ONTAP 9 release highlights
Each release of the ONTAP 9 data management software delivers new and enhanced features that improve the capabilities, manageability, performance, and security offerings in ONTAP.
In addition to these highlights, you can find comprehensive, per-version coverage of all the new and enhanced features introduced in recent ONTAP releases.
-
Learn about new and enhanced ONTAP MetroCluster features.
-
Learn about new and enhanced support for FAS, ASA, and AFF platforms and supported switches.
-
Learn about updates to the ONTAP REST API.
For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.
To upgrade to the latest release of ONTAP, see Upgrade to the latest version of ONTAP and When should I upgrade ONTAP?
ONTAP 9.16.1 highlights
ONTAP 9.16.1 delivers new and enhanced features in the areas of security management, data protection, networking, SAN management, and storage management. For a complete list of new features and enhancements, see What's new in ONTAP 9.16.1.
-
Multi-admin verification (MAV) enhancements
ONTAP 9.16.1 adds more commands to the MAV framework for additional protection from malicious insiders. These enhancements include many Consistency Group (CG), VScan and Autonomous Ransomware Protection (ARP) management, and NVMe configuration commands.
-
Autonomous Ransomware Protection with AI enhancements (ARP/AI)
ARP has been upgraded with new AI capabilities, allowing it to detect and respond to ransomware attacks with 99% precision and recall. Because the AI is trained on a comprehensive dataset, there is no longer a learning period for ARP running on FlexVol volumes and ARP/AI starts in active mode right away. ARP/AI also introduces an automatic update capability independent of an ONTAP upgrade to ensure constant protection and resilience against the latest threats.
-
NVMe/TCP over TLS 1.3
Protect NVMe/TCP "over the wire" at the protocol layer with a simplified configuration and improved performance compared to IPSec.
-
IPSec HW offload support for new network cards
ONTAP 9.16.1 offers higher "over-the-wire" encryption performance when utilizing the IPSec hardware offload functionality on offload cards introduced for all the new AFF A-series and AFF-C series systems platforms.
-
Support for NVMe space deallocation
Space deallocation (also called "hole punching" and "unmap") is now supported for NVMe namespaces. Space dellocation helps thin-provisioned volumes and NVMe namespaces to reclaim unused space when data is deleted by the host application. This greatly improves overall storage efficiency, especially with filesystems that have high data turnover.
-
Advanced capacity balancing for FlexGroup volumes
NetApp FlexGroup volumes can optionally stripe file data across multiple back-end constituent volumes, reducing performance bottlenecks, and adding consistency in balancing capacity across the backend constituent volumes.
ONTAP 9.15.1 highlights
ONTAP 9.15.1 delivers new and enhanced features in the areas of security management, data protection, and NAS workload support. For a complete list of new features and enhancements, see What's new in ONTAP 9.15.1.
-
Support for new AFF A-series systems, storage built for AI
ONTAP 9.15.1 supports the new high-performance AFF A1K, AFF A90, and AFF A70 systems, designed for the next generation of business workloads such as AI/ML training and inference. This new class of systems provides up to twice the performance of existing AFF A-series offerings and delivers "always on" improved storage efficiency without performance trade-offs.
-
Windows backup applications and Unix-style symlinks
Beginning with ONTAP 9.15.1, you also have the option of backing up the symlink itself instead of the data it points to. This can provide several benefits, including improved performance of your backup applications. You can enable the feature using the ONTAP CLI or REST API.
-
ONTAP 9.15.1 introduces an initial framework for dynamic authorization, a security feature that can determine whether a command issued by an administrator account should be denied, prompted for additional authentication, or allowed to proceed. Determinations are based on the user account's trust score, taking into account factors such as time of day, location, IP address, trusted device usage, and the user's authentication and authorization history.
-
Expanded scope of impact for Multi-admin verification
ONTAP 9.15.1 RC1 adds over a hundred new commands to the MAV framework for additional protection from malicious insiders.
-
Protect data "over the wire" at the protocol layer with simplified configuration compared to other technologies such as IPSec and NFS Kerberos. This feature is included as public preview at this time. For more information about this capability, contact your sales team for additional information.
-
TLS 1.3 encryption support for cluster peering and more
ONTAP 9.15.1 introduces TLS 1.3 encryption support for S3 storage, FlexCache, SnapMirror and cluster peering encryption. Applications such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to use TLS 1.2 for the 9.15.1 release.
-
Support for SMTP traffic over TLS
Securely transfer AutoSupport data over e-mail with TLS support.
-
SnapMirror active sync for symmetric active/active configurations
This new capability provides synchronous bi-directional replication for business continuity and disaster recovery. Protect your data access for critical SAN workloads with simultaneous read and write access to data across multiple failure domains, enabling uninterrupted operations and minimizing downtime during disasters or system failures.
