What's new in ONTAP 9.14.1
Suggest changes
PDFs
Learn about the new capabilities available in ONTAP 9.14.1.
For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.
Learn about new and enhanced ONTAP MetroCluster features.
Learn about new and enhanced support for FAS, ASA, and AFF platforms and supported switches.
Learn about updates to the ONTAP REST API.
To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.
Data protection
| Update | Description |
|---|---|
SVM root volumes can be encrypted using unique keys with NetApp Volume Encryption. |
|
Ability to set Snapshot copy locking on long-term retention Snapshot copies and to reinitialize the Compliance Clock |
On clusters with a SnapLock license, tamperproof Snapshot copy locking for Snapshot copies with long-term retention can be set for Snapshot copies created on non-SnapLock SnapMirror destination volumes and the Compliance Clock can be initialized when no SnapLock volumes are present. |
SnapMirror active sync supports SCIS3 persistent reservations and Windows Failover Clustering |
SCSI3 persistent reservations and Window Failover Clustering for SnapMirror active sync supports multiple nodes accessing a device while at the same time blocking access to other nodes, ensuring clustering for different application environments stays consistent and stable. |
You can utilize consistency groups to replicate Asynchronous SnapMirror Snapshots and volume-granular Snapshots to the destination consistency groups for an extra layer of disaster recovery. |
|
SVMs configured for SVM disaster recovery can replicate consistency group information to the secondary site if the SVM contains a consistency group. |
|
The number of SnapMirror asynchronous fanout targets supported on A700 and higher systems increases from 16 to 20 when using ONTAP 9.14.1. |
|
Beginning with ONTAP 9.14.0, FlexCache supports creating an unencrypted FlexCache volume from an encrypted source. In earlier ONTAP versions, FlexCache creation failed when the source of the cache was encrypted. |
|
Manage consistency groups using the ONTAP CLI. |
File access protocols
| Update | Description |
|---|---|
Session trunking allows for multiple paths to an exported datastore. This simplifies management and improves performance as workloads scale up. It is especially appropriate in environments with VMware workloads. |
MetroCluster
| Update | Description |
|---|---|
S3 object storage support on mirrored and unmirrored aggregates |
Enable an S3 object storage server on an SVM in a mirrored or unmirrored aggregate in MetroCluster IP and FC configurations. |
You can create a bucket on a mirrored or unmirrored aggregate in MetroCluster configurations. |
To learn about platform and switch configuration enhancements for MetroCluster configurations, see the ONTAP 9 Release Notes.
S3 object storage
| Update | Description |
|---|---|
When buckets are created on or deleted from new or existing FlexGroup volumes, the volumes are resized to a minimum required size. The minimum required size is the total size of all the S3 buckets in a FlexGroup volume. |
|
S3 object storage support on mirrored and unmirrored aggregates |
You can enable an S3 object storage server on an SVM in a mirrored or unmirrored aggregate in MetroCluster IP and FC configurations. |
Object locking based on users roles and lock retention period |
Objects in S3 buckets can be locked from being overwritten or deleted. The ability to lock objects is based on specific users or time. |
ONTAP administrators can configure access for Lightweight Directory Access Protocol (LDAP) or Active Directory user groups to ONTAP S3 object storage, with the ability to enable authentication in LDAP fast bind mode. Users in local or domain groups or LDAP groups can generate their own access and secret keys for S3 clients.
You can define a validity period for the access keys and secret keys of S3 users.
