ONTAP® 9

Release Notes

March 2019 | 215-11139_A0_UR032 doccomments@netapp.com

Updated for ONTAP 9.5

Table of Contents | 3

Contents

ONTAP 9 Release Notes ...... 11 Changes introduced since ONTAP 9 ...... 12 Changes in ONTAP 9.5 ...... 12 Changes in ONTAP 9.4 ...... 13 Changes in ONTAP 9.3 ...... 15 Changes in ONTAP 9.2 ...... 16 Changes in ONTAP 9.1 ...... 18 Changes in ONTAP 9.0 ...... 20 New and changed features in the ONTAP 9 release family ...... 24 Antivirus enhancements ...... 24 Support for Vscan on-demand scanning ...... 24 Support for FQDN configuration of Vscan servers ...... 24 API updates ...... 24 Support for REST APIs ...... 24 API support for ONTAP 9 automation ...... 25 CLI (command-line interface) updates ...... 25 Data protection enhancements ...... 26 Updated guidance on load-sharing mirrors ...... 26 MirrorAndVault is the new default policy for some SnapMirror relationships ...... 26 Enhanced support for resynchronization of SLC volumes ...... 26 Support for SnapMirror Synchronous technology ...... 26 Feature enhancements to DPO systems ...... 27 Support for increased number of Snapshot copies in ONTAP 9.4 ...... 27 XDP replaces DP as the SVM replication default in ONTAP 9.4 ...... 27 SVM replication support for fan-out deployments in ONTAP 9.4 ...... 28 Support for Volume Append Mode ...... 28 Support for Legal Hold feature ...... 28 Support for Event Based Retention feature ...... 28 Support for configuring a data protection relationship in a single step ...... 29 XDP replaces DP as the SnapMirror default in ONTAP 9.3 ...... 29 Support for simplified cluster and SVM peering ...... 30 Support for volume protection ...... 31 Support for Replication between SolidFire Element OS and ONTAP ...... 31 Support for breaking protection relationships between ONTAP and SolidFire systems ...... 31 Support for SVM unified replication ...... 31 Support for encryption of data at rest ...... 31 Support for encryption-free ONTAP ...... 32 Data Protection Optimized (DPO) systems available for target storage ...... 33 Support for local copies on the SnapMirror destination ...... 33 4 | Release Notes

Support for triple parity RAID protection ...... 33 Support for SnapLock technology ...... 34 Support for cloning data protection volumes ...... 34 Support for excluding volumes from replication ...... 35 Support for excluding LIFs from replication ...... 35 Support for converting volume-level SnapMirror relationships to an SVM disaster recovery relationship ...... 35 Support for using a SnapMirror license to enable SnapVault ...... 35 Supported naming conventions for Snapshot copies ...... 35 Expiry time for Snapshot copies ...... 35 Support for NDMP extension ...... 35 Support for intercluster SVM peer relationships between SVMs with the same name ...... 36 Support for SnapMirror and SnapVault global throttling ...... 36 Support for secondary SnapVault Snapshot copies ...... 36 Support for renaming SnapVault Snapshot copies ...... 36 Support for all SnapMirror and SnapVault cascade configurations ...... 37 File access protocol enhancements ...... 37 LDAP referral chasing ...... 37 4-byte UTF-8 encoded characters ...... 37 Windows machine accounts can now be mapped to non-default users ...... 37 Enhanced support for SMB protocols ...... 37 Support for name service caching ...... 39 Export policy configuration checker ...... 39 Domain controller discovery options for improving performance ...... 39 Support for NFS security tracing ...... 39 SMB 2.0 support for domain controller connections ...... 40 Support for new SMB auditing events ...... 40 NFS clients enabled to view exports of SVMs ...... 40 Ability to report widelinks as reparse points based on SMB version ...... 40 Ability to display effective permissions for Windows or UNIX users ...... 40 Name service configuration checker ...... 40 Support for specifying hostnames in LDAP and NIS configurations ...... 41 Changes to NetBios name service (NBNS) support ...... 41 Support for CIFS server in workgroup mode ...... 41 Enhancements for Kerberos 5 ...... 41 Support for LDAP signing and sealing ...... 42 LDAP support for SHA2 hashed passwords ...... 42 Multiple client match specifications in NFS export rules ...... 42 NFS export access cache enhancements ...... 42 FPolicy enhancements ...... 42 Support for new CIFS auditing events ...... 43 Support for managing shares using Microsoft Management Console ...... 43 FlexArray Virtualization (V-Series) enhancements ...... 44 Support for 16 TB array LUNs ...... 44 Table of Contents | 5

FlexArray Virtualization resiliency enhancements ...... 44 Support for E-series direct attached storage in FlexArray stretch MetroCluster configurations ...... 44 Support for shared initiator ports and target ports for FlexArray MetroCluster configurations ...... 44 Hardware support updates ...... 45 Adapters supported on FAS and AFF systems ...... 45 Support for the X190100 or X190100R 100 GbE switch ...... 45 Disk auto-assignment changes for AFF systems ...... 45 Support for new FAS and AFF platforms ...... 46 Support for automatic Interoperability Matrix update notifications ...... 46 Support for the Baseboard Management Controller in the AFF A700s ...... 46 Support for increasing the maximum SAN cluster size to 12 nodes ...... 47 Support for DS460C, DS224C, and DS212C disk shelves ...... 47 ACP cabling for disk shelves no longer needed ...... 47 Manageability enhancements ...... 47 Support for new volume replication policies ...... 47 Support for SVM DR ...... 47 NVMe multipath support ...... 48 Public SSL certificate authentication ...... 48 MAX Data applications list ...... 48 FlexCache support in OnCommand System Manager ...... 48 System Manager support for NVMe subsystems and namespaces ...... 48 Support for creating aggregates based on storage recommendations ...... 48 Enhancements to FabricPool-enabled aggregates ...... 48 Support for SMB multichannel protocol ...... 49 Support for direct image upload ...... 49 Enhancements to FlexGroup volumes ...... 49 Support for updating single-node clusters disruptively ...... 49 Support for configuring Snapshot copies ...... 49 Support for provisioning an SVM by using a preconfigured template ...... 49 Support for Storage QoS ...... 50 Application Aware Data Management and Balanced Placement ...... 51 Enhancement of cluster switch health monitor to detect cluster switch reboot ...... 51 Inline Aggregate-level Data Deduplication enabled by default in AFF systems ...... 51 Support for capacity based license ...... 51 Support for Cluster Expansion ...... 52 Support for automatic switchless-cluster detection ...... 52 Unified Manager 7.2 integrates Performance Manager functionality ...... 52 Max aggregate size increase ...... 52 Support for encrypting volumes ...... 52 Support for root-data partitioning enhancements ...... 52 Enhancements to the System Manager cluster dashboard ...... 53 6 | Release Notes

