NetApp ONTAP is our unified storage operating system for most of the NetApp storage systems and storage services in the cloud. We are excited to announce the latest release, ONTAP 9.14.1, which was unveiled at Insight 2023 last month and is now available as a release candidate (RC). This release brings 88 different enhancements that aim to protect data and operations from disasters, secure data from outside threats, and reduce the total cost of ownership (TCO) for NetApp storage systems. While we won't be able to cover all the enhancements in a single blog, you can get more details in the release notes and documentation. For now, lets cover the highlights and what they mean to you.
Data Protection
Many organizations struggle with ensuring disaster preparedness. Ask most system administrators and they will tell you that DR testing ranks low on their list of enjoyable activities. There are two main reasons, first it takes a long time to run the test and it takes a long time to clean up after the test. ONTAP 9.14.1 helps solve this problem by automating DR Rehearsals and cleanup. With just a single click in ONTAP System Manager, an administrator can initiate a DR test for any volume replicated asynchronously in 9.14.1 Sync and SnapManager-BC. The test will create a FlexClone at a second site so that DR and normal operations are not impacted on the production data. It will then suggest a default mount point or allow the administrator to create a customer mount point. Administrators can then access the mount point to test the recovery. Perhaps more impressive is the one-click clean up. With a single click in System Manager, ONTAP will remove the FlexClone and restore the capacity returning the cluster to the pre-test state. When DR testing is this single-click simple administrators can test more often and have higher confidence in their recoverability.
Another tool for DR is consistency groups (CG). We introduced CGs in ONTAP 9.10.1. They allow for volumes to be grouped and snapshots to be taken across a set of volumes in the CG at the same time. This provides a reliable and consistent recovery point for all volumes in the CG. However, there are times when some volumes in a consistency group need to be snapped consistently with all other volumes but also have a more frequent snapshot schedule. An example of this would be a CG that contains both database volumes and log file volumes. An administrator may want to snapshot the log files more frequently so that when a database is restored a more recent set of logs can be used to roll forward to a known good recovery time. ONTAP 9.14.1 adds the ability to do ad-hoc and higher-frequency snapshots of volumes within a consistency group. In our example above a CG containing a database volume and a log volume may snapshot every hour while the log volume also snapshots every 5 minutes. When recovery is required, the database might be as much as 59 minutes old but the log file volumes would be current up to at most 4 minutes and 59 seconds allowing for a much greater recovery point. While the same thing could be accomplished by doing more frequent snapshots at the CG level, this approach reduces potential space inefficiencies and risk of downtime from quiescing the database, improving overall database availability.
The bottom line is that ONTAP 9.14.1 enhances overall DR by making it easier and more common for administrators to do DR tests and by providing more granular recovery points with less waste and a lower risk of disruption.
Security
NetApp storage powered by ONTAP is the most secure enterprise storage on the market. We are constantly innovating new ways to better protect customer data from threats and bad actors. In ONTAP 9.14.1 we offer two critical enhancements to support our most secure standing.
Object locking for S3 volumes has been available since ONTAP 9.8. This feature is useful in many domains but particularly useful for backup applications that want to use these locking features to protect backup data from things like ransomware. In ONTAP 9.14.1 we provide an S3 Object Lock API to allow for applications such as backup applications to create a new object at the start of a backup process and then lock the object when the backup is done, securing the object and the backup data contained within from ransomware. Many customers leverage NetApp, especially the FAS and AFF C-Series for backup applications. This new enhancement provides a new layer to make backup data even more secure.
Speaking of APIs, automation through APIs can create a security risk when credential and password data is stored in clear text as part of automation or a script (I’m looking at you Ansible). A better way to automate while ensuring security is the use of tokens. The OAuth framework provides just such a function and ONTAP 9.14.1 now supports the OAuth 2.0 framework to meet that need. Now scripts and automation processes can use a token rather than storing passwords in clear text. Setup is easy in System Manager and management of tokens can be done via APIs or through System Manager. This provides yet another layer of security as you can now manage or revoke tokens for automation processes you no longer want to allow.
