ONTAP 9 Manuals ( CA08871-402 )

What’s new in ONTAP 9.14.1

Learn about the new capabilities available in ONTAP 9.14.1.

To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.

Data protection

Update Description

VE supported on SVM root volumes

SVM root volumes can be encrypted using unique keys with Volume Encryption.

Ability to set Snapshot copy locking on long-term retention Snapshot copies and to reinitialize the Compliance Clock

On clusters with a SnapLock license, tamperproof Snapshot copy locking for Snapshot copies with long-term retention can be set for Snapshot copies created on non-SnapLock SnapMirror destination volumes and the Compliance Clock can be initialized when no SnapLock volumes are present.

SnapMirror active sync supports SCIS3 persistent reservations and Windows Failover Clustering

SCSI3 persistent reservations and Window Failover Clustering for SnapMirror active sync supports multiple nodes accessing a device while at the same time blocking access to other nodes, ensuring clustering for different application environments stays consistent and stable.

Copy volume-granular Snapshots with consistency groups

You can utilize consistency groups to replicate Asynchronous SnapMirror Snapshots and volume-granular Snapshots to the destination consistency groups for an extra layer of disaster recovery.

Asynchronous data protection support for consistency groups within SVM disaster recovery relationship

SVMs configured for SVM disaster recovery can replicate consistency group information to the secondary site if the SVM contains a consistency group.

SnapMirror asynchronous support for 20 fanout targets

The number of SnapMirror asynchronous fanout targets supported on A700 and higher systems increases from 16 to 20 when using ONTAP 9.14.1.

CLI support for consistency groups

Manage consistency groups using the ONTAP CLI.

File access protocols

Update Description

NFSv4.1 session trunking

Session trunking allows for multiple paths to an exported datastore. This simplifies management and improves performance as workloads scale up. It is especially appropriate in environments with VMware workloads.

MetroCluster

Update Description

S3 object storage support on mirrored and unmirrored aggregates

Enable an S3 object storage server on an SVM in a mirrored or unmirrored aggregate in MetroCluster IP and FC configurations.

Support for provisioning an S3 bucket on mirrored and unmirrored aggregates in a MetroCluster cluster

You can create a bucket on a mirrored or unmirrored aggregate in MetroCluster configurations.

S3 object storage

Update Description

Automatic resizing has been enabled on S3 FlexGroup volumes to eliminate excessive capacity allocation when buckets are created on them

When buckets are created on or deleted from new or existing FlexGroup volumes, the volumes are resized to a minimum required size. The minimum required size is the total size of all the S3 buckets in a FlexGroup volume.

S3 object storage support on mirrored and unmirrored aggregates

You can enable an S3 object storage server on an SVM in a mirrored or unmirrored aggregate in MetroCluster IP and FC configurations.

Object locking based on users roles and lock retention period

Objects in S3 buckets can be locked from being overwritten or deleted. The ability to lock objects is based on specific users or time.

Configuring access for LDAP user groups to support external directory services and adding validity period for access and secret keys

ONTAP administrators can configure access for Lightweight Directory Access Protocol (LDAP) or Active Directory user groups to ONTAP S3 object storage, with the ability to enable authentication in LDAP fast bind mode. Users in local or domain groups or LDAP groups can generate their own access and secret keys for S3 clients. You can define a validity period for the access keys and secret keys of S3 users. ONTAP provides support for variables such as $aws:username for bucket policies and group policies.

SAN

Update Description

NVMe/TCP automated host discovery

Host discovery of controllers using the NVMe/TCP protocol is automated by default.

NVMe/FC host side reporting and troubleshooting

By default, ONTAP supports the ability of NVMe/FC hosts to identify virtual machines by a unique identifier and for NVMe/FC hosts to monitor virtual machine resource utilization. This enhances host-side reporting and troubleshooting.

NVMe host prioritization

You can configure your NVMe subsystem to prioritize resource allocation for specific hosts. Host assigned a high priority are allocated larger I/O queue counts and larger queue depths.

Security

Update Description

Support for Cisco DUO multifactor authentication for SSH users

SSH users can authenticate using Cisco DUO as a second factor of authentication during sign-in.

Enhancements to OAuth 2.0 support

ONTAP 9.14.1 extends the core token-based authentication and OAuth 2.0 support initially provided with ONTAP 9.14.0. Authorization can be configured using Active Directory or LDAP with group-to-role mapping. Sender-constrained access tokens are also supported and secured based on Mutual TLS (mTLS). In addition to Auth0 and Keycloak, Microsoft Windows Active Directory Federation Service (ADFS) is supported as an Identity Provider (IdP).

