST API to configure and administer a persistent store for the ONTAP FPolicy configuration and events. Each SVM can have one persistent store which is shared for the multiple policies within the SVM.

Two endpoints have been introduced to allow you to retrieve and set QOS options for the cluster. For example, you can reserve a percentage of available system processing resources for background tasks.

ONTAP maintains statistical information about the operational characteristics of the system. This information is presented in a database format consisting of tables and rows. With ONTAP 9.14.1, additional metrics data is added in several resources categories, including Fibre Channel, iSCSI, LUNs, and NVME. This additional metrics data continues to bring the ONTAP REST API closer to parity with the Data ONTAP API (ONTAPI or ZAPI).

There are several additional enhancements which can be helpful depending on your environment. These new endpoints improve access to the SAN initiators and control of the host cache settings as well as enable access to individual AutoSupport messages.

You can use tags to group REST API resources. You might do this to associate related resources within a specific project or organizational group. Using tags can help to organize and track resources more effectively.

ONTAP 9.13.1 continues to expand the availability of performance counter data. You can now access this type of statistical information to track historical performance and capacity for consistency groups. In addition, enhancements have been included that allow the parent-child relationships among consistency groups to be configured and managed.

The existing DNS endpoints have been expanded to allow DNS domain and server configuration to be performed for individual SVMs.

The existing EMS support feature has been expanded to allow for the management of roles and the access control configuration assigned to the roles. This provides the ability to limit or filter the events and messages based on the role configuration.

You can use the REST API to configure the time-based one-time password (TOTP) profiles for accounts that sign in and access ONTAP using SSH. In addition, the key manager endpoints have been expanded to provide a restore operation from a specified key management server.

The existing CIFS endpoints have been expanded to allow the configuration for a specific SVM to be updated.

The existing S3 bucket endpoints have been expanded to include a rule definition. Each rule is a list objects and defines the set of actions to be performed on an object within the bucket. Collectively these rules allow you to better manage the lifecycle of your S3 buckets.

Amazon Web Services includes a key management service that provides secure storage for keys and other secrets. You can access this service through the REST API to allow ONTAP to securely store its encryption keys in the cloud. In addition, you can create and list the authentication keys used with NetApp Storage Encryption.

You can manage the Active Directory accounts defined for an ONTAP cluster. This includes creating new accounts as well as displaying, updating, and deleting accounts.

The REST API has been enhanced to support the creation and management of CIFS group policies. The configuration information is available and administered through group policy objects that are applied to all or specific SVMs.

The ONTAP role-based access control (RBAC) capability has been enhanced to provide additional granularity. You can use the traditional roles or create new custom roles as needed through the REST API. Every role is associated with one or more privileges, each of which identifies a REST API call or CLI command along with the access level. New access levels are available for REST roles, such as read_create and read_modify. This enhancement provides parity with the Data ONTAP API (ONTAPI or ZAPI) and supports customer migration to the REST API. See RBAC security for more information.

Previous ONTAP releases have maintained statistical information about the operational characteristics of the system. With the 9.11.1 release, this information has been enhanced and is now available through the REST API. An administrator or automated process can access the data to determine system performance. The statistical information, as maintained by the counter manager subsystem, is presented in a database format using tables and rows. This enhancement brings the ONTAP REST API closer to parity with the Data ONTAP API (ONTAPI or ZAPI).

The management of ONTAP storage aggregates has been enhanced. You can use the updated REST endpoints to move aggregates online and offline as well as manage the spares.

The ONTAP networking capability has been expanded to include support for IP subnets. The REST API provides access to the configuration and management of the IP subnets within an ONTAP cluster.

The multiple administrator verification feature provides a flexible authorization framework for protecting access to ONTAP commands or operations. You can define rules that identify the restricted commands. When a user requests access to a specific command, approval can be granted by multiple ONTAP administrators as appropriate.

