What's new in ONTAP 9.15.1
Learn about the new capabilities available in ONTAP 9.15.1.
For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.
Learn about new and enhanced ONTAP MetroCluster features.
Learn about new and enhanced support for FAS, ASA, and AFF platforms and supported switches.
Learn about updates to the ONTAP REST API.
To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.
Data protection
Update | Description |
---|---|
When a Windows backup application encounters a Unix-style symbolic link (symlink), the link is followed and the actual data is returned by ONTAP and backed up. Beginning with ONTAP 9.15.1, you also have the option of backing up the symlink itself instead of the data it points to. This can provide several benefits, including improved performance of your backup applications. You can enable the feature using the ONTAP CLI or REST API. |
|
SnapMirror active sync (formerly SnapMirror Business Continuity) now supports symmetric active/active deployments, enabling read and write I/O operations from both copies of a protected LUN with bidirectional synchronous replication. |
|
Increased limit for volumes in a consistency group using SnapMirror asynchronous |
Consistency groups using SnapMirror asynchronous protection now support up to 80 volumes in the consistency group. |
CLI and REST API operations for consistency groups are now supported at the administrative privilege level. |
|
ONTAP currently supports VMware virtual volumes (vVols) as well as persistent reservations with traditional LUNs. Beginning with ONTAP 9.15.1, you can also create a persistent reservation with a vVol. Support for this feature is implemented in ONTAP Tools for VMware vSphere 9. It is only supported in a Windows Server Failover Cluster (WSFC) which is a group of clustered Windows virtual machines. |
Security
Update | Description |
---|---|
You can create the FPolicy persistent store and automate its volume creation and configuration at the same time using the The enhanced |
|
NFS over RDMA configurations now support NFSv3. |
|
FPolicy supports the NFS 4.1 protocol. |
|
Protobuf is Google's language-neutral mechanism for serializing structured data. It is smaller, faster, and simpler compared to XML, which helps improve FPolicy performance. You can use the protobuf external engine format. When set to protobuf, the notification messages are encoded in binary form using Google Protobuf. Before setting the external engine format to protobuf, ensure that the FPolicy server also supports protobuf deserialization. |
|
ONTAP 9.15.1 provides the initial framework for Dynamic Authorization, which provides enhanced security for management of the ONTAP system by enabling you to assign a security trust score to administrator users and challenge them with additional authorization checks when their activity looks suspicious. You can utilize Dynamic Authorization as part of a data-centric Zero Trust security architecture. |
|
Support for TLS 1.3 for S3 storage, FlexCache, and Cluster Peering encryption |
TLS 1.3 has been supported since ONTAP 9.11.1 for management access, but it is now supported in ONTAP 9.15.1 for S3 storage, FlexCache, and Cluster Peering encryption. Some applications, such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to be limited to the use of TLS 1.2 for the 9.15.1 release. |
NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, NFS over TLS is not supported for production workloads in ONTAP 9.15.1. NFS over TLS provides in-transit encryption of data from the storage device to the client. TLS is more recent and more convenient than Kerberos, enabling simpler configuration and administration. |
|
Administrators can create multi-admin verification rules to protect cluster configuration, LUN deletion, system configuration, security configuration for IPsec and SAML, volume snapshot operations, vServer configuration, and other commands. |
|
While the recommended transport of AutoSupport messages to NetApp is HTTPS, unencrypted SMTP has also been available. With ONTAP 9.15.1, customers now have the option of using TLS with SMTP. The SMTPS protocol establishes a secure transport channel by encrypting the email traffic as well as the optional email server credentials. Explicit TLS is used and so TLS is activated after the TCP connection is created. If copies of the messages are sent to local email addresses, the same configuration is used. |
Storage efficiency
Update | Description |
---|---|
Two new counters have been introduced which show only the metadata being used. In addition, several of the existing counters have been adjusted to remove the metadata and display only the user data. Together these changes provide a clearer view of the metrics separated into the the two types of data. Customers can use these counters to implement more accurate chargeback models by discounting metadata from the total and only considering the actual user data. |
|
ONTAP provides storage efficiency and data compaction on AFF A70, AFF A90, and AFF A1K platforms. Depending on the platform, compression is performed using either the main CPU or with a dedicated offload processor. Storage efficiency is enabled automatically and requires no configuration. |
Storage resource management enhancements
Update | Description |
---|---|
When writeback is enabled on the cache volume, write requests are sent to the local cache rather than to the origin volume, providing better performance for edge computing environments and caches with write-heavy workloads. |
|
ONTAP enforces that 5-8% of a volume's capacity must be free when enabling File System Analytics, mitigating potential performance issues for volumes and File System Analytics. |
|
FlexClone volumes encryption keys |
A FlexClone volume is assigned a dedicated encryption key that is independent of the FlexVol volume's (host) encryption key. |
System Manager
Update | Description |
---|---|
SnapLock vault relationships can be configured using System Manager when both the source and destination are running ONTAP 9.15.1 or later. |
|
The information on the System Manager dashboard Health, Capacity, Network, and Performance views includes more complete descriptions, including enhancements to the performance metrics that help you identify and troubleshoot latency or performance issues. |
Upgrade
Update | Description |
---|---|
If LIF migration to the other batch group fails during an automated nondisruptive upgrade, the LIFs are migrated to the HA partner node in the same batch group. |