Support for cluster setup ...... 53 Support for most active files or clients functionality ...... 53 FIPS 140-2 support for cluster-wide control plane web service interfaces ... 53 Changes in audit configuration operation ...... 54 Support for SHA-2 password hash function ...... 54 Password security enhancements ...... 54 Enhanced audit logging ...... 55 Support for Unicode characters in qtree names ...... 55 Changes in EMS configuration operation ...... 55 Support for Storage Encryption onboard key management ...... 55 Support for cache-retention policies on Flash Pool aggregates ...... 56 Support for headroom functionality ...... 56 Support for performance monitoring ...... 56 Support for OnDemand ASUP ...... 56 Modified GUI and navigation ...... 57 MetroCluster configuration enhancements ...... 57 MetroCluster FC configuration support for Brocade and Cisco switches ..... 57 MetroCluster IP configuration support for Cisco switches ...... 57 MetroCluster configuration support for ONTAP features ...... 57 New MetroCluster features ...... 58 MetroCluster IP configuration platform support ...... 59 Networking and security protocol enhancements ...... 59 SAN enhancements ...... 61 LUN resizing limitation removed in ONTAP 9.5 ...... 61 Support for NVMe protocol ...... 61 Support for iSCSI Endpoint Isolation ...... 62 Support for Foreign LUN Import (FLI) with AFF ...... 62 Support for Foreign LUN Import (FLI) Interoperability Matrix (IMT) ...... 62 Support for simplified SAN AFF provisioning templates ...... 62 Support for increasing the maximum SAN cluster size to 12 nodes ...... 62 Gigabit Ethernet connectivity link speed is autoconfigured for FAS2552 and FAS2554 systems ...... 63 ODX LUN copy is now supported between clusters ...... 63 iSCSI target support for an FQDN response ...... 63 Storage resource management enhancements ...... 63 Support for MAX Data 1.1 ...... 63 Support for FlexCache volumes ...... 64 FlexGroup eligible aggregates ...... 64 Enhancements for FabricPool functionality ...... 64 Support for fast zeroing of drives ...... 65 Support for FlexGroup volumes ...... 65 Support for auto-provisioning aggregates ...... 67 Support for storage tiers by using FabricPool ...... 67 Support for data compaction ...... 68 Support for automated SAN and NAS storage provisioning ...... 68 Table of Contents | 7

Support for volume-level user and group IDs (UIDs and GIDs) in FlexClone volumes ...... 69 Support for relocating root volumes to new aggregates ...... 69 Support for rehosting a volume from one SVM to another SVM ...... 70 Supported security styles for Infinite Volumes ...... 70 Storage efficiency enhancements ...... 70 Enhanced Storage Efficiency reporting ...... 70 Support for Automatic Background Deduplication on AFF systems ...... 70 Support for cross volume deduplication on AFF systems ...... 70 Support for inline storage efficiency enablement on AFF systems ...... 71 Storage efficiency visualization changes in the CLI ...... 71 Transition enhancements ...... 72 Support for transitioning SnapLock volumes ...... 72 Support for transitioning a disaster recovery relationship between vFiler units ...... 72 Support for transitioning peering networks from IPv4 to IPv6 ...... 72 Upgrade enhancements ...... 72 Support for direct ONTAP software image upload ...... 72 Support for automated non-disruptive upgrade for MetroCluster configurations ...... 72 Enhancements for cluster join and unjoin ...... 73 Support for additional upgrade, downgrade, and revert paths ...... 73 Support for installing ONTAP software and firmware from an external USB mass storage device ...... 73 Expanded support for automated nondisruptive upgrades ...... 74 EMS Upgrade Requirements ...... 74 Fixed issues in OnCommand System Manager ...... 75 Unsupported features for ONTAP 9 ...... 76 Requirements for running ONTAP 9 ...... 81 Supported systems and cluster configurations ...... 81 Cluster network and management network switch compatibility requirements ...... 81 FlexArray Virtualization (V-Series) interoperability and limits information ...... 82 Browser requirements for running OnCommand System Manager ...... 82 Important cautions ...... 84 Upgrade cautions ...... 84 SSH connections fail after upgrade to ONTAP 9.3 if HMAC algorithms not removed prior to upgrade ...... 84 Fast path routes disabled after upgrade to ONTAP 9.2 and later ...... 84 NFS client outage might occur after upgrading to ONTAP 9.2 or later ...... 84 An additional reboot might be required after upgrading to ONTAP 9.2 or later ...... 85 Data transfers might be queued on lower memory platforms after upgrade to ONTAP 9.2 ...... 85 Upgrade to ONTAP 9.2 fails on systems with unicode directories greater than 2MB in root volume ...... 85 8 | Release Notes

