Skip to main content

ONTAP 9 release highlights

Contributors netapp-dbagwell netapp-aaron-holt netapp-sumathi netapp-ahibbard netapp-aherbin

Each release of the ONTAP 9 data management software delivers new and enhanced features that improve the capabilities, manageability, performance, and security offerings in ONTAP.

In addition to these highlights, you can find comprehensive, per-version coverage of all the new and enhanced features introduced in recent ONTAP releases.

For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.

To upgrade to the latest release of ONTAP, see Upgrade to the latest version of ONTAP and When should I upgrade ONTAP?

ONTAP 9.16.1 highlights

ONTAP 9.16.1 delivers new and enhanced features in the areas of security management, data protection, networking, SAN management, and storage management. For a complete list of new features and enhancements, see What's new in ONTAP 9.16.1.

  • Multi-admin verification (MAV) enhancements

    ONTAP 9.16.1 adds more commands to the MAV framework for additional protection from malicious insiders. These enhancements include many Consistency Group (CG), VScan and Autonomous Ransomware Protection (ARP) management, and NVMe configuration commands.

  • Autonomous Ransomware Protection with AI enhancements (ARP/AI)

    ARP has been upgraded with new AI capabilities, allowing it to detect and respond to ransomware attacks with 99% precision and recall. Because the AI is trained on a comprehensive dataset, there is no longer a learning period for ARP running on FlexVol volumes and ARP/AI starts in active mode right away. ARP/AI also introduces an automatic update capability independent of an ONTAP upgrade to ensure constant protection and resilience against the latest threats.

  • NVMe/TCP over TLS 1.3

    Protect NVMe/TCP "over the wire" at the protocol layer with a simplified configuration and improved performance compared to IPSec.

  • IPSec HW offload support for new network cards

    ONTAP 9.16.1 offers higher "over-the-wire" encryption performance when utilizing the IPSec hardware offload functionality on offload cards introduced for all the new AFF A-series and AFF-C series systems platforms.

  • Support for NVMe space deallocation

    Space deallocation (also called "hole punching" and "unmap") is now supported for NVMe namespaces. Space dellocation helps thin-provisioned volumes and NVMe namespaces to reclaim unused space when data is deleted by the host application. This greatly improves overall storage efficiency, especially with filesystems that have high data turnover.

  • Advanced capacity balancing for FlexGroup volumes

    NetApp FlexGroup volumes can optionally stripe file data across multiple back-end constituent volumes, reducing performance bottlenecks, and adding consistency in balancing capacity across the backend constituent volumes.

ONTAP 9.15.1 highlights

ONTAP 9.15.1 delivers new and enhanced features in the areas of security management, data protection, and NAS workload support. For a complete list of new features and enhancements, see What's new in ONTAP 9.15.1.

  • Support for new AFF A-series systems, storage built for AI

    ONTAP 9.15.1 supports the new high-performance AFF A1K, AFF A90, and AFF A70 systems, designed for the next generation of business workloads such as AI/ML training and inference. This new class of systems provides up to twice the performance of existing AFF A-series offerings and delivers "always on" improved storage efficiency without performance trade-offs.

  • Windows backup applications and Unix-style symlinks

    Beginning with ONTAP 9.15.1, you also have the option of backing up the symlink itself instead of the data it points to. This can provide several benefits, including improved performance of your backup applications. You can enable the feature using the ONTAP CLI or REST API.

  • Dynamic authorization

    ONTAP 9.15.1 introduces an initial framework for dynamic authorization, a security feature that can determine whether a command issued by an administrator account should be denied, prompted for additional authentication, or allowed to proceed. Determinations are based on the user account's trust score, taking into account factors such as time of day, location, IP address, trusted device usage, and the user's authentication and authorization history.

  • Expanded scope of impact for Multi-admin verification

    ONTAP 9.15.1 RC1 adds over a hundred new commands to the MAV framework for additional protection from malicious insiders.

  • NFS over TLS

    Protect data "over the wire" at the protocol layer with simplified configuration compared to other technologies such as IPSec and NFS Kerberos. This feature is included as public preview at this time. For more information about this capability, contact your sales team for additional information.

  • TLS 1.3 encryption support for cluster peering and more

    ONTAP 9.15.1 introduces TLS 1.3 encryption support for S3 storage, FlexCache, SnapMirror and cluster peering encryption. Applications such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to use TLS 1.2 for the 9.15.1 release.

  • Support for SMTP traffic over TLS

    Securely transfer AutoSupport data over e-mail with TLS support.

  • SnapMirror active sync for symmetric active/active configurations

    This new capability provides synchronous bi-directional replication for business continuity and disaster recovery. Protect your data access for critical SAN workloads with simultaneous read and write access to data across multiple failure domains, enabling uninterrupted operations and minimizing downtime during disasters or system failures.

  • FlexCache writeback

    FlexCache writeback lets clients write locally to FlexCache volumes, reducing latency and improving performance compared to writing directly to the origin volume. The newly written data is asynchronously replicated back to the origin volume.