-
FlexCache writeback lets clients write locally to FlexCache volumes, reducing latency and improving performance compared to writing directly to the origin volume. The newly written data is asynchronously replicated back to the origin volume.
-
NFSv3 over RDMA support can help you address high-performance requirements by providing low-latency, high-bandwidth access over TCP.
ONTAP 9.14.1 highlights
ONTAP 9.14.1 delivers new and enhanced features in the areas of FabricPool, anti-ransomware protection, OAuth, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.14.1.
-
ONTAP 9.14.1 introduces an immediate five percent increase in usable space on FAS and Cloud Volumes ONTAP systems by reducing the WAFL reserve on aggregates with 30 TB or more.
-
FabricPool offers an increase in read performance and enables direct writing to the cloud, lowering the risk of running out of space and reducing storage costs by moving cold data to a less expensive storage tier.
-
ONTAP supports the OAuth 2.0 framework, which can be configured using System Manager. With OAuth 2.0, you can provide secure access to ONTAP for automation frameworks without creating or exposing user IDs and passwords to plain text scripts and runbooks.
-
Autonomous Ransomware Protection (ARP) enhancements
ARP grants you more control over event security, allowing you to adjust the conditions that create alerts and reducing the possibility for false positives.
-
SnapMirror disaster recovery rehearsal in System Manager
System Manager provides a simple workflow to easily test disaster recovery at a remote location and to clean up after the test. This feature enables easier and more frequent testing and increased confidence in recovery time objectives.
-
ONTAP S3 supports the object-lock API command, enabling you to protect data written to ONTAP with S3 from deletion using standard S3 API commands and to ensure that important data is protected for the appropriate amount of time.
-
Add metadata tags to volumes and clusters, which follow the data as it moves from on-premises to the cloud and reverse.
ONTAP 9.13.1 highlights
ONTAP 9.13.1 delivers new and enhanced features in the areas of anti-ransomware protection, consistency groups, quality of service, tenant capacity management, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.13.1.
-
Autonomous Ransomware Protection (ARP) enhancements:
-
With ONTAP 9.13.1, ARP automatically moves from training into production mode after it has sufficient learning data, eliminating the need for an administrator to enable it after the 30-day period.
-
Multi-admin verification support
ARP disable commands are supported by multi-admin verification, ensuring that no single administrator can disable ARP to expose the data to potential ransomware attacks.
-
ARP supports FlexGroups beginning with ONTAP 9.13.1. ARP can monitor and protect FlexGroups that span multiple volumes and nodes in the cluster, enabling even the largest datasets to be protected with ARP.
-
-
Performance and capacity monitoring for consistency groups in System Manager
Performance and capacity monitoring provides detailed for each consistency group, enabling you to quickly identify and report potential issues at the application level rather than just at the data object level.
-
Multi-tenant customers and service providers can set a capacity limit on each SVM, allowing tenants to perform self-service provisioning without the risk of one tenant over-consuming capacity on the cluster.
-
Quality of Service ceilings and floors
ONTAP 9.13.1 allows you to group objects such as volumes, LUNs, or files into groups and assign a QoS ceiling (maximum IOPs) or floor (minimum IOPs), improving application performance expectations.
ONTAP 9.12.1 highlights
ONTAP 9.12.1 delivers new and enhanced features in the areas of security hardening, retention, performance, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.12.1.
-
With SnapLock technology, Snapshot copies can be protected from deletion on either the source or destination.
Retain more recovery points by protecting snapshots on primary and secondary storage from deletion by ransomware attackers or rogue administrators.
-
Autonomous Ransomware Protection (ARP) enhancements
Immediately enable intelligent autonomous ransomware protection on secondary storage, based on the screening model already completed for the primary storage.
After a failover, instantly identify potential ransomware attacks on secondary storage. A Snapshot is immediately taken of the data that is starting to be affected, and administrators are notified, helping to stop an attack and enhance recovery.
-
One-click activation of ONTAP FPolicy to enable automatic blocking of known malicious files The simplified activation helps to protect against typical ransomware attacks that use common, known file extensions.
-
Security hardening: Tamper-proof retention logging
Tamperproof retention logging in ONTAP insuring compromised administrator accounts cannot hide malicious actions. Admin and user history cannot be altered or deleted without the systems knowledge.
Log and audit all admin actions regardless of origin guaranteeing all actions impacting data are captured. An alert is generated whenever system audit logs have been tampered with in any way notifying administrators of the change.
-
Security hardening: Expanded multifactor authentication
Multifactor authentication (MFA) for CLI (SSH) supports Yubikey physical hardware token devices ensuring that an attacker cannot access the ONTAP system using stolen credentials or a compromised client system. Cisco DUO is supported for MFA with System Manager.