Some mixed-mode environments impact the smb1-enabled option ...... 86 'smb1-enabled' option resets to 'true' when a node upgrades to or reverts from ONTAP 9.2 ...... 86 LDAP clients using SSL must be reconfigured for TLS before upgrading to ONTAP 9 ...... 86 LDAP parameters empty after upgrade to ONTAP 9.2 ...... 86 Change in audit logging after upgrade ...... 87 An incorrect license error message is displayed while creating a vault relationship or a mirror and vault relationship by using OnCommand System Manager ...... 87 Revert and downgrade cautions ...... 87 Reverting to ONTAP 9.2 or earlier not supported for fast-zeroed drives ...... 87 Revert requirements for FabricPool ...... 88 Downgrade or revert not supported for SnapLock volumes ...... 89 Requirement to revert password hash function to a release before ONTAP 9 ...... 89 Known problems and limitations ...... 90 7-Mode transition issues ...... 90 7-Mode to ONTAP transition process leads to controller disruption ...... 90 Command-line interface issues ...... 90 Nodeshell commands ifgrp timer and cmvfiler_run are incorrectly marked as deprecated ...... 90 ONTAP Disk Qualification Package does not update after running the storage firmware download command ...... 90 Data protection issues ...... 91 Initialization of SVM DR relationship converted to XDP fails if you specify DP ...... 91 SnapMirror enable-storage-efficiency parameter disabled ...... 91 Cannot resize data protection volumes ...... 91 SVMs are not created correctly if subnet name includes special characters ...... 91 No warning message displayed when hash store path is modified ...... 91 OnCommand System Manager enables setting up the unsupported policy type for vault relationship with SnapLock destination ...... 92 File access and protocols issues ...... 92 The statistics show command for the cifs_client counter object cannot filter instances that have the "?" character in the fingerprint ...... 92 Restores might fail on CIFS servers with SnapManager for Hyper-V ...... 92 HA pair issues ...... 92 Auto giveback process defers when the giveback time expires ...... 92 Infinite Volume issues ...... 93 OnCommand Workflow Automation workflows for Infinite Volumes require Windows operating system ...... 93 Writes to Infinite Volumes fail due to lack of space when the df command shows free space ...... 93 Table of Contents | 9

Operation for moving constituents fails to restart after a node reboots ...... 93 OnCommand Workflow Automation requires RAID-DP aggregates for namespace constituents of Infinite Volumes ...... 93 Management interface issues ...... 94 Unexpected application impacts after resizing application volumes and LUNs ...... 94 SP and BMC remote management devices on multiple FAS and AFF systems can be affected by high network load ...... 94 SnapMirror relationship might cause application deletion failure ...... 94 FQDN character interoperability limit ...... 95 AutoSupport messages for system health alerts might include an incorrect subject when in mixed-version state ...... 95 Modifying the default value of the IP addresses that are allowed to access the SP can impact certain SP functionality ...... 95 MetroCluster configuration issues ...... 95 Solaris host panic after a storage failover operation ...... 95 Stale entry in the storage bridge show command ...... 95 MetroCluster switchback fails when the maximum configuration limit for QoS policy groups is exceeded ...... 96 Networking issues ...... 96 Cluster peering in ONTAP 9.5 requires PSK cipher suites for TLS ...... 96 Converting 40GbE NIC ports into multiple 10GbE ports for 10GbE connectivity ...... 96 New limits for IPspaces ...... 97 Other System Manager issues ...... 97 Aggregate create and add capacity operations are blocked from OnCommand System Manager on nodes with low hot spares ...... 97 System Manager does not refresh the licenses page automatically after modifying licenses from another session ...... 97 Incorrect network configuration or bad network connectivity can cause the create protection relationship operation to fail ...... 97 Export Configuration file in Cluster Setup cannot be downloaded if you are using Internet Explorer 11 in Windows Server 2012 R2 ...... 98 Unable to read the cluster setup configuration template file containing non-ASCII characters, when edited and saved as CSV, using Microsoft Excel software ...... 98 Users with read-only privileges are able to delete admin user or change password for admin using System Manager in IE browser ...... 98 Discrepancy in the physical used space shown in the dashboard and the used space shown in the aggregate inventory page ...... 98 OnCommand System Manager is unable to peer between ONTAP 9 and Data ONTAP 8.3.2 ...... 99 Incorrect SVM peer state displayed for clusters running mixed versions of ONTAP software ...... 99 SAN administration issues ...... 99 10 | Release Notes

Storage LUNs/paths not accessible by the host with Cisco Nexus 5000/6000 running NX-OS versions 7.1(3)N1(1) to 7.1(3)N1(4) ...... 99 Limitation of LUN resizing support ...... 100 Storage resource management issues ...... 100 Issue with volume flexcache origin cleanup-cache-relationship command ...... 100 Performance impact on FlexGroup volumes if SMB/CIFS change notification is enabled ...... 100 Storage SLC and size of second redo log component is applied to both mirrored redo log components of Oracle RAC applications ...... 100 Resizing a FlexGroup volume fails ...... 101 ONTAP Select system on ESXi can panic when datastore is full or unreachable ...... 101 LUN path characters are truncated to 252 characters ...... 101 FlexCache volume limitations ...... 101 Changes to published documentation ...... 102 AltaVault product now called Cloud Backup ...... 102 Compatible ONTAP versions for SnapMirror relationships ...... 102 Updated route command syntax in Command Map for 7-Mode Administrators ... 102 New Power Guides ...... 102 New Upgrade Express Guide ...... 103 New Concepts Guide ...... 103 ONTAP platform mixing rules now included in Hardware Universe ...... 104 Scope and title changes in the ONTAP library ...... 104 Where to find product documentation and other information ...... 107 Copyright ...... 108 Trademark ...... 109 How to send comments about documentation and receive update notifications ...... 110 11

ONTAP 9 Release Notes

These release notes describe new features, enhancements, and known issues for this release, as well as additional information related to running this release on specific storage systems.

About this ONTAP release For a complete list of functionality changes and unsupported features in this release, see the following sections: • New and changed features in the ONTAP 9 release family on page 24 • Unsupported features for ONTAP 9 on page 76

About these release notes These release notes apply to all of ONTAP 9, including ONTAP 9.0, ONTAP 9.1, ONTAP 9.2, ONTAP 9.3, ONTAP 9.4, and ONTAP 9.5. It is a best practice for all ONTAP or System Manager users to review these release notes. • If ONTAP software is already running on clusters in your environment, you should familiarize yourself with relevant topics before upgrading to ONTAP 9. • If this is the first deployment of systems that are running ONTAP software in your environment, you should also see the ONTAP 9 Documentation Center for this release to view all the available documentation. Beginning with ONTAP 9.5, new features notices are being reorganized for a more consistent and concise presentation within functionality areas. Look for additional changes in the next few updates.