  • NFSv3 over RDMA

    NFSv3 over RDMA support can help you address high-performance requirements by providing low-latency, high-bandwidth access over TCP.

ONTAP 9.14.1 highlights

ONTAP 9.14.1 delivers new and enhanced features in the areas of FabricPool, anti-ransomware protection, OAuth, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.14.1.

  • WAFL reservation reduction

    ONTAP 9.14.1 introduces an immediate five percent increase in usable space on FAS and Cloud Volumes ONTAP systems by reducing the WAFL reserve on aggregates with 30 TB or more.

  • FabricPool enhancements

    FabricPool offers an increase in read performance and enables direct writing to the cloud, lowering the risk of running out of space and reducing storage costs by moving cold data to a less expensive storage tier.

  • Support for OAuth 2.0

    ONTAP supports the OAuth 2.0 framework, which can be configured using System Manager. With OAuth 2.0, you can provide secure access to ONTAP for automation frameworks without creating or exposing user IDs and passwords to plain text scripts and runbooks.

  • Autonomous Ransomware Protection (ARP) enhancements

    ARP grants you more control over event security, allowing you to adjust the conditions that create alerts and reducing the possibility for false positives.

  • SnapMirror disaster recovery rehearsal in System Manager

    System Manager provides a simple workflow to easily test disaster recovery at a remote location and to clean up after the test. This feature enables easier and more frequent testing and increased confidence in recovery time objectives.

  • S3 object lock support

    ONTAP S3 supports the object-lock API command, enabling you to protect data written to ONTAP with S3 from deletion using standard S3 API commands and to ensure that important data is protected for the appropriate amount of time.

  • Cluster and volume tagging

    Add metadata tags to volumes and clusters, which follow the data as it moves from on-premises to the cloud and reverse.

ONTAP 9.13.1 highlights

ONTAP 9.13.1 delivers new and enhanced features in the areas of anti-ransomware protection, consistency groups, quality of service, tenant capacity management, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.13.1.

  • Autonomous Ransomware Protection (ARP) enhancements:

    • Automatic enablement

      With ONTAP 9.13.1, ARP automatically moves from training into production mode after it has sufficient learning data, eliminating the need for an administrator to enable it after the 30-day period.

    • Multi-admin verification support

      ARP disable commands are supported by multi-admin verification, ensuring that no single administrator can disable ARP to expose the data to potential ransomware attacks.

    • FlexGroup support

      ARP supports FlexGroups beginning with ONTAP 9.13.1. ARP can monitor and protect FlexGroups that span multiple volumes and nodes in the cluster, enabling even the largest datasets to be protected with ARP.

  • Performance and capacity monitoring for consistency groups in System Manager

    Performance and capacity monitoring provides detailed for each consistency group, enabling you to quickly identify and report potential issues at the application level rather than just at the data object level.

  • Tenant capacity management

    Multi-tenant customers and service providers can set a capacity limit on each SVM, allowing tenants to perform self-service provisioning without the risk of one tenant over-consuming capacity on the cluster.

  • Quality of Service ceilings and floors

    ONTAP 9.13.1 allows you to group objects such as volumes, LUNs, or files into groups and assign a QoS ceiling (maximum IOPs) or floor (minimum IOPs), improving application performance expectations.

ONTAP 9.12.1 highlights

ONTAP 9.12.1 delivers new and enhanced features in the areas of security hardening, retention, performance, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.12.1.

  • Tamper-proof Snapshots

    With SnapLock technology, Snapshot copies can be protected from deletion on either the source or destination.

    Retain more recovery points by protecting snapshots on primary and secondary storage from deletion by ransomware attackers or rogue administrators.

  • Autonomous Ransomware Protection (ARP) enhancements

    Immediately enable intelligent autonomous ransomware protection on secondary storage, based on the screening model already completed for the primary storage.

    After a failover, instantly identify potential ransomware attacks on secondary storage. A Snapshot is immediately taken of the data that is starting to be affected, and administrators are notified, helping to stop an attack and enhance recovery.

  • FPolicy

    One-click activation of ONTAP FPolicy to enable automatic blocking of known malicious files The simplified activation helps to protect against typical ransomware attacks that use common, known file extensions.

  • Security hardening: Tamper-proof retention logging

    Tamperproof retention logging in ONTAP insuring compromised administrator accounts cannot hide malicious actions. Admin and user history cannot be altered or deleted without the systems knowledge.

    Log and audit all admin actions regardless of origin guaranteeing all actions impacting data are captured. An alert is generated whenever system audit logs have been tampered with in any way notifying administrators of the change.

  • Security hardening: Expanded multifactor authentication

    Multifactor authentication (MFA) for CLI (SSH) supports Yubikey physical hardware token devices ensuring that an attacker cannot access the ONTAP system using stolen credentials or a compromised client system. Cisco DUO is supported for MFA with System Manager.

