Support for SnapMirror cloud backups from a migrated volume

SnapMirror cloud supports backups of volumes migrated to the cloud using a more efficient synchronization process. The new functionality supports SnapMirror cloud backups from a migrated volume in the cloud to the same destination object store endpoint without the need for performing a re-baseline operation. Both FlexVol and FlexGroup volumes are supported.

Support for encryption key migration between key managers

When you switch from the ONTAP onboard key manager to an external key manager at the cluster level, you can use the ONTAP command line interface (CLI) to easily migrate the encryption keys from one key manager to the other.

MD5 authentication support for BGP peer groups

ONTAP supports MD5 authentication on BGP peer groups to protect BGP sessions. When MD5 is enabled, BGP sessions can only be established and processed among authorized peers, preventing potential disruptions of the session by an unauthorized actor.

IPsec hardware offload support

IP security (IPsec) is a data-in-motion security option available to protect all the IP traffic between a client and an ONTAP node. The protocol was initially available with ONTAP 9.8 and has been implemented as software only. Beginning with ONTAP 9.16.1, you have the option of offloading certain computationally intensive operations, such as encryption and integrity checks, to a supported network interface controller (NIC) card installed at the storage nodes. Using this hardware offload option can significantly improve the performance and throughput of the network traffic protected by IPsec.

Multiprotocol S3 bucket supports multipart upload

With Multipart upload, you can upload a single object as a set of parts to the S3 multiprotocol bucket.

Cross-Origin Resource Sharing (CORS) support for ONTAP S3 buckets

Unlock the full potential of your web applications with Cross-Origin Resource Sharing (CORS). CORS allows seamless interaction between client applications from one domain and resources in another. By integrating CORS support, you can empower your ONTAP S3-based web applications with selective cross-origin access to your resources.

ONTAP supports taking snapshots of ONTAP S3 buckets

You can generate read-only, point-in-time snapshots of your ONTAP S3 buckets. Using the S3 snapshots feature, you can manually create snapshots or automatically generate them through snapshot policies. Additionally, you can view, browse, and delete S3 snapshots, and restore the snapshot content through S3 clients.

NVMe space deallocation enabled by default

Space deallocation (also called “hole punching” and “unmap”) is enabled for NVMe namespaces by default. Space deallocation allows a host to deallocate unused blocks from namespaces to reclaim space. This greatly improves overall storage efficiency, especially with filesystems that have data high turnover.

Eligible set of rule-protected commands extended for multi-admin verification

Administrators can create multi-admin verification rules to protect consistency groups, including create, delete, and modify operations, create and delete consistency group snapshots, and other commands.

Autonomous Ransomware Protection with AI enhancements (ARP/AI)

ARP has been upgraded with new AI capabilities, allowing it to detect and respond to ransomware attacks with 99% precision and recall. Because the AI is trained on a comprehensive dataset, there is no longer a learning period for ARP running on FlexVol volumes and ARP/AI starts in active mode right away. ARP/AI also comes with an automatic update capability to ensure constant protection and resilience against the latest threats.

Support for in-flight encryption for data traffic sent to and from NVMe storage devices

ONTAP now supports in-flight encryption for data traffic sent over the network to and from NVMe storage devices.

Support for TLS 1.3 for FabricPool object store communication

ONTAP supports TLS 1.3 for FabricPool object store communication.

OAuth 2.0 for Microsoft Entra ID

OAuth 2.0 support, first introduced with ONTAP 9.14.1, has been enhanced to support the Microsoft Entra ID authorization server (formerly Azure AD) with standard OAuth 2.0 claims. In addition, the Entra ID standard group claims based on UUID style values are supported through new group and role mapping capabilities. A new external role mapping feature has also been introduced which has been tested with Entra ID but can be used with any of the supported authorization servers.

Extended qtree performance monitoring to include latency metrics and historical statistics

Earlier ONTAP releases provide robust real-time metrics for qtree usage, such as I/O operations per second and throughput in several categories including reads and writes. Beginning with ONTAP 9.16.1, you can also access real-time latency statistics as well as view archived historical data. These new capabilities provide IT storage administrators greater insight into system performance and enable analysis of trends over longer periods of time. This allows you to make more informed, data-driven decisions related to the operation and planning of your datacenter and cloud storage resources.

Support for FlexGroup advanced capacity distribution

When enabled, advanced capacity balancing distributes data between FlexGroup member volumes when very large files grow and consume space on one member volume.

SVM data mobility support for migrating MetroCluster configurations

ONTAP now supports migrating an SVM from either a non-MetroCluster HA pair into a MetroCluster configuration or from a MetroCluster configuration to a non-MetroCluster HA pair. You cannot migrate an SVM from one MetroCluster configuration to another MetroCluster configuration

Support for phishing-resistant WebAuthn multi-factor authentication in System Manager

ONTAP 9.16.1 supports WebAuthn MFA logins, enabling you to use hardware security keys as a second authentication method when logging in to System Manager.

Support for air-gapped FSx deployments

If your Amazon FSx for NetApp ONTAP deployments detects that you are in an air-gapped region, going to the log-in page brings you into System Manager, enabling you to manage FSx for ONTAP with System Manager.