About ONTAP 9 documentation The ONTAP 9 documentation library is cumulative for all ONTAP 9 releases, including all features and updates as of the current release. Where appropriate, changes are noted in individual topics.

About Cloud Volumes ONTAP Cloud Volumes ONTAP is a software-only storage appliance that runs ONTAP software. It provides secure, proven NFS, CIFS, and iSCSI data management for the cloud. For more information about Cloud Volumes ONTAP, see the Cloud Volumes ONTAP Resources page. NetApp Cloud Volumes ONTAP and Cloud Manager Resources

About ONTAP Select ONTAP Select enables you to deploy ONTAP software on your choice of commodity hardware to deliver enterprise-class storage services with cloudlike agility. NetApp ONTAP Select Resources

Related information ONTAP 9 Documentation Center Upgrade, revert, or downgrade 12

Changes introduced since ONTAP 9

There have been a number of changes for this release, including new and changed features and new limitations. • If you are new to the ONTAP 9 release family, go directly to New and changed features in the ONTAP 9 release family on page 24. • All ONTAP releases include bug fixes. For more information, including a list of bugs fixed in different releases, see Bugs Online on the NetApp Support Site at mysupport.netapp.com/NOW/cgi-bin/bol.

Changes in ONTAP 9.5 The ONTAP 9.5 release includes support for hardware enhancements, software enhancements, and bug fixes.

New and changed features This release includes the following new and changed features: Data protection enhancements on page 26 • MirrorAndVault is the new default policy for some SnapMirror relationships on page 26 • Enhanced support for resynchronization of SLC volumes on page 26 • Support for SnapMirror Synchronous technology on page 26 File access protocol enhancements on page 37 • LDAP referral chasing on page 37 • 4-byte UTF-8 encoded characters on page 37 • Windows machine accounts can now be mapped to non-default users on page 37 Manageability enhancements on page 47 • Support for new volume replication policies on page 47 • Support for SVM DR on page 47 • NVMe multipath support on page 48 • Public SSL certificate authentication on page 48 • MAX Data applications list on page 48 • FlexCache support in OnCommand System Manager on page 48 • System Manager support for NVMe subsystems and namespaces on page 48 MetroCluster configuration enhancements on page 57 • MetroCluster configuration support for ONTAP features on page 57 • New MetroCluster features on page 58 • MetroCluster IP configuration platform support on page 59 Changes introduced since ONTAP 9 | 13

Networking and security protocol enhancements on page 59 Storage resource management enhancements on page 63 • Support for MAX Data 1.1 on page 63 • Enhancements for FabricPool functionality on page 64 • Support for FlexCache volumes on page 64 • Enhancements to FlexGroup volumes in ONTAP 9.5 on page 66 • FlexGroup eligible aggregates on page 64

New known problem and limitation There is a new known issue in this release: 7-Mode transition issues on page 90 • 7-Mode to ONTAP transition process leads to controller disruption on page 90 Storage resource management issues on page 100 • Issue with volume flexcache origin cleanup-cache-relationship command on page 100

New changes to published documentation There are changes to the published documentation. Scope and title changes in the ONTAP library on page 104

Changes in ONTAP 9.4 The ONTAP 9.4 release includes support for hardware enhancements, software enhancements, and bug fixes.

New and changed features This release includes the following new and changed features: API updates on page 24 • Support for REST APIs on page 24 Data protection enhancements on page 26 • Feature enhancements to DPO systems on page 27

• Support for increased number of Snapshot copies in ONTAP 9.4 on page 27 • XDP replaces DP as the SVM replication default in ONTAP 9.4 on page 27 • SVM replication support for fan-out deployments in ONTAP 9.4 on page 28 • Support for encryption-free ONTAP on page 32 File access protocol enhancements on page 37 • Enhanced support for SMB protocols on page 37 Hardware support updates on page 45 • Adapters supported on FAS and AFF systems on page 45 14 | Release Notes

• Support for the X190100 or X190100R 100 GbE switch on page 45 Manageability enhancements on page 47 • Support for creating aggregates based on storage recommendations on page 48 • Enhancements to FabricPool-enabled aggregates on page 48 • Support for SMB multichannel protocol on page 49 • Support for direct image upload on page 49 • Enhancements to FlexGroup volumes on page 49 • Support for updating single-node clusters disruptively on page 49 • Support for configuring Snapshot copies on page 49 MetroCluster configuration enhancements on page 57 • MetroCluster FC configuration support for Brocade and Cisco switches on page 57 • MetroCluster IP configuration support for Cisco switches on page 57 • MetroCluster IP configuration platform support on page 59 Networking and security protocol enhancements on page 59 SAN enhancements on page 61 • Support for NVMe protocol on page 61 Storage resource management enhancements on page 63 • Enhancements for FabricPool functionality on page 64 • Support for fast zeroing of drives on page 65 • Enhancements to FlexGroup volumes in ONTAP 9.4 on page 66 Storage efficiency enhancements on page 70 • Enhanced Storage Efficiency reporting on page 70 Upgrade enhancements on page 72 • Support for automated non-disruptive upgrade for MetroCluster configurations on page 72 • Support for direct ONTAP software image upload on page 72

Important Cautions There is a new caution in this release: Revert and downgrade cautions on page 87 • Reverting to ONTAP 9.2 or earlier not supported for fast-zeroed drives on page 87

New known problems and limitations There are new known issues in this release: Command-line interface issues on page 90 • ONTAP Disk Qualification Package does not update after running the storage firmware download command on page 90 Data protection issues on page 91 Changes introduced since ONTAP 9 | 15

• Initialization of SVM DR relationship converted to XDP fails if you specify DP on page 91 MetroCluster configuration issues on page 95 • Solaris host panic after a storage failover operation on page 95 SAN administration issues on page 99 • Storage LUNs/paths not accessible by the host with Cisco Nexus 5000/6000 running NX-OS versions 7.1(3)N1(1) to 7.1(3)N1(4) on page 99 Storage resource management issues on page 100 • Performance impact on FlexGroup volumes if SMB/CIFS change notification is enabled on page 100

New changes to published documentation There are changes to the published documentation. Scope and title changes in the ONTAP library on page 104

Changes in ONTAP 9.3 The ONTAP 9.3 release includes support for hardware enhancements, software enhancements, and bug fixes.

