Other major additions
In addition to the System Manager enhancements, SAN enhancements, and data protection enhancements, there are a few other big additions to ONTAP 9.9.1.
Logical space accounting/enforcement – FlexGroup volumes
Logical space accounting was introduced for FlexVol volumes in ONTAP 9.4. It enables storage administrators to mask storage efficiency savings so that end users avoid overallocating their designated storage quotas.
For example, if a user writes 6TB to a 10TB volume and storage efficiencies save 2TB, logical space accounting can control whether the user sees 6TB or 4TB.
ONTAP 9.5 enhanced this feature and added quota enforcement support for FlexVols to give more control to storage administrators by preventing new writes according to the logical space thresholds set. However, FlexGroup volumes were missing this functionality until ONTAP 9.9.1.
ONTAP S3 user-defined metadata tags
ONTAP 9.8 introduced support for the S3 protocol for basic object storage functionality.
Support for S3 in ONTAP 9.8 included the following:
Basic PUT/GET object access (does not include access to both S3 and NAS from the same bucket)
No object tagging or ILM support; for feature-rich, globally dispersed S3, use NetApp StorageGRID.
TLS 1.2 encryption
Multiple buckets per volume
Bucket access policies
S3 as a NetApp FabricPool target
ONTAP 9.9.1 and later offers support for metadata tagging of objects when using ObjectCreate and MultiPartUpload calls. When HEAD or GET is performed on an object, the user-defined metadata and count of the number of tags is returned as part of the HTTP header in the response. These tags allow you to better categorize your objects within ONTAP buckets for more robust data management and are compatible with applications that require the ability to create metadata and tags.
For more information, see the following resources:
NFSv4.2 security labels
ONTAP 9.9.1 introduces support for the NFSv4.2 feature called Labeled NFS, which is a way to manage granular file and folder access by using SELinux labels and Mandatory Access Control (MAC). These MAC labels are stored with files and folders and works in conjunction with UNIX permissions and NFSv4.x ACLs. Support for labeled NFS means that ONTAP now recognizes and understands the NFS client’s SELinux label settings. Labeled NFS is covered in RFC-7204.
Use cases include the following:
MAC labeling of virtual machine images
Data security classification for the public sector (secret, top secret, and so on)
In this release, ONTAP supports the following enforcement modes:
ONTAP does not currently support Full Mode (storing and enforcing MAC labels).