What's new in ONTAP 9.17.1
Suggest changes
PDFs
Learn about the new capabilities available in ONTAP 9.17.1.
For details about known issues, limitations, and upgrade cautions in recent ONTAP 9 releases, refer to the ONTAP 9 Release Notes. You must sign in with your NetApp account or create an account to access the Release Notes.
-
Learn about new and enhanced ONTAP MetroCluster features.
-
Learn about new and enhanced ONTAP software features for NetApp ASA r2 systems.
-
Learn about new and enhanced support for AFF, ASA, and FAS systems and supported switches.
-
Learn about updates to the ONTAP REST API.
To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.
Data protection
| Update | Description |
|---|---|
SnapMirror active sync adds support for NVMe access for VMware workloads with NVMe/TCP and NVMe/FC host access for two-node ONTAP clusters. VMware workload support for NVMe/TCP is contingent on VMware bugs being addressed. |
|
ONTAP Cloud Mediator is introduced in ONTAP 9.17.1 and supports SnapMirror active sync relationships. The cloud-based mediator, like ONTAP Mediator, acts as the quorum witness for SnapMirror active sync relationships, ensuring transparent failover while reducing the operational complexity of maintaining and managing a third site. |
S3 object storage
| Update | Description |
|---|---|
The CopyObject action is supported within ONTAP S3 NAS bucket. |
|
When creating an S3 NAS bucket with the ONTAP CLI, you can choose to link the bucket to the volume instead of the junction path. When you link to the volume, the junction path is automatically updated if the path changes, for example, when a volume is dismounted or mounted. |
|
Tagging and user metadata key/value pairs are supported by the CreateMultipartUpload action in multiprotocol (S3 and NAS) environments. |
Security
| Update | Description |
|---|---|
ONTAP supports HTTP Strict Transport Security for web services, enabling enforcement of secure HTTPS communication between a user's browser and ONTAP. |
|
ONTAP supports IPsec hardware offload for link aggregation groups, extending the hardware offload support introduced in 9.16.1. |
|
ONTAP supports postquantum pre-shared keys for IPsec to protect against potential future quantum computer attacks. |
|
ONTAP supports OpenStack's Barbican key manager for NetApp Volume Encryption (NVE) keys. |
|
ONTAP supports JIT privilege elevation for role-based access control (RBAC). Users can request temporary elevation to a configured role, allowing access to privileged commands on an on-demand basis. Cluster administrators can configure who can access JIT privilege elevation and when and for how long access is allowed. |
|
ONTAP supports Microsoft Entra as a SAML identity provider. Additionally, IdP-provided group information can be mapped to ONTAP roles. |
|
You can configure and run audit operations on both the initiating source cluster and destination (executing) cluster. In previous releases, only the cluster receiving the client's request performed auditing. With this feature, a peered cluster that fulfills a cross-cluster request also logs the activity. These auditing operations can be enabled and extended to any SET or GET request initiated within ONTAP. |
|
ARP supports SAN volumes with encryption-based anomaly detection, introduces new commands for detailed entropy statistics, and unifies ransomware protection messaging in System Manager that had previously focused on NAS. Configurable detection thresholds and more deterministic snapshot retention provide greater flexibility for diverse workloads. |
Storage resource management enhancements
| Update | Description |
|---|---|
Volumes created on newly created SVMs on ONTAP clusters allocated for NAS protocols have File System Analytics (FSA) enabled by default. FSA is automatically activated as soon as a volume is created, providing immediate analytics capabilities without additional configuration. |
|
The ONTAP CLI command |