The SnapMirror capability has been enhanced in several areas including scheduling. The SnapVault relationship parity has been added in a DP relationship with ONTAP 9.11.1 Also, the throttle feature available with the REST API has reached parity with the Data ONTAP API (ONTAPI or ZAPI). Related to this, support is available to create and manage bulk snapshot copies.

Several endpoints have been added to provide access to the ONTAP storage pools. Support is included for creating and listing the storage pools in a cluster as well as updating and deleting specific pools by ID.

ONTAP name services has been enhanced to support caching which improves performance and resiliency. Configuration of the name services cache can now be accessed through the REST API. Settings can be applied at multiple levels including: hosts, unix-users, unix-groups, and netgroups.

The ONTAPI reporting tool helps customers and partners identify the ONTAPI usage in their environment. In addition to the Python software, there is also a video and evolving support in the NetApp Lab on Demand. This tool provides another resource when migrating from ONTAPI to the ONTAP REST API.

A consistency group is a set of volumes that are grouped together when performing certain operations such as a snapshot. This feature extends the same crash consistency and data integrity implicit with single-volume operations across a set of volumes. It is valuable for large multi-volume workload applications.

You can migrate an SVM from a source cluster to a destination cluster. The new endpoints provide complete control, including the ability to pause, resume, retrieve status, and abort a migration operation.

Volume-level file cloning and management have been enhanced. New REST endpoints support file move, copy, and split operations.

Auditing of the S3 events is a security improvement allowing you to track and log certain S3 events. An S3 audit event selector can be set on a per SVM per bucket basis.

ONTAP detects files potentially containing a ransomware threat. You can retrieve a list of these suspect files as well as remove them from a volume.

There are several general security enhancements that expand existing protocols and introduce new capabilities. Improvements have been made to IPSEC, key management, SSH configuration, and file permissions.

Support for CIFS domains has been added at the cluster and SVM level. You can retrieve the domain configuration as well as create and remove preferred domain controllers.

Volume analytics and metrics have been expanded through additional endpoints to support top files, directories, and users.

Support has been enhanced through several new features. Automatic update can keep your ONTAP systems current by downloading and applying the latest software updates. You can also retrieve and manage the memory core dumps generated by a node.

To help you transition your ONTAP automation code to the REST API, NetApp provides API mapping documentation. This reference includes a list of ONTAPI calls and the REST API equivalent for each. The mapping document has been updated to include the new ONTAP 9.9.1 API end points. See ONTAPI to REST API mapping for more information.

Support for new ONTAP 9.9.1 features that are not available through the ONTAPI API has been added to the REST API. This includes support for nested igroups and Google Cloud Key Management Services.

More of the legacy ONTAPI calls now have corresponding REST API equivalents. This includes local Unix users and groups, management of NTFS file security without the need for a client, SAN port sets, and volume space attributes. These changes are also included in the updated ONTAPI to REST mapping documentation.

The ONTAP online documentation reference page now includes labels indicating the ONTAP release when each REST endpoint or parameter was introduced, including those new with ONTAP 9.9.1.

To help you update your ONTAPI automation, NetApp provides a list of ONTAPI calls that require one or more input parameters, along with a mapping of those calls to the equivalent ONTAP 9 REST API call. See ONTAPI to REST API mapping for more information.

Support for the new core ONTAP 9.8 features not available through ONTAPI has been added to the REST API. This includes REST API support for ONTAP S3 buckets and services, SnapMirror Business Continuity, and File System Analytics.

Security has been enhanced through the support of several services and protocols, including Azure Key Vault, Google Cloud Key Management Services, IPSec, and Certificate Signing Requests.

ONTAP 9.8 delivers more efficient and modern workflows using the REST API. For example, oneclick firmware updates are now available for several different types of firmware.

The ONTAP online documentation page now includes labels indicating the ONTAP release that each REST endpoint or parameter was introduced, including those new in 9.8.

More legacy ONTAPI calls now have corresponding REST API equivalents. Documentation is also available to help identify which REST endpoint should be used in place of an existing ONTAPI call.

Performance metrics for the REST API have been expanded to include several new storage and network objects.