The bottom line is that ONTAP, already a leader in securing enterprise data is now more secure with better protection of secondary data and better protection of credentials than alternatives.
Efficiency
At NetApp, we are always keeping the customer’s costs in mind. Introducing platforms like our AFF C-Series and ASA C-Series families which provide greater density for greater sustainability and lower TCO. In the ONTAP software, we look for ways to operate the storage more efficiently and have added several key enhancements in 9.14.1 that do just that.
First, you’re probably familiar with our FabricPool capability which we introduced in ONTAP 9.8. Data over its life goes from hot to cold. When it is hot, you want it on the most performant storage. When it is cold, you want it on lower-cost storage. FabricPool does just that, keeping hot data on performant storage and moving cold data to a cloud tier of object storage. When doing so, directory structures and metadata are maintained on the performance tier so that browsing and searching are still as fast as ever. The tiering is all based on a set of simple policies. But what happens when you know a set of data is low priority? Perhaps you’re migrating data from another system. You want it to land on the system, but you don’t want to take up performance storage. ONTAP 9.14.1 introduces a new feature for FabricPool called cloud write bypass. This allows cold data to bypass the hot tier and go directly to the cloud tier. Even though the data is never stored on the performance tier, file system and metadata are retained on the performance tier, ensuring efficient browsing, and search.
Another common situation for data tiering is running out of performance space because tiering isn’t aggressive enough. ONTAP 9.14.1 automatically increases the priority of tiering when space on the performance tier is close to running. When tiering is more aggressive, data that might have previously been kept on the performance tier is moved to the cloud tier freeing up space on the performance tier reducing an out-of-space risk.
When we initially designed FabricPool we did so with the public cloud in mind as the destination. As most people know, it's cheap to send data to the cloud but costly to move data from the cloud (egress charges). As a result, our design minimized the amount of reads from the cloud. For example, if a 4K block for a file was requested, just that block was pulled. This often meant that associated blocks such as the rest of the 4K blocks that made up a full file would be left behind and additional read requests would need to be made. In other words, we optimized to reduce cost over higher performance. However, FabricPool architectures have evolved, and many customers use an on-prem object storage tier such as ONTAP S3 or StorageGRID for their object storage tier. In ONTAP 9.14.1, FabricPool can now be set to on-prem mode when using ONTAP S3, Cloud Volumes ONTAP (CVO) or StorageGRID as the object tier. This mode fetches groups of related blocks, such as all blocks for a single file or groups of files accessed together, improving performance for file access. Performance tests have shown significant improvements, with single-file read performance increasing by 500% and multi-file read performance jumping by 85%.
Finally, a key cost optimization for ONTAP, in general, is simplicity, whether that’s the simplicity of management with a single set of storage services across a vast and varied family of storage systems or simplicity of management through automation enabling APIs and intuitive GUIs. ONTAP supports object tagging in the API to help with cluster and volume identification. In ONTAP 9.14.1 we are bringing object tagging into the System Manager GUI. Administrators who don’t use object tags often have to find creative ways to identify objects like volumes or clusters. For example, some administrators have taken to using naming schemes for their volumes and their clusters to identify the owner, the application, or the type of data in the volume or cluster. Object tagging lets administrators use metadata to take the place of the naming schemes they had previously used. ONTAP 9.14.1 now supports object tagging from System Manager, allowing you to apply metadata tags to volumes or clusters from the management GUI. These tags can represent application names, owners, or data types, eliminating the need to encode such information in volume names. Object tagging also enables automation, making it easier to perform tasks based on specific metadata tags, such as generating capacity reports for Oracle volumes or snapshotting critical volumes.
The bottom line is that ONTAP 9.14.1 gives administrators greater control of how their storage systems work and greater tools to automate and optimize operations leading to greater efficiency overall.
These are just a few of the highlights from the ONTAP 9.14.1 release. We encourage you to explore the release notes for a deeper dive into all the enhancements and their benefits. With this latest release, we continue to strengthen data protection, enhance security, and improve storage efficiency, empowering you to make the most of your NetApp storage systems. To learn more about the 9.14.1 release, see the release notes and documentation. For access to the latest release candidate, join us at support.netapp.com.
