What's new in ONTAP 9.15.1

05/29/2024 Contributors

Learn about the new capabilities available in ONTAP 9.15.1.

For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.

Learn about new and enhanced ONTAP MetroCluster features.

Learn about new and enhanced support for FAS, ASA, and AFF platforms and supported switches.

Learn about updates to the ONTAP REST API.

To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.

Data protection

Update	Description
SnapMirror active sync supports symmetric active/active deployments	SnapMirror active sync (formerly SnapMirror Business Continuity) now supports symmetric active/active deployments, enabling read and write I/O operations from both copies of a protected LUN with bidirectional synchronous replication.
Increased limit for volumes in a consistency group using SnapMirror asynchronous	Consistency groups using SnapMirror asynchronous protection now support up to 80 volumes in the consistency group.
Support for admin privilege level for REST API and CLI operations with consistency groups	CLI and REST API operations for consistency groups are now supported at the administrative privilege level.
Persistent reservations for VMware virtual volumes with Windows Server Failover Clustering	ONTAP currently supports VMware virtual volumes (vVols) as well as persistent reservations with traditional LUNs. Beginning with ONTAP 9.15.1, you can also create a persistent reservation with a vVol. Support for this feature is implemented in ONTAP Tools for VMware vSphere 9. It is only supported in a Windows Server Failover Cluster (WSFC) which is a group of clustered Windows virtual machines.

Update

Description

SnapMirror active sync supports symmetric active/active deployments

SnapMirror active sync (formerly SnapMirror Business Continuity) now supports symmetric active/active deployments, enabling read and write I/O operations from both copies of a protected LUN with bidirectional synchronous replication.

Increased limit for volumes in a consistency group using SnapMirror asynchronous

Consistency groups using SnapMirror asynchronous protection now support up to 80 volumes in the consistency group.

Support for admin privilege level for REST API and CLI operations with consistency groups

CLI and REST API operations for consistency groups are now supported at the administrative privilege level.

Persistent reservations for VMware virtual volumes with Windows Server Failover Clustering

ONTAP currently supports VMware virtual volumes (vVols) as well as persistent reservations with traditional LUNs. Beginning with ONTAP 9.15.1, you can also create a persistent reservation with a vVol. Support for this feature is implemented in ONTAP Tools for VMware vSphere 9. It is only supported in a Windows Server Failover Cluster (WSFC) which is a group of clustered Windows virtual machines.

Security

Update Description

Update	Description
Simplified FPolicy persistent store creation and configuration	You can create the FPolicy persistent store and automate its volume creation and configuration at the same time using the `persistent-store create` command. The enhanced `persistent-store create` command also allows the use of the autosize-mode parameter, which allows the volume to grow or shrink in size in response to the amount of used space.
Support for NFSv3 with RDMA	NFS over RDMA configurations now support NFSv3.
FPolicy supports the NFS 4.1 protocol	FPolicy supports the NFS 4.1 protocol.
Protobuf engine format support for FPolicy	Protobuf is Google's language-neutral mechanism for serializing structured data. It is smaller, faster, and simpler compared to XML, which helps improve FPolicy performance. You can use the protobuf external engine format. When set to protobuf, the notification messages are encoded in binary form using Google Protobuf. Before setting the external engine format to protobuf, ensure that the FPolicy server also supports protobuf deserialization.
Dynamic Authorization for SSH connections	ONTAP 9.15.1 provides the initial framework for Dynamic Authorization, which provides enhanced security for management of the ONTAP system by enabling you to assign a security trust score to administrator users and challenge them with additional authorization checks when their activity looks suspicious. You can utilize Dynamic Authorization as part of a data-centric Zero Trust security architecture.
Support for TLS 1.3 for S3 storage, FlexCache, and Cluster Peering encryption	TLS 1.3 has been supported since ONTAP 9.11.1 for management access, but it is now supported in ONTAP 9.15.1 for S3 storage, FlexCache, and Cluster Peering encryption. Some applications, such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to be limited to the use of TLS 1.2 for the 9.15.1 release.
TLS support for NFS connections	NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, NFS over TLS is not supported for production workloads in ONTAP 9.15.1. NFS over TLS provides in-transit encryption of data from the storage device to the client. TLS is more recent and more convenient than Kerberos, enabling simpler configuration and administration.
Eligible set of rule-protected commands extended for multi-admin verification	Administrators can create multi-admin verification rules to protect cluster configuration, LUN deletion, system configuration, security configuration for IPsec and SAML, volume snapshot operations, vServer configuration, and other commands.
Delivery of AutoSupport messages using SMTP with TLS	While the recommended transport of AutoSupport messages to NetApp is HTTPS, unencrypted SMTP has also been available. With ONTAP 9.15.1, customers now have the option of using TLS with SMTP. The SMTPS protocol establishes a secure transport channel by encrypting the email traffic as well as the optional email server credentials. Explicit TLS is used and so TLS is activated after the TCP connection is created. If copies of the messages are sent to local email addresses, the same configuration is used.

Simplified FPolicy persistent store creation and configuration

You can create the FPolicy persistent store and automate its volume creation and configuration at the same time using the persistent-store create command.

The enhanced persistent-store create command also allows the use of the autosize-mode parameter, which allows the volume to grow or shrink in size in response to the amount of used space.

Support for NFSv3 with RDMA

NFS over RDMA configurations now support NFSv3.

