ONTAP 9 is on a new cadence model, which brings a new release every 6 months.
Today, ONTAP 9.3GA is available here!
ONTAP 9.3 was announced at NetApp Insight 2017 in Las Vegas and was covered at a high level by Jeff Baxter in the following blog:
Jeff has a follow-up infographic here:
I also did a brief video summary here:
For info on what GA means, see:
Also, check out the documentation center:
The general theme around ONTAP 9.3 is modernization of the data center. Here’s a high level list of features, with more detail on some of them later in this blog.
- Multifactor authentication (MFA) for cluster admin logins
- NetApp Volume Encryption enhancements (such as offbox key management support)
- SnapLock enhancements
- MongoDB support added to application provisioning
- Simplified data protection flows in System Manager
- Guided cluster setup and expansion
- Adaptive QoS
Performance and efficiency improvements
- Up to 30% performance improvement for specific workloads via WAFL improvements, parallelization and flash optimizations
- Automatic schedules for deduplication
- Backgroup inline aggregate deduplication (AFF only; automatic schedule only)
NetApp FlexGroup volume features
This is covered in more detail in What’s New for NetApp FlexGroup Volumes in ONTAP 9.3?
- Volume autogrow
- SnapVault/Unified SnapMirror
- SMB Change/notify
- QoS Maximums
- Improved automated load balancing logic
Data Fabric additions
- SolidFire to ONTAP SnapMirror
- MetroCluster over IP
Now, let’s look at a few of the features in a bit more detail. If you have things you want covered more, leave a comment.
Multifactor Authentication (MFA)
Traditionally, to log in to an ONTAP system as an admin, all you needed was a username and password and you’d get root-level access to all storage virtual machines in a cluster. If you’re the benevolent storage admin, that’s great! If you’re a hostile actor, great!* (*unless you’re the benevolent storage admin… then, not so great)
ONTAP 9.3 introduces the ability to configure an external Identity Provider (IdP) server to interact with OnCommand System Manager and Unified Manager to require a key to be passed in addition to a username and password. Initial support for IdP will include Microsoft Active Directory Federation Services and Shibboleth.
For the command line, the multifactor portion would be passed by way of SSH keys currently. We cover MFA in the following Tech ONTAP podcast:
SnapLock is a NetApp ONTAP feature that provides data compliance for businesses that need to preserve data for regulatory reasons, such as HIPAA standards (SnapLock compliance) or for internal requirements, such as needing to preserve records (SnapLock enterprise).
ONTAP 9.3 provides a few enhancements to SnapLock, including one that isn’t available from any storage provider currently.
Legal hold is useful in the event that a court has ordered specific documents to be preserved for an ongoing case or investigation. This can be applied to multiple files and remains in effect until you choose to remove it.
Event-based retention allows storage administrators to set protections on data based on defined events, such as an employee leaving the company (to avoid disgruntled deletions), or for insurance use cases (such as death of a policy holder).
Volume append mode is the SnapLock feature I alluded to, where no one else can currently accomplish this. Essentially, it’s for media workloads (audio and video) and will write-protect the portion of the files that have already been streamed and allow appending to those files after they’ve been protected. It’s kind of like having a CD-R on your storage system.
Every release of ONTAP strives to improve performance in some way. ONTAP 9.3 introduces performance enhancements (mostly for SAN)/block via the following changes:
- Read latency reductions via WAFL optimizations for All Flash FAS SAN (block) systems
- Better parallelization for all workloads on mid-range and high-end systems (FAS and AFF) to deliver more throughput/IOPS at lower latencies
- Parallelization of the iSCSI layer to allow iSCSI to use more cores (best results on 20 core or higher systems)
The following graphs show some examples of that performance improvement versus ONTAP 9.2.
Adaptive Quality of Service (QoS)
Adaptive QoS is a way for storage administrators to allow ONTAP to manage the number of IOPS per TB of volume space without the need to intervene. You simply set a service level class and let ONTAP control the rest.
The graphic below shows how it works.
We cover QoS minimums and performance enhancements in the following Tech ONTAP podcast:
MetroCluster over IP
MetroCluster is a way for clusters to operate in a high availability manner over long distances. (hundreds of kilometers) Traditionally, MetroCluster has been done over fiber channel networks due to low latency requirements needed to guarantee writes can be committed to both sites.
However, now that IP networks are getting more robust, ONTAP is able to support MetroCluster over IP, which provides the following benefits:
- Reduced CapEx and OpEx (no more dedicated fiber channel networks, cards, bridges)
- Simplicty of management (use existing IP networks)
The ONTAP 9.3 release is going to be a limited release for this feature, with the following caveats:
- A700, FAS9000 only
- 100km limit
- Dedicated ISL with extended VLAN currently required
- 1 iWARP card per node
We cover MetroCluster over IP in this podcast:
SolidFire to ONTAP SnapMirror
A few years back, the concept of a data fabric (where all of your data can be moved anywhere with the click of a button) was introduced.
That vision continued this year with the inclusion of SnapMirror from SolidFire (and NetApp HCI systems) to ONTAP.
ONTAP 9.3 will allow storage administrators to implement a disaster recovery plan for their SolidFire systems.
This includes the following:
- Baseline and incremental replication using NetApp SnapMirror from SolidFire to ONTAP
- Failover storage to ONTAP for disaster recovery
- Failback storage from ONTAP to SolidFire
- Only for LUNs replicated from SolidFire
- Replication from ONTAP to SolidFire only for failback
That covers a deeper look at some of the new ONTAP 9.3 features. Feel free to comment if you want to learn more about these features, or any not listed in the overview.