OAuth 2.0 Authorization Framework

The Open Authorization (OAuth 2.0) framework is added and provides token-based authentication for ONTAP REST API clients. This enables more secure management and administration of the ONTAP clusters using automation workflows powered by REST API scripts or Ansible. The standard OAuth 2.0 features are supported, including issuer, audience, local validation, remote introspection, remote user claim, and proxy support. Client authorization can be configured using self-contained OAuth 2.0 scopes or by mapping the local ONTAP users. Supported Identity Providers (IdP) include Auth0 and Keycloak using multiple concurrent servers.

Tunable alerts for Autonomous Ransomware Protection

Configure Autonomous Ransomware Protection to receive notifications whenever a new file extension is detected or when an ARP Snapshot is taken, receiving earlier warning to possible ransomware events.

FPolicy supports persistent stores to reduce latency

FPolicy allows you to set up a persistent store to capture file access events for asynchronous non-mandatory policies in the SVM. Persistent stores can help decouple client I/O processing from the FPolicy notification processing to reduce client latency. Synchronous and asynchronous mandatory configurations are not supported.

FPolicy supports FlexCache volumes on SMB

FPolicy is supported for FlexCache volumes with NFS or SMB. Previously, FPolicy was not supported for FlexCache volumes with SMB.

Storage efficiency

Update Description

Scan tracking in File System Analytics

Track the File System Analytics initialization scan with real time insights about progress and throttling.

Increase in usable aggregate space on ETERNUS HX series

For ETERNUS HX series, the WAFL reserve for aggregates greater than 30TB in size is reduced from 10% to 5%, resulting in increased usable space in the aggregate.

Change in reporting of physical used space in TSSE volumes

On volumes with temperature-sensitive storage efficiency (TSSE) enabled, the ONTAP CLI metric for reporting the amount of space used in the volume includes the space savings realized as a result of TSSE. This metric is reflected in the volume show -physical-used and the volume show-space -physical used commands. For FabricPool, the value of -physical-used is a combination of the capacity tier and the performance tier. For specific commands, see volume show and volume show space.

Storage resource management enhancements

Update Description

Proactive FlexGroup rebalancing

FlexGroup volumes provide support for automatically moving growing files in a directory to a remote constituent to reduce I/O bottlenecks on the local constituent.

Snapshot copy tagging in FlexGroup volumes

You can add, modify, and delete tags and labels (comments) in to help identify Snapshot copies and to help avoid accidentally deleting Snapshot copies in FlexGroup volumes.

Write directly to the cloud with FabricPool

FabricPool adds the ability to write data to a volume in FabricPool so it goes directly to the cloud without waiting for the tiering scan.

Aggressive read-ahead with FabricPool

FabricPool provides aggressive read-ahead of files such as movie streams on FabricPool volumes to ensure that no frames are dropped.

SVM management enhancements

Update Description

SVM data mobility support for migrating SVMs containing user and group quotas and qtrees

SVM data mobility adds support for migrating SVMs containing user and group quotas and qtrees.

Support for a maximum of 400 volumes per SVM, a maximum of 12 HA pairs, and pNFS with NFS 4.1 using SVM data mobility

The maximum number of supported volumes per SVM with SVM data mobility increases to 400 and the number of supported HA pairs increases to 12.

ONTAP System Manager

Update Description

SnapMirror test failover support

You can use ONTAP System Manager for performing SnapMirror test failover rehearsals without interrupting existing SnapMirror relationships.

Port management in a broadcast domain

You can use ONTAP System Manager to edit or delete ports that have been assigned to a broadcast domain.

Enablement of Mediator-assisted Automatic Unplanned Switchover (MAUSO)

You can use ONTAP System Manager to enable or disable Mediator-assisted Automatic Unplanned Switchover (MAUSO) when performing an IP MetroCluster switchover and switchback.

Cluster and volume tagging

You can use ONTAP System Manager to use tags to categorize clusters and volumes in different ways, for example, by purpose, owner, or environment. This is useful when there are many objects of the same type. Users can quickly identify a specific object based on the tags that have been assigned to it.

Enhanced support for consistency group monitoring

ONTAP System Manager displays historical data about consistency group usage.

NVMe in-band authentication

You can use ONTAP System Manager to configure secure, unidirectional and bidirectional authentication between an NVMe host and controller over the NVMe/TCP and NVMe/FC protocols using the DH-HMAC-CHAP authentication protocol.

Support for S3 bucket lifecycle management extended to ONTAP System Manager

You can use ONTAP System Manager to define rules for deleting specific objects in a bucket, and through these rules, expire those bucket objects.

Top of Page