FPolicy supports the NFS 4.1 protocol

FPolicy supports the NFS 4.1 protocol.

Protobuf engine format support for FPolicy

Protobuf is Google's language-neutral mechanism for serializing structured data. It is smaller, faster, and simpler compared to XML, which helps improve FPolicy performance.

You can use the protobuf external engine format. When set to protobuf, the notification messages are encoded in binary form using Google Protobuf. Before setting the external engine format to protobuf, ensure that the FPolicy server also supports protobuf deserialization.

Dynamic Authorization for SSH connections

ONTAP 9.15.1 provides the initial framework for Dynamic Authorization, which provides enhanced security for management of the ONTAP system by enabling you to assign a security trust score to administrator users and challenge them with additional authorization checks when their activity looks suspicious. You can utilize Dynamic Authorization as part of a data-centric Zero Trust security architecture.

Support for TLS 1.3 for S3 storage, FlexCache, and Cluster Peering encryption

TLS 1.3 has been supported since ONTAP 9.11.1 for management access, but it is now supported in ONTAP 9.15.1 for S3 storage, FlexCache, and Cluster Peering encryption. Some applications, such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to be limited to the use of TLS 1.2 for the 9.15.1 release.

TLS support for NFS connections

NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, NFS over TLS is not supported for production workloads in ONTAP 9.15.1.

NFS over TLS provides in-transit encryption of data from the storage device to the client. TLS is more recent and more convenient than Kerberos, enabling simpler configuration and administration.

Eligible set of rule-protected commands extended for multi-admin verification

Administrators can create multi-admin verification rules to protect cluster configuration, LUN deletion, system configuration, security configuration for IPsec and SAML, volume snapshot operations, vServer configuration, and other commands.

Delivery of AutoSupport messages using SMTP with TLS

While the recommended transport of AutoSupport messages to NetApp is HTTPS, unencrypted SMTP has also been available. With ONTAP 9.15.1, customers now have the option of using TLS with SMTP. The SMTPS protocol establishes a secure transport channel by encrypting the email traffic as well as the optional email server credentials. Explicit TLS is used and so TLS is activated after the TCP connection is created. If copies of the messages are sent to local email addresses, the same configuration is used.

Storage efficiency

Update	Description
Changes to reporting of volume space metrics	Two new counters have been introduced which show only the metadata being used. In addition, several of the existing counters have been adjusted to remove the metadata and display only the user data. Together these changes provide a clearer view of the metrics separated into the the two types of data. Customers can use these counters to implement more accurate chargeback models by discounting metadata from the total and only considering the actual user data.

Update

Description

Changes to reporting of volume space metrics

Two new counters have been introduced which show only the metadata being used. In addition, several of the existing counters have been adjusted to remove the metadata and display only the user data. Together these changes provide a clearer view of the metrics separated into the the two types of data. Customers can use these counters to implement more accurate chargeback models by discounting metadata from the total and only considering the actual user data.

Storage resource management enhancements

Update	Description
FlexCache writeback support	When writeback is enabled on the cache volume, write requests are sent to the local cache rather than to the origin volume, providing better performance for edge computing environments and caches with write-heavy workloads.
Performance enhancement for File System Analytics	ONTAP enforces that 5-8% of a volume's capacity must be free when enabling File System Analytics, mitigating potential performance issues for volumes and File System Analytics.
FlexClone volumes encryption keys	A FlexClone volume is assigned a dedicated encryption key that is independent of the FlexVol volume's (host) encryption key.

Update

Description

FlexCache writeback support

When writeback is enabled on the cache volume, write requests are sent to the local cache rather than to the origin volume, providing better performance for edge computing environments and caches with write-heavy workloads.

Performance enhancement for File System Analytics

ONTAP enforces that 5-8% of a volume's capacity must be free when enabling File System Analytics, mitigating potential performance issues for volumes and File System Analytics.

FlexClone volumes encryption keys

A FlexClone volume is assigned a dedicated encryption key that is independent of the FlexVol volume's (host) encryption key.

System Manager

Update	Description
System Manager support for configuring SnapLock vault relationships	SnapLock vault relationships can be configured using System Manager when both the source and destination are running ONTAP 9.15.1 or later.
Performance enhancements for the System Manager dashboard	The information on the System Manager dashboard Health, Capacity, Network, and Performance views includes more complete descriptions, including enhancements to the performance metrics that help you identify and troubleshoot latency or performance issues.

Update

Description

System Manager support for configuring SnapLock vault relationships

SnapLock vault relationships can be configured using System Manager when both the source and destination are running ONTAP 9.15.1 or later.

Performance enhancements for the System Manager dashboard

The information on the System Manager dashboard Health, Capacity, Network, and Performance views includes more complete descriptions, including enhancements to the performance metrics that help you identify and troubleshoot latency or performance issues.

Upgrade

Update	Description
Support for LIF migration to HA partner node during automated nondisruptive upgrade	If LIF migration to the other batch group fails during an automated nondisruptive upgrade, the LIFs are migrated to the HA partner node in the same batch group.

Update

Description

Support for LIF migration to HA partner node during automated nondisruptive upgrade

If LIF migration to the other batch group fails during an automated nondisruptive upgrade, the LIFs are migrated to the HA partner node in the same batch group.

What's new in ONTAP 9.15.1

Creating your file...

Data protection

Security

Storage efficiency

Storage resource management enhancements

System Manager

Upgrade