New and changed features This release includes the following new and changed features: Data protection enhancements on page 26 • Support for Volume Append Mode on page 28 • Support for Legal Hold feature on page 28 • Support for Event Based Retention feature on page 28 • Support for configuring a data protection relationship in a single step on page 29 • XDP replaces DP as the SnapMirror default in ONTAP 9.3 on page 29 • Support for simplified cluster and SVM peering on page 30 • Support for volume protection on page 31 • Support for Replication between SolidFire Element OS and ONTAP on page 31

• Support for breaking protection relationships between ONTAP and SolidFire systems on page 31 File access protocol enhancements on page 37 • Support for name service caching on page 39 • Export policy configuration checker on page 39 • Domain controller discovery options for improving performance on page 39 • Support for NFS security tracing on page 39 • Enhanced support for SMB protocols on page 37 16 | Release Notes

Hardware support updates on page 45 • Adapters supported on FAS and AFF systems on page 45 Manageability enhancements on page 47 • Support for provisioning an SVM by using a preconfigured template on page 49 MetroCluster configuration enhancements on page 57 • MetroCluster FC configuration support for Brocade and Cisco switches on page 57 • MetroCluster IP configuration support for Cisco switches on page 57 • MetroCluster IP configuration platform support on page 59 Networking and security protocol enhancements on page 59 Storage resource management enhancements on page 63 • Enhancements to FlexGroup volumes in ONTAP 9.3 on page 66 Storage efficiency enhancements on page 70 • Support for Automatic Background Deduplication on AFF systems on page 70 • Support for cross volume deduplication on AFF systems on page 70 Upgrade enhancements on page 72 • Enhancements for cluster join and unjoin on page 73 • Support for additional upgrade, downgrade, and revert paths on page 73

New known problems and limitations There are new known issues in this release: Storage resource management issues on page 100 • Resizing a FlexGroup volume fails on page 101 • ONTAP Select system on ESXi can panic when datastore is full or unreachable on page 101

New changes to published documentation There are changes to the published documentation. Scope and title changes in the ONTAP library on page 104

Changes in ONTAP 9.2 The ONTAP 9.2 release includes support for hardware enhancements, software enhancements, and bug fixes.

New and changed features This release includes the following new and changed features: File access protocol enhancements on page 37 • SMB 2.0 support for domain controller connections on page 40 • Support for new SMB auditing events on page 40 Changes introduced since ONTAP 9 | 17

• Enhanced support for SMB protocols on page 37 • NFS clients enabled to view exports of SVMs on page 40 • Ability to report widelinks as reparse points based on SMB version on page 40 • Ability to display effective permissions for Windows or UNIX users on page 40 • Name service configuration checker on page 40 • Support for specifying hostnames in LDAP and NIS configurations on page 41 Hardware support updates on page 45 • Disk auto-assignment changes for AFF systems on page 45 Manageability enhancements on page 47 • Application Aware Data Management and Balanced Placement on page 51 • Enhancement of cluster switch health monitor to detect cluster switch reboot on page 51 • Inline Aggregate-level Data Deduplication enabled by default in AFF systems on page 51 • Support for capacity based license on page 51 • Support for Cluster Expansion on page 52 • Support for automatic switchless-cluster detection on page 52 • Unified Manager 7.2 integrates Performance Manager functionality on page 52 • Max aggregate size increase on page 52 • Support for encrypting volumes on page 52 • Support for root-data partitioning enhancements on page 52 MetroCluster configuration enhancements on page 57 • MetroCluster FC configuration support for Brocade and Cisco switches on page 57 • MetroCluster configuration support for ONTAP features on page 57 • New MetroCluster features on page 58 Networking and security protocol enhancements on page 59 SAN enhancements on page 61 • Support for iSCSI Endpoint Isolation on page 62

Storage resource management enhancements on page 63 • Support for auto-provisioning aggregates on page 67 • Support for storage tiers by using FabricPool on page 67 Storage efficiency enhancements on page 70 • Support for inline storage efficiency enablement on AFF systems on page 71 • Storage efficiency visualization changes in the CLI on page 71

New Cautions There is a new caution in this release: 18 | Release Notes

Upgrade cautions on page 84 • NFS client outage might occur after upgrading to ONTAP 9.2 or later on page 84 • An additional reboot might be required after upgrading to ONTAP 9.2 or later on page 85 • LDAP parameters empty after upgrade to ONTAP 9.2 on page 86 Revert and downgrade cautions on page 87 • Revert requirements for FabricPool on page 88

New known problems and limitations There are new known issues in this release: Management interface issues on page 94 • Unexpected application impacts after resizing application volumes and LUNs on page 94 • SnapMirror relationship might cause application deletion failure on page 94 • FQDN character interoperability limit on page 95 Other System Manager issues on page 97 • System Manager does not refresh the licenses page automatically after modifying licenses from another session on page 97 • Incorrect network configuration or bad network connectivity can cause the create protection relationship operation to fail on page 97 • Export Configuration file in Cluster Setup cannot be downloaded if you are using Internet Explorer 11 in Windows Server 2012 R2 on page 98

New changes to published documentation There are changes to the published documentation. Scope and title changes in the ONTAP library on page 104

Changes in ONTAP 9.1 The ONTAP 9.1 release includes support for hardware enhancements, software enhancements, and bug fixes.

