Release notes
What's new in ONTAP 9.16.1
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Learn about the new capabilities available in ONTAP 9.16.1.
For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.
Learn about new and enhanced ONTAP MetroCluster features.
Learn about new and enhanced support for FAS, ASA, and AFF platforms and supported switches.
Learn about updates to the ONTAP REST API.
To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.
Data protection
| Update | Description |
|---|---|
Expanding from the previous two-node limit, SnapMirror active sync supports four-node clusters, enabling data replication for larger workloads. |
|
SnapMirror cloud supports fan-out relationships from the same source volume or FlexGroup to two different object stores. Fan-outs can be to two object stores and to one or two buckets in the object stores. |
|
SnapMirror cloud supports backups of volumes migrated to the cloud by using existing ONTAP REST APIs. The new functionality supports SnapMirror cloud backups from a migrated volume in the cloud to the same destination object store endpoint without the need for performing a re-baseline operation. Both FlexVol and FlexGroup volumes are supported. |
Networking
| Update | Description |
|---|---|
ONTAP supports MD5 authentication on BGP peer groups to protect BGP sessions. When MD5 is enabled, BGP sessions can only be established and processed among authorized peers, preventing attacks like route hijacking where an attacker tries to inject false routing information into the network by spoofing BGP updates. |
|
IP security (IPsec) is a data-in-motion security option available to protect all the IP traffic between a client and an ONTAP node. The protocol was initially available with ONTAP 9.8 and has been implemented as software only. Beginning with ONTAP 9.16.1, you have the option of offloading certain computationally intensive operations, such as encryption and integrity checks, to a supported network interface controller (NIC) card installed at the storage nodes. Using this hardware offload option can significantly improve the performance and throughput of the network traffic protected by IPsec. |
S3 object storage
| Update | Description | ||
|---|---|---|---|
Multiprotocol S3 bucket support for S3 object metadata and tagging |
Beginning with ONTAP 9.16.1, S3 object tagging is extended from non-multiprotocol ONTAP S3 buckets to NAS and S3 multiprotocol ONTAP S3 buckets. The tags are only visible in the S3 protocol. Applying tags and metadata to S3 objects using S3 clients helps you define lifecycles, back charging, data categories, and custom workflows on data stored as object or files in ONTAP. When integrated with AWS data services such as Bedrock or Athena, tagging and metadata become central to the data processing provided by these services.
|
||
Multipart uploads is a core S3 functionality that has been available for non-multiprotocol ONTAP S3 buckets since inception. Beginning with ONTAP 9.16.1, this core feature is extended to NAS and S3 multiprotocol ONTAP S3 buckets. |
|||
Unlock the full potential of your web applications with Cross-Origin Resource Sharing (CORS). CORS allows seamless interaction between client applications from one domain and resources in another. By integrating CORS support, you can empower your ONTAP S3-based web applications with selective cross-origin access to your resources. |
|||
You can generate read-only, point-in-time snapshots of your ONTAP S3 buckets. Using the S3 snapshots feature, you can manually create snapshots or automatically generate them through snapshot policies. Additionally, you can view, browse, and delete S3 snapshots, and restore the snapshot content through S3 clients. |
SAN
| Update | Description |
|---|---|
Space deallocation (also called “hole punching” and “unmap”) is enabled for NVMe namespaces by default. Space deallocation allows a host to deallocate unused blocks from namespaces to reclaim space. This greatly improves overall storage efficiency, especially with filesystems that have data high turnover. |
Security
| Update | Description | ||
|---|---|---|---|
Administrators can create multi-admin verification rules to protect consistency groups, including create, delete, and modify operations, create and delete consistency group snapshots, and other commands. |
|||
ARP has been upgraded with new AI capabilities, allowing it to detect and respond to ransomware attacks with 99% precision and recall. Because the AI is trained on a comprehensive dataset, there is no longer a learning period for ARP running on FlexVol volumes and ARP/AI starts in active mode right away. ARP/AI also comes with an automatic update capability to ensure constant protection and resilience against the latest threats.
|
|||
Protect NVMe/TCP "over the wire" at the protocol layer with a simplified configuration and improved performance compared to IPSec. |
|||
Support for TLS 1.3 for FabricPool object store communication |
ONTAP supports TLS 1.3 for FabricPool object store communication. |
||
OAuth 2.0 support, first introduced with ONTAP 9.14.1, has been enhanced to support the Microsoft Entra ID authorization server (formerly Azure AD) with standard OAuth 2.0 claims. In addition, the Entra ID standard group claims based on UUID style values are supported through new group and role mapping capabilities. A new external role mapping feature has also been introduced which has been tested with Entra ID but can be used with any of the supported authorization servers. |
Storage efficiency
| Update | Description |
|---|---|
Earlier ONTAP releases provide robust real-time metrics for qtree usage, such as I/O operations per second and throughput in several categories including reads and writes. Beginning with ONTAP 9.16.1, you can also access real-time latency statistics as well as view archived historical data. These new capabilities provide IT storage administrators greater insight into system performance and enable analysis of trends over longer periods of time. This allows you to make more informed, data-driven decisions related to the operation and planning of your datacenter and cloud storage resources. |
Storage resource management enhancements
| Update | Description | ||
|---|---|---|---|
SVMs with storage limits enabled can contain data protection volumes. FlexVol volumes in asynchronous disaster recovery relationships with no cascade, synchronous disaster recovery relationships, and restore relationships are supported.
|
|||
When enabled, advanced capacity balancing distributes data within a file between FlexGroup member volumes when very large files grow and consume space on one member volume. |
|||
ONTAP supports the following MetroCluster SVM migrations:
|
System Manager
| Update | Description |
|---|---|
ONTAP 9.16.1 supports WebAuthn MFA logins, enabling you to use hardware security keys as a second authentication method when logging in to System Manager. |
|
Support for air-gapped FSx deployments |
If your Amazon FSx for NetApp ONTAP deployments detects that you are in an air-gapped region, going to the log-in page brings you into System Manager, enabling you to manage FSx for ONTAP with System Manager. |
