ONTAP 9.16.1 adds more commands to the MAV framework for additional protection from malicious insiders. These enhancements include many Consistency Group (CG), VScan and Autonomous Ransomware Protection (ARP) management, and NVMe configuration commands.

ARP has been upgraded with new AI capabilities, allowing it to detect and respond to ransomware attacks with 99% precision and recall. Because the AI is trained on a comprehensive dataset, there is no longer a learning period for ARP running on FlexVol volumes and ARP/AI starts in active mode right away. ARP/AI also introduces an automatic update capability independent of an ONTAP upgrade to ensure constant protection and resilience against the latest threats.

Protect NVMe/TCP "over the wire" at the protocol layer with a simplified configuration and improved performance compared to IPSec.

ONTAP 9.16.1 offers higher "over-the-wire" encryption performance when utilizing the IPSec hardware offload functionality on offload cards introduced for all the new AFF A-series and AFF-C series systems platforms.

Space deallocation (also called "hole punching" and "unmap") is now supported for NVMe namespaces. Space dellocation helps thin-provisioned volumes and NVMe namespaces to reclaim unused space when data is deleted by the host application. This greatly improves overall storage efficiency, especially with filesystems that have high data turnover.

NetApp FlexGroup volumes can optionally stripe file data across multiple back-end constituent volumes, reducing performance bottlenecks, and adding consistency in balancing capacity across the backend constituent volumes.

ONTAP 9.15.1 supports the new high-performance AFF A1K, AFF A90, and AFF A70 systems, designed for the next generation of business workloads such as AI/ML training and inference. This new class of systems provides up to twice the performance of existing AFF A-series offerings and delivers "always on" improved storage efficiency without performance trade-offs.

Beginning with ONTAP 9.15.1, you also have the option of backing up the symlink itself instead of the data it points to. This can provide several benefits, including improved performance of your backup applications. You can enable the feature using the ONTAP CLI or REST API.

ONTAP 9.15.1 introduces an initial framework for dynamic authorization, a security feature that can determine whether a command issued by an administrator account should be denied, prompted for additional authentication, or allowed to proceed. Determinations are based on the user account's trust score, taking into account factors such as time of day, location, IP address, trusted device usage, and the user's authentication and authorization history.

ONTAP 9.15.1 RC1 adds over a hundred new commands to the MAV framework for additional protection from malicious insiders.

Protect data "over the wire" at the protocol layer with simplified configuration compared to other technologies such as IPSec and NFS Kerberos. This feature is included as public preview at this time. For more information about this capability, please contact your sales team for additional information.

ONTAP 9.15.1 introduces TLS 1.3 encryption support for S3 storage, FlexCache, SnapMirror and cluster peering encryption. Applications such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to use TLS 1.2 for the 9.15.1 release.

Securely transfer AutoSupport data over e-mail with TLS support.

This new capability provides synchronous bi-directional replication for business continuity and disaster recovery. Protect your data access for critical SAN workloads with simultaneous read and write access to data across multiple failure domains, enabling uninterrupted operations and minimizing downtime during disasters or system failures.

FlexCache writeback lets clients write locally to FlexCache volumes, reducing latency and improving performance compared to writing directly to the origin volume. The newly written data is asynchronously replicated back to the origin volume.

NFSv3 over RDMA support can help you address high-performance requirements by providing low-latency, high-bandwidth access over TCP.

ONTAP 9.14.1 introduces an immediate five percent increase in usable space on FAS and Cloud Volumes ONTAP systems by reducing the WAFL reserve on aggregates with 30 TB or more.

FabricPool offers an increase in read performance and enables direct writing to the cloud, lowering the risk of running out of space and reducing storage costs by moving cold data to a less expensive storage tier.

ONTAP supports the OAuth 2.0 framework, which can be configured using System Manager. With OAuth 2.0, you can provide secure access to ONTAP for automation frameworks without creating or exposing user IDs and passwords to plain text scripts and runbooks.

ARP grants you more control over event security, allowing you to adjust the conditions that create alerts and reducing the possibility for false positives.

System Manager provides a simple workflow to easily test disaster recovery at a remote location and to clean up after the test. This feature enables easier and more frequent testing and increased confidence in recovery time objectives.

ONTAP S3 supports the object-lock API command, enabling you to protect data written to ONTAP with S3 from deletion using standard S3 API commands and to ensure that important data is protected for the appropriate amount of time.

Add metadata tags to volumes and clusters, which follow the data as it moves from on-premises to the cloud and reverse.

Performance and capacity monitoring provides detailed for each consistency group, enabling you to quickly identify and report potential issues at the application level rather than just at the data object level.

Multi-tenant customers and service providers can set a capacity limit on each SVM, allowing tenants to perform self-service provisioning without the risk of one tenant over-consuming capacity on the cluster.