New and changed features This release includes the following new and changed features: Data protection enhancements on page 26 • Support for encryption of data at rest on page 31 • Data Protection Optimized (DPO) systems available for target storage on page 33 • Support for SnapLock technology on page 34 File access protocol enhancements on page 37 • Changes to NetBios name service (NBNS) support on page 41 • SMB 2.0 support for domain controller connections on page 40 Changes introduced since ONTAP 9 | 19

Hardware support updates on page 45 • Adapters supported on FAS and AFF systems on page 45 • Support for new FAS and AFF platforms on page 46 • Support for automatic Interoperability Matrix update notifications on page 46 • Support for increasing the maximum SAN cluster size to 12 nodes on page 47 • Support for DS460C, DS224C, and DS212C disk shelves on page 47 Manageability enhancements on page 47 • Enhancements to the System Manager cluster dashboard on page 53 • Support for cluster setup on page 53 • Support for most active files or clients functionality on page 53 MetroCluster configuration enhancements on page 57 • New MetroCluster features on page 58 Networking and security protocol enhancements on page 59 SAN enhancements on page 61 • Support for Foreign LUN Import (FLI) Interoperability Matrix (IMT) on page 62 • Support for Foreign LUN Import (FLI) with AFF on page 62 • Support for simplified SAN AFF provisioning templates on page 62 Storage resource management enhancements on page 63 • Support for FlexGroup volumes on page 65 Upgrade enhancements on page 72 • Support for installing ONTAP software and firmware from an external USB mass storage device on page 73

New Cautions There is a new caution in this release: Revert and downgrade cautions on page 87 • Downgrade or revert not supported for SnapLock volumes on page 89

New known problems and limitations There are new known issues in this release: Command-line interface issues on page 90 • Nodeshell commands ifgrp timer and cmvfiler_run are incorrectly marked as deprecated on page 90 MetroCluster configuration issues on page 95 • Stale entry in the storage bridge show command on page 95 Networking issues on page 96 • Converting 40GbE NIC ports into multiple 10GbE ports for 10GbE connectivity on page 96 20 | Release Notes

Other System Manager issues on page 97 • Unable to read the cluster setup configuration template file containing non-ASCII characters, when edited and saved as CSV, using Microsoft Excel software on page 98 • Users with read-only privileges are able to delete admin user or change password for admin using System Manager in IE browser on page 98

Changes in ONTAP 9.0 The ONTAP 9.0 release includes support for hardware enhancements, software enhancements, and bug fixes.

New and changed features This release includes the following new and changed features: Antivirus enhancements on page 24 • Support for Vscan on-demand scanning on page 24 • Support for FQDN configuration of Vscan servers on page 24 Data protection enhancements on page 26 • Support for triple parity RAID protection on page 33 • Support for SnapLock technology on page 34 • Support for cloning data protection volumes on page 34 • Support for excluding volumes from replication on page 35 • Support for excluding LIFs from replication on page 35 • Support for converting volume-level SnapMirror relationships to an SVM disaster recovery relationship on page 35 • Support for using a SnapMirror license to enable SnapVault on page 35 • Support for NDMP extension on page 35 • Supported naming conventions for Snapshot copies on page 35 • Expiry time for Snapshot copies on page 35 • Support for intercluster SVM peer relationships between SVMs with the same name on page 36

• Support for SnapMirror and SnapVault global throttling on page 36 • Support for secondary SnapVault Snapshot copies on page 36 • Support for renaming SnapVault Snapshot copies on page 36 • Support for all SnapMirror and SnapVault cascade configurations on page 37 File access protocol enhancements on page 37 • Enhanced support for SMB protocols on page 37 • Support for CIFS server in workgroup mode on page 41 • Enhancements for Kerberos 5 on page 41 • Support for LDAP signing and sealing on page 42 Changes introduced since ONTAP 9 | 21

• LDAP support for SHA2 hashed passwords on page 42 • Multiple client match specifications in NFS export rules on page 42 • NFS export access cache enhancements on page 42 • FPolicy enhancements on page 42 • Support for new CIFS auditing events on page 43 • Support for managing shares using Microsoft Management Console on page 43 FlexArray Virtualization (V-Series) enhancements on page 44 • Support for 16 TB array LUNs on page 44 • FlexArray Virtualization resiliency enhancements on page 44 • Support for E-series direct attached storage in FlexArray stretch MetroCluster configurations on page 44 • Support for shared initiator ports and target ports for FlexArray MetroCluster configurations on page 44 Manageability enhancements on page 47 • FIPS 140-2 support for cluster-wide control plane web service interfaces on page 53 • Changes in audit configuration operation on page 54 • Support for Storage QoS on page 50 • Support for SHA-2 password hash function on page 54 • Password security enhancements on page 54 • Enhanced audit logging on page 55 • Support for Unicode characters in qtree names on page 55 • Support for cache-retention policies on Flash Pool aggregates on page 56 • Changes in EMS configuration operation on page 55 • Support for headroom functionality on page 56 MetroCluster configuration enhancements on page 57 • MetroCluster configuration support for ONTAP features on page 57

• New MetroCluster features on page 58 Hardware support updates on page 45 • Adapters supported on FAS and AFF systems on page 45 • ACP cabling for disk shelves no longer needed on page 47 Networking and security protocol enhancements on page 59 SAN enhancements on page 61 • Gigabit Ethernet connectivity link speed is autoconfigured for FAS2552 and FAS2554 systems on page 63 • iSCSI target support for an FQDN response on page 63 • ODX LUN copy is now supported between clusters on page 63 22 | Release Notes

Storage resource management enhancements on page 63 • Support for data compaction on page 68 • Support for automated SAN and NAS storage provisioning on page 68 • Support for relocating root volumes to new aggregates on page 69 • Support for volume-level user and group IDs (UIDs and GIDs) in FlexClone volumes on page 69 • Support for rehosting a volume from one SVM to another SVM on page 70 • Supported security styles for Infinite Volumes on page 70 Transition enhancements on page 72 • Support for transitioning SnapLock volumes on page 72 • Support for transitioning a disaster recovery relationship between vFiler units on page 72 • Support for transitioning peering networks from IPv4 to IPv6 on page 72 Upgrade enhancements on page 72 • Expanded support for automated nondisruptive upgrades on page 74