  • File-object duality (multi-protocol access)

    File-object duality enables native S3 protocol read and write access to the same data source that already has NAS protocol access. You can concurrently access your storage as files or as objects from the same data source, eliminating the need for duplicate copies of data for use with different protocols (S3 or NAS), such as for analytics that use object data.

  • FlexGroup rebalancing

    If FlexGroup constituents become unbalanced, FlexGroup can nondisruptively be rebalanced and managed from the CLI, REST API, and System Manager. For optimal performance, constituent members within a FlexGroup should have their used capacity evenly distributed.

  • Storage capacity enhancements

    WAFL Space Reservation has been significantly reduced, providing up to 400 TiB more usable capacity per aggregate.

ONTAP 9.11.1 highlights

ONTAP 9.11.1 delivers new and enhanced features in the areas of security, retention, performance, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.11.1.

  • Multi-admin verification

    Multi-admin verification (MAV) is an industry-first native approach to verification, requiring multiple approvals for sensitive administrative tasks such as deleting a Snapshot or volume. The approvals required in a MAV implementation prevent malicious attacks and accidental changes to data.

  • Enhancements to Autonomous Ransomware Protection

    Autonomous Ransomware Protection (ARP) uses machine learning to detect ransomware threats with increased granularity, enabling you to identify threats quickly and accelerate recovery in the event of a breach.

  • SnapLock Compliance for FlexGroup volumes

    Secure multi-petabyte datasets for workloads such as electronic design automation and media & entertainment by protecting the data with WORM file locking so it cannot be changed or deleted.

  • Asynchronous directory delete

    With ONTAP 9.11.1, file deletion occurs in the background of the ONTAP system, enabling you to easily delete large directories while eliminating performance and latency impacts on the host I/O.

  • S3 enhancements

    Simplify and expand the object data management capabilities of S3 with ONTAP with additional API endpoints and object versioning at the bucket level, enabling multiple versions of an object to be stored in the same bucket.

  • System Manager enhancements

    System Manager supports advanced capabilities to optimize storage resources and improve audit management. These updates include enhanced abilities to manage and configure storage aggregates, enhanced visibility into system analytics, hardware visualization for FAS systems.

ONTAP 9.10.1 highlights

ONTAP 9.10.1 delivers new and enhanced features in the areas of security hardening, performance analytics, NVMe protocol support, and object storage backup options. For a complete list of new features and enhancements, see What's new in ONTAP 9.10.1.

  • Autonomous Ransomware Protection

    Autonomous Ransomware Protection automatically creates a Snapshot copy of your volume and alerts administrators when abnormal activity is detected, enabling you to quickly detect ransomware attacks and recover more quickly.

  • System Manager enhancements

    System Manager automatically download firmware updates for disks, shelves, service processors in addition to providing new integrations with Active IQ Digital Advisor (also known as Digital Advisor), BlueXP, and certificate management. These enhancements simplify administration and maintain business continuity.

  • File System Analytics enhancements

    File System Analytics provides additional telemetry to identify top files, directories, and users in your file share, enabling you to identify workload performance issues to improve resource planning and implementation of QoS.

  • NVMe over TCP (NVMe/TCP) support for AFF systems

    Achieve high performance and reduce TCO for your enterprise SAN and modern workloads on AFF system when you use NVMe/TCP on your existing Ethernet network.

  • NVMe over Fibre Channel (NVMe/FC) support for NetApp FAS systems

    Use the NVMe/FC protocol on your hybrid arrays to enable uniform migration to NVMe.

  • Native hybrid cloud backup for object storage

    Protect your ONTAP S3 data with your choice of object storage targets. Use SnapMirror replication to back up to on-premises storage with StorageGRID, to the cloud with Amazon S3, or to another ONTAP S3 bucket on NetApp AFF and FAS systems.

  • Global file-locking with FlexCache

    Ensure file consistency at cache locations during updates to source files at the origin with global file-locking using FlexCache. This enhancement enables exclusive file-read locks in an origin-to-cache relationship for workloads that require enhanced locking.

ONTAP 9.9.1 highlights

ONTAP 9.91.1 delivers new and enhanced features in the areas of storage efficiency, multifactor authentication, disaster recovery, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.9.1.

  • Enhanced security for CLI remote access management

    Support for SHA512 and SSH A512 password hashing protects administrator account credentials from malicious actors who are trying to gain system access.

  • MetroCluster IP enhancements: support for 8-node clusters

    The new limit is twice as large as the previous one, providing support for MetroCluster configurations and enabling continuous data availability.

  • SnapMirror active sync

    Offers more replication options for backup and disaster recovery for large data containers for NAS workloads.

  • Increased SAN performance

    Delivers up to four-times higher SAN performance for single LUN applications such as VMware datastores so you can achieve high performance in your SAN environment.

  • New object storage option for hybrid cloud

    Enables use of StorageGRID as a destination for NetApp Cloud Backup Service to simplify and automate the backup of your on-premises ONTAP data.