ONTAP 9 Manuals ( CA08871-402 )

to Japanese version

What’s new in ONTAP 9.15.1

Learn about the new capabilities available in ONTAP 9.15.1.

To upgrade to the latest version of ONTAP, see Prepare to upgrade ONTAP.

Data protection

Update Description

SnapMirror active sync (formerly SnapMirror Business Continuity) now supports symmetric active/active deployments, enabling read and write I/O operations from both copies of a protected LUN with bidirectional synchronous replication.

Increased limit for volumes in a consistency group using SnapMirror asynchronous

Consistency groups using SnapMirror asynchronous protection now support up to 80 volumes in the consistency group.

CLI and REST API operations for consistency groups are now supported at the administrative privilege level.

ONTAP currently supports VMware virtual volumes (vVols) as well as persistent reservations with traditional LUNs. Beginning with ONTAP 9.15.1, you can also create a persistent reservation with a vVol. Support for this feature is implemented in ONTAP Tools for VMware vSphere 9. It is only supported in a Windows Server Failover Cluster (WSFC) which is a group of clustered Windows virtual machines.

Security

Update Description

You can create the FPolicy persistent store and automate its volume creation and configuration at the same time using the persistent-store create command.

The enhanced persistent-store create command also allows the use of the autosize-mode parameter, which allows the volume to grow or shrink in size in response to the amount of used space.

NFS over RDMA configurations now support NFSv3.

FPolicy supports the NFS 4.1 protocol.

Protobuf is Google’s language-neutral mechanism for serializing structured data. It is smaller, faster, and simpler compared to XML, which helps improve FPolicy performance.

You can use the protobuf external engine format. When set to protobuf, the notification messages are encoded in binary form using Google Protobuf. Before setting the external engine format to protobuf, ensure that the FPolicy server also supports protobuf deserialization.

ONTAP 9.15.1 provides the initial framework for Dynamic Authorization, which provides enhanced security for management of the ONTAP system by enabling you to assign a security trust score to administrator users and challenge them with additional authorization checks when their activity looks suspicious. You can utilize Dynamic Authorization as part of a data-centric Zero Trust security architecture.

Support for TLS 1.3 for S3 storage, FlexCache, and Cluster Peering encryption

TLS 1.3 has been supported since ONTAP 9.11.1 for management access, but it is now supported in ONTAP 9.15.1 for S3 storage, FlexCache, and Cluster Peering encryption. Some applications, such as FabricPool, Microsoft Azure Page Blobs storage, and SnapMirror Cloud continue to be limited to the use of TLS 1.2 for the 9.15.1 release.

NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, NFS over TLS is not supported for production workloads in ONTAP 9.15.1.

NFS over TLS provides in-transit encryption of data from the storage device to the client. TLS is more recent and more convenient than Kerberos, enabling simpler configuration and administration.

Administrators can create multi-admin verification rules to protect cluster configuration, LUN deletion, system configuration, security configuration for IPsec and SAML, volume snapshot operations, vServer configuration, and other commands.

While the recommended transport of AutoSupport messages to Fujitsu is HTTPS, unencrypted SMTP has also been available. With ONTAP 9.15.1, customers now have the option of using TLS with SMTP. The SMTPS protocol establishes a secure transport channel by encrypting the email traffic as well as the optional email server credentials. Explicit TLS is used and so TLS is activated after the TCP connection is created. If copies of the messages are sent to local email addresses, the same configuration is used.

Storage efficiency

Update Description

Two new counters have been introduced which show only the metadata being used. In addition, several of the existing counters have been adjusted to remove the metadata and display only the user data. Together these changes provide a clearer view of the metrics separated into the the two types of data. Customers can use these counters to implement more accurate chargeback models by discounting metadata from the total and only considering the actual user data.

Storage resource management enhancements

Update Description

When writeback is enabled on the cache volume, write requests are sent to the local cache rather than to the origin volume, providing better performance for edge computing environments and caches with write-heavy workloads.

ONTAP enforces that 5-8% of a volume’s capacity must be free when enabling File System Analytics, mitigating potential performance issues for volumes and File System Analytics.

FlexClone volumes encryption keys

A FlexClone volume is assigned a dedicated encryption key that is independent of the FlexVol volume’s (host) encryption key.

ONTAP System Manager

Update Description

SnapLock vault relationships can be configured using ONTAP System Manager when both the source and destination are running ONTAP 9.15.1 or later.

The information on the ONTAP System Manager dashboard Health, Capacity, Network, and Performance views includes more complete descriptions, including enhancements to the performance metrics that help you identify and troubleshoot latency or performance issues.

Upgrade

Update Description

If LIF migration to the other batch group fails during an automated nondisruptive upgrade, the LIFs are migrated to the HA partner node in the same batch group.

Top of Page