New Cautions There is a new caution in this release: Upgrade cautions on page 84 • LDAP clients using SSL must be reconfigured for TLS before upgrading to ONTAP 9 on page 86 • Change in audit logging after upgrade on page 87 • An incorrect license error message is displayed while creating a vault relationship or a mirror and vault relationship by using OnCommand System Manager on page 87 Revert and downgrade cautions on page 87 • Requirement to revert password hash function to a release before ONTAP 9 on page 89

New known problems and limitations There are new known issues in this release: Data protection issues on page 91

• SnapMirror enable-storage-efficiency parameter disabled on page 91 • OnCommand System Manager enables setting up the unsupported policy type for vault relationship with SnapLock destination on page 92 File access and protocols issues on page 92 • The statistics show command for the cifs_client counter object cannot filter instances that have the "?" character in the fingerprint on page 92 • Restores might fail on CIFS servers with SnapManager for Hyper-V on page 92 HA pair issues on page 92 • Auto giveback process defers when the giveback time expires on page 92 Changes introduced since ONTAP 9 | 23

Management interface issues on page 94 • AutoSupport messages for system health alerts might include an incorrect subject when in mixed- version state on page 95 Networking issues on page 96 • New limits for IPspaces on page 97 Other System Manager issues on page 97 • Aggregate create and add capacity operations are blocked from OnCommand System Manager on nodes with low hot spares on page 97 • OnCommand System Manager is unable to peer between ONTAP 9 and Data ONTAP 8.3.2 on page 99 • Incorrect SVM peer state displayed for clusters running mixed versions of ONTAP software on page 99 • Discrepancy in the physical used space shown in the dashboard and the used space shown in the aggregate inventory page on page 98 Storage resource management issues on page 100 • LUN path characters are truncated to 252 characters on page 101 • FlexCache volume limitations on page 101

Changes to published documentation The following new or changed information supplements the documentation available for this release: • New Power Guides on page 102 • ONTAP platform mixing rules now included in Hardware Universe on page 104 • New Upgrade Express Guide on page 103 • Scope and title changes in the ONTAP library on page 104 24

New and changed features in the ONTAP 9 release family

You should become familiar with the features that have been added or changed in the ONTAP 9 release family and this release of System Manager. Some new and changed features in this release might have been introduced in a maintenance release of an earlier version of the software. Before upgrading to this release, consult with your NetApp representative about new ONTAP or System Manager functionality to determine the best solutions for your business needs. For a comparison of the bugs that were fixed in different releases, see Bugs Online—Release Comparison in Bugs Online.

Related information NetApp Bugs Online

Antivirus enhancements This ONTAP release includes new features and enhancements related to Antivirus.

Support for Vscan on-demand scanning Beginning with ONTAP 9, Vscan supports on-demand scanning. With on-demand scanning, you can create an on-demand task to scan all files under one or more directories, including files in subdirectories. Scanning can be scheduled to run immediately or at a later time, for example, during off-peak hours. Important parameters of the completed on-demand task are recorded in the rdb table and in the report file.

Support for FQDN configuration of Vscan servers Beginning with ONTAP 9, Vscan supports Fully Qualified Domain Name (FQDN) configuration of Vscan servers using the vserver vscan scanner pool command. The -servers option of the vserver vscan scanner pool command has been deprecated. You can now use the -hostnames option to supply the IP address or host name of the Vscan server for FQDN configuration.

API updates This ONTAP release provides information about managing ONTAP systems using APIs.

Support for REST APIs Starting with ONTAP 9.4, you can use REST APIs for the application aware data management feature. You can use the REST APIs to create, delete, manage, and view the application aware data management application within ONTAP. The following applications can be configured in ONTAP: • Generic NAS • Generic SAN New and changed features in the ONTAP 9 release family | 25

• MongoDB (over SAN) • Oracle (over NFS or SAN) • Oracle Real Application Cluster (RAC over NFS or SAN) • Virtual server datastores • Microsoft SQL Server over SAN • Virtual Desktops for SAN and NAS You can perform the following tasks for your applications: • Create applications by using the application templates • Manage the storage associated with the applications • Modify or delete applications • View applications • Manage the Snapshot copies of the applications You can view the REST API documentation from the Swagger UI by accessing the cluster using a web browser: https://cluster_mgmt_or_node_mgmt_IP/docs/api

API support for ONTAP 9 automation You can manage ONTAP systems by using APIs. The NetApp Manageability SDK provides APIs for developing applications that monitor and manage storage systems. OnCommand Workflow Automation (OnCommand WFA) enables you to run prepackaged workflows that automate management tasks using APIs. The SDK supports C, C++, Java, Perl, C#, VB.NET, PowerShell, Python, and Ruby as the scripting language on the client side. You can download the SDK from the the NetApp Support Site. You can also use APIs to automate management tasks without writing scripts. OnCommand Workflow Automation provides several prepackaged workflows that automate management tasks such as the workflows that are described in Express Guides. You can download the OnCommand WFA pack from the NetApp Storage Automation Store. For information about the versions of the NetApp Manageability SDK and OnCommand Workflow Automation that are supported with your version of ONTAP, see the Interoperability Matrix Tool.

Related information NetApp OnCommand Workflow Automation Resources NetApp Storage Automation Store NetApp Interoperability Matrix Tool NetApp Downloads: Software

CLI (command-line interface) updates Changes to the command-line interface (CLI) commands are listed on the NetApp Support Site.

Related information NetApp CLI Comparison: New and changed commands in ONTAP 26 | Release Notes

Data protection enhancements This ONTAP release includes new and changed data protection capabilities.

Updated guidance on load-sharing mirrors To ensure that data remains accessible to clients in the event of a node outage or failover, NetApp recommends that you create a load-sharing mirror (LSM) for each SVM root volume. You can create the LSM on any node other than the one containing the root volume, preferably in a different HA pair. For a two-node cluster, you can create the LSM on the partner of the node with the root volume. Note: It is no longer required that you create an SVM load-sharing mirror on every node in the cluster.

For example, in a four-node cluster with a root volume on three nodes: • For the root volume on HA 1 node 1, create the LSM on HA 2 node 1 or HA 2 node 2. • For the root volume on HA 1 node 2, create the LSM on HA 2 node 1 or HA 2 node 2. • For the root volume on HA 2 node 1, create the LSM on HA 1 node 1 or HA 1 node 2.

MirrorAndVault is the new default policy for some SnapMirror relationships Starting with ONTAP 9.5, MirrorAndVault is the new default policy when no data protection mode is specified or when XDP mode is specified as the relationship type. The table below shows the default policy you can expect for the specified SnapMirror relationship types.

If you specify... The type is... The default policy (if you do not specify a policy) is... DP XDP MirrorAllSnapshots (SnapMirror DR) Nothing XDP MirrorAndVault (unified replication) XDP XDP MirrorAndVault (unified replication)

Enhanced support for resynchronization of SLC volumes Beginning in ONTAP 9.5, resynchronization of SnapLock Compliance (SLC) volumes has been enhanced to support resynchronization during data divergence at the destination. This capability is limited to the resynchronization of SLC volumes with SnapMirror relationships of type XDP with the asynchronous mirror policy.

Support for SnapMirror Synchronous technology Beginning with ONTAP 9.5, SnapMirror Synchronous (SM-S) technology is supported on all currently shipping FAS and AFF platforms that have at least 16 GB of memory and on all ONTAP Select platforms. SnapMirror Synchronous technology is a capacity based, per-node, licensed feature that delivers synchronous data replication at the volume level. This functionality addresses the regulatory and national mandates for synchronous replication in financial, healthcare, and other industries where zero data loss (RPO=0) is required. SnapMirror Synchronous has two modes of operation to meet all needs. In Sync mode, an I/O to a primary controller is first replicated in parallel to primary and secondary storage. When both complete successfully, acknowledgement is sent to the application that issued the New and changed features in the ONTAP 9 release family | 27

I/O. If the write to the secondary storage is not completed for any reason, the application is allowed to continue writing to the primary storage. When the error condition is corrected, SnapMirror Synchronous technology automatically resynchronizes with the secondary storage and resumes replicating from primary storage to secondary storage in Synchronous mode. In StrictSync mode, if the write to the secondary storage is not completed for any reason, the application I/O fails immediately, ensuring that the primary and secondary storage are identical with zero data loss. If the primary storage fails, application I/O can failover to and be resumed on the secondary storage with no loss of data. SnapMirror Synchronous technology supports the FC, iSCSI, and NFSv3 protocols over all IP networks with Round Trip Time (RTT) that does not exceed 10ms. In ONTAP 9.5, the limit for concurrently replicated volumes from any single node is 80 on AFF platforms, 40 on FAS platforms, and 20 on ONTAP Select platforms.

Feature enhancements to DPO systems Starting with ONTAP 9.4, systems with the DP_Optimized (DPO) license support SnapMirror backoff, cross-volume background deduplication, cross-volume inline deduplication, use of Snapshot blocks as donors, and compaction. Starting with ONTAP 9.4, the following feature enhancements are made to DPO systems: • SnapMirror backoff: In DPO systems, replication traffic is given the same priority that client workloads are given. SnapMirror backoff is disabled by default on DPO systems. • Volume background deduplication and cross-volume background deduplication: Volume background deduplication and cross-volume background deduplication are enabled in DPO systems. You can run the storage aggregate efficiency cross-volume-dedupe start - aggregate aggregate_name -scan-old-data true command to deduplicate the existing data. The best practice is to run the command during off-peak hours to reduce the impact on performance. • Increased savings by using Snapshot blocks as donors: The data blocks that are not available in the active file system but are trapped in Snapshot copies are used as donors for volume deduplication. The new data can be deduplicated against the data that was trapped in Snapshot copies, effectively sharing the Snapshot blocks as well. The increased donor space provides more savings, especially when the volume has a large number of Snapshot copies. • Compaction: Data compaction is enabled by default on DPO volumes.

Support for increased number of Snapshot copies in ONTAP 9.4 Beginning with ONTAP 9.4, a volume can contain up to 1023 Snapshot copies. A SnapMirror destination volume can contain up to 1019 Snapshot copies. Note: The new limits do not apply to NetApp Cloud Backup (formerly AltaVault).

XDP replaces DP as the SVM replication default in ONTAP 9.4 Starting with ONTAP 9.4, SVM data protection relationships default to XDP mode. SVM data protection relationships continue to default to DP mode in ONTAP 9.3 and earlier. Existing relationships are not affected by the new default. If a relationship is already of type DP, it will continue to be of type DP. The table below shows the behavior you can expect. 28 | Release Notes

If you specify... The type is... The default policy (if you do not specify a policy) is... DP XDP MirrorAllSnapshots (SnapMirror DR) Nothing XDP MirrorAllSnapshots (SnapMirror DR) XDP XDP MirrorAndVault (Unified replication)

For background on the changes in the default, see XDP replaces DP as the SnapMirror default in ONTAP 9.3 on page 29. Note: Version-independence is not supported for SVM replication.

SVM replication support for fan-out deployments in ONTAP 9.4 Beginning with ONTAP 9.4, SVM replication supports fan-out deployments as well as cascade deployments. You can fan out to two parallel SVM disaster recovery (DR) relationships from a single SVM. You can create multiple volume-level fan-out for SVM DR source volumes. You can create a volume-level cascade relationship with SVM DR destinations as the source of the relationship.

Support for Volume Append Mode Beginning with ONTAP 9.3, you can create a Volume Append Mode (VAM) volume in which all files within the volume are treated as appendable files by default. This is especially important for audio and video devices that are Internet connected. Because a file is only committed to WORM after it is closed or after it has not been updated for a period of time, log files and audio and video capture data might remain unprotected for very long periods of time. You might want to create WORM appendable files for these purposes. Note: VAM and audit logging are not supported on the same volume.