ONTAP 9.13.1 allows you to group objects such as volumes, LUNs, or files into groups and assign a QoS ceiling (maximum IOPs) or floor (minimum IOPs), improving application performance expectations.

With SnapLock technology, Snapshot copies can be protected from deletion on either the source or destination.

Retain more recovery points by protecting snapshots on primary and secondary storage from deletion by ransomware attackers or rogue administrators.

Immediately enable intelligent autonomous ransomware protection on secondary storage, based on the screening model already completed for the primary storage.

After a failover, instantly identify potential ransomware attacks on secondary storage. A Snapshot is immediately taken of the data that is starting to be affected, and administrators are notified, helping to stop an attack and enhance recovery.

One-click activation of ONTAP FPolicy to enable automatic blocking of known malicious files The simplified activation helps to protect against typical ransomware attacks that use common, known file extensions.

Tamperproof retention logging in ONTAP insuring compromised administrator accounts cannot hide malicious actions. Admin and user history cannot be altered or deleted without the systems knowledge.

Log and audit all admin actions regardless of origin guaranteeing all actions impacting data are captured. An alert is generated whenever system audit logs have been tampered with in any way notifying administrators of the change.

Multifactor authentication (MFA) for CLI (SSH) supports Yubikey physical hardware token devices ensuring that an attacker cannot access the ONTAP system using stolen credentials or a compromised client system. Cisco DUO is supported for MFA with System Manager.

File-object duality enables native S3 protocol read and write access to the same data source that already has NAS protocol access. You can concurrently access your storage as files or as objects from the same data source, eliminating the need for duplicate copies of data for use with different protocols (S3 or NAS), such as for analytics that use object data.

If FlexGroup constituents become unbalanced, FlexGroup can nondisruptively be rebalanced and managed from the CLI, REST API, and System Manager. For optimal performance, constituent members within a FlexGroup should have their used capacity evenly distributed.

WAFL Space Reservation has been significantly reduced, providing up to 400 TiB more usable capacity per aggregate.

Multi-admin verification (MAV) is an industry-first native approach to verification, requiring multiple approvals for sensitive administrative tasks such as deleting a Snapshot or volume. The approvals required in a MAV implementation prevent malicious attacks and accidental changes to data.

Autonomous Ransomware Protection (ARP) uses machine learning to detect ransomware threats with increased granularity, enabling you to identify threats quickly and accelerate recovery in the event of a breach.

Secure multi-petabyte datasets for workloads such as electronic design automation and media & entertainment by protecting the data with WORM file locking so it cannot be changed or deleted.

With ONTAP 9.11.1, file deletion occurs in the background of the ONTAP system, enabling you to easily delete large directories while eliminating performance and latency impacts on the host I/O.

Simplify and expand the object data management capabilities of S3 with ONTAP with additional API endpoints and object versioning at the bucket level, enabling multiple versions of an object to be stored in the same bucket.

System Manager supports advanced capabilities to optimize storage resources and improve audit management. These updates include enhanced abilities to manage and configure storage aggregates, enhanced visibility into system analytics, hardware visualization for FAS systems.

Autonomous Ransomware Protection automatically creates a Snapshot copy of your volume and alerts administrators when abnormal activity is detected, enabling you to quickly detect ransomware attacks and recover more quickly.

System Manager automatically download firmware updates for disks, shelves, service processors in addition to providing new integrations with Active IQ Digital Advisor (also known as Digital Advisor), BlueXP, and certificate management. These enhancements simplify administration and maintain business continuity.

File System Analytics provides additional telemetry to identify top files, directories, and users in your file share, enabling you to identify workload performance issues to improve resource planning and implementation of QoS.

Achieve high performance and reduce TCO for your enterprise SAN and modern workloads on AFF system when you use NVMe/TCP on your existing Ethernet network.

Use the NVMe/FC protocol on your hybrid arrays to enable uniform migration to NVMe.

Protect your ONTAP S3 data with your choice of object storage targets. Use SnapMirror replication to back up to on-premises storage with StorageGRID, to the cloud with Amazon S3, or to another ONTAP S3 bucket on NetApp AFF and FAS systems.

Ensure file consistency at cache locations during updates to source files at the origin with global file-locking using FlexCache. This enhancement enables exclusive file-read locks in an origin-to-cache relationship for workloads that require enhanced locking.

Support for SHA512 and SSH A512 password hashing protects administrator account credentials from malicious actors who are trying to gain system access.

The new limit is twice as large as the previous one, providing support for MetroCluster configurations and enabling continuous data availability.

Offers more replication options for backup and disaster recovery for large data containers for NAS workloads.

Delivers up to four-times higher SAN performance for single LUN applications such as VMware datastores so you can achieve high performance in your SAN environment.

Enables use of StorageGRID as a destination for NetApp Cloud Backup Service to simplify and automate the backup of your on-premises ONTAP data.