ONTAP provides support for variables such as |
SAN
| Update | Description |
|---|---|
Host discovery of controllers using the NVMe/TCP protocol is automated by default. |
|
By default, ONTAP supports the ability of NVMe/FC hosts to identify virtual machines by a unique identifier and for NVMe/FC hosts to monitor virtual machine resource utilization. This enhances host-side reporting and troubleshooting. |
|
You can configure your NVMe subsystem to prioritize resource allocation for specific hosts. Host assigned a high priority are allocated larger I/O queue counts and larger queue depths. |
Security
| Update | Description |
|---|---|
Support for Cisco DUO multifactor authentication for SSH users |
SSH users can authenticate using Cisco DUO as a second factor of authentication during sign-in. |
ONTAP 9.14.1 extends the core token-based authentication and OAuth 2.0 support initially provided with ONTAP 9.14.0. Authorization can be configured using Active Directory or LDAP with group-to-role mapping. Sender-constrained access tokens are also supported and secured based on Mutual TLS (mTLS). In addition to Auth0 and Keycloak, Microsoft Windows Active Directory Federation Service (ADFS) is supported as an Identity Provider (IdP). |
|
The Open Authorization (OAuth 2.0) framework is added and provides token-based authentication for ONTAP REST API clients. This enables more secure management and administration of the ONTAP clusters using automation workflows powered by REST API scripts or Ansible. The standard OAuth 2.0 features are supported, including issuer, audience, local validation, remote introspection, remote user claim, and proxy support. Client authorization can be configured using self-contained OAuth 2.0 scopes or by mapping the local ONTAP users. Supported Identity Providers (IdP) include Auth0 and Keycloak using multiple concurrent servers. |
|
Configure Autonomous Ransomware Protection to receive notifications whenever a new file extension is detected or when an ARP Snapshot is taken, receiving earlier warning to possible ransomware events. |
|
FPolicy allows you to set up a persistent store to capture file access events for asynchronous non-mandatory policies in the SVM. Persistent stores can help decouple client I/O processing from the FPolicy notification processing to reduce client latency. Synchronous and asynchronous mandatory configurations are not supported. |
|
FPolicy is supported for FlexCache volumes with NFS or SMB. Previously, FPolicy was not supported for FlexCache volumes with SMB. |
Storage efficiency
| Update | Description |
|---|---|
Track the File System Analytics initialization scan with real time insights about progress and throttling. |
|
For FAS platforms, the WAFL reserve for aggregates greater than 30TB in size is reduced from 10% to 5%, resulting in increased usable space in the aggregate. |
|
On volumes with temperature-sensitive storage efficiency (TSSE) enabled, the ONTAP CLI metric for reporting the amount of space used in the volume includes the space savings realized as a result of TSSE. This metric is reflected in the volume show -physical-used and the volume show-space -physical used commands.
For FabricPool, the value of |
Storage resource management enhancements
| Update | Description |
|---|---|
FlexGroup volumes provide support for automatically moving growing files in a directory to a remote constituent to reduce I/O bottlenecks on the local constituent. |
|
You can add, modify, and delete tags and labels (comments) in to help identify Snapshot copies and to help avoid accidentally deleting Snapshot copies in FlexGroup volumes. |
|
FabricPool adds the ability to write data to a volume in FabricPool so it goes directly to the cloud without waiting for the tiering scan. |
|
FabricPool provides aggressive read-ahead of files such as movie streams on FabricPool volumes to ensure that no frames are dropped. |
SVM management enhancements
| Update | Description |
|---|---|
SVM data mobility support for migrating SVMs containing user and group quotas and qtrees |
SVM data mobility adds support for migrating SVMs containing user and group quotas and qtrees. |
The maximum number of supported volumes per SVM with SVM data mobility increases to 400 and the number of supported HA pairs increases to 12. |
System Manager
| Update | Description |
|---|---|
You can use System Manager for performing SnapMirror test failover rehearsals without interrupting existing SnapMirror relationships. |
|
You can use System Manager to edit or delete ports that have been assigned to a broadcast domain. |
|
Enablement of Mediator-assisted Automatic Unplanned Switchover (MAUSO) |
You can use System Manager to enable or disable Mediator-assisted Automatic Unplanned Switchover (MAUSO) when performing an IP MetroCluster switchover and switchback. |
You can use System Manager to use tags to categorize clusters and volumes in different ways, for example, by purpose, owner, or environment. This is useful when there are many objects of the same type. Users can quickly identify a specific object based on the tags that have been assigned to it. |
|
System Manager displays historical data about consistency group usage. |
|
You can use System Manager to configure secure, unidirectional and bidirectional authentication between an NVMe host and controller over the NVMe/TCP and NVMe/FC protocols using the DH-HMAC-CHAP authentication protocol. |
|
Support for S3 bucket lifecycle management extended to System Manager |
You can use System Manager to define rules for deleting specific objects in a bucket, and through these rules, expire those bucket objects. |