-
File-object duality (multi-protocol access)
File-object duality enables native S3 protocol read and write access to the same data source that already has NAS protocol access. You can concurrently access your storage as files or as objects from the same data source, eliminating the need for duplicate copies of data for use with different protocols (S3 or NAS), such as for analytics that use object data.
-
If FlexGroup constituents become unbalanced, FlexGroup can nondisruptively be rebalanced and managed from the CLI, REST API, and System Manager. For optimal performance, constituent members within a FlexGroup should have their used capacity evenly distributed.
-
Storage capacity enhancements
WAFL Space Reservation has been significantly reduced, providing up to 400 TiB more usable capacity per aggregate.
ONTAP 9.11.1 highlights
ONTAP 9.11.1 delivers new and enhanced features in the areas of security, retention, performance, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.11.1.
-
Multi-admin verification (MAV) is an industry-first native approach to verification, requiring multiple approvals for sensitive administrative tasks such as deleting a Snapshot or volume. The approvals required in a MAV implementation prevent malicious attacks and accidental changes to data.
-
Enhancements to Autonomous Ransomware Protection
Autonomous Ransomware Protection (ARP) uses machine learning to detect ransomware threats with increased granularity, enabling you to identify threats quickly and accelerate recovery in the event of a breach.
-
SnapLock Compliance for FlexGroup volumes
Secure multi-petabyte datasets for workloads such as electronic design automation and media & entertainment by protecting the data with WORM file locking so it cannot be changed or deleted.
-
With ONTAP 9.11.1, file deletion occurs in the background of the ONTAP system, enabling you to easily delete large directories while eliminating performance and latency impacts on the host I/O.
-
Simplify and expand the object data management capabilities of S3 with ONTAP with additional API endpoints and object versioning at the bucket level, enabling multiple versions of an object to be stored in the same bucket.
-
System Manager enhancements
System Manager supports advanced capabilities to optimize storage resources and improve audit management. These updates include enhanced abilities to manage and configure storage aggregates, enhanced visibility into system analytics, hardware visualization for FAS systems.
ONTAP 9.10.1 highlights
ONTAP 9.10.1 delivers new and enhanced features in the areas of security hardening, performance analytics, NVMe protocol support, and object storage backup options. For a complete list of new features and enhancements, see What's new in ONTAP 9.10.1.
-
Autonomous Ransomware Protection
Autonomous Ransomware Protection automatically creates a Snapshot copy of your volume and alerts administrators when abnormal activity is detected, enabling you to quickly detect ransomware attacks and recover more quickly.
-
System Manager enhancements
System Manager automatically download firmware updates for disks, shelves, service processors in addition to providing new integrations with Active IQ Digital Advisor (also known as Digital Advisor), BlueXP, and certificate management. These enhancements simplify administration and maintain business continuity.
-
File System Analytics enhancements
File System Analytics provides additional telemetry to identify top files, directories, and users in your file share, enabling you to identify workload performance issues to improve resource planning and implementation of QoS.
-
NVMe over TCP (NVMe/TCP) support for AFF systems
Achieve high performance and reduce TCO for your enterprise SAN and modern workloads on AFF system when you use NVMe/TCP on your existing Ethernet network.
-
NVMe over Fibre Channel (NVMe/FC) support for NetApp FAS systems
Use the NVMe/FC protocol on your hybrid arrays to enable uniform migration to NVMe.
-
Native hybrid cloud backup for object storage
Protect your ONTAP S3 data with your choice of object storage targets. Use SnapMirror replication to back up to on-premises storage with StorageGRID, to the cloud with Amazon S3, or to another ONTAP S3 bucket on NetApp AFF and FAS systems.
-
Global file-locking with FlexCache
Ensure file consistency at cache locations during updates to source files at the origin with global file-locking using FlexCache. This enhancement enables exclusive file-read locks in an origin-to-cache relationship for workloads that require enhanced locking.
ONTAP 9.9.1 highlights
ONTAP 9.91.1 delivers new and enhanced features in the areas of storage efficiency, multifactor authentication, disaster recovery, and more. For a complete list of new features and enhancements, see What's new in ONTAP 9.9.1.
-
Enhanced security for CLI remote access management
Support for SHA512 and SSH A512 password hashing protects administrator account credentials from malicious actors who are trying to gain system access.
-
MetroCluster IP enhancements: support for 8-node clusters
The new limit is twice as large as the previous one, providing support for MetroCluster configurations and enabling continuous data availability.
-
Offers more replication options for backup and disaster recovery for large data containers for NAS workloads.
-
Delivers up to four-times higher SAN performance for single LUN applications such as VMware datastores so you can achieve high performance in your SAN environment.
-
New object storage option for hybrid cloud
Enables use of StorageGRID as a destination for NetApp Cloud Backup Service to simplify and automate the backup of your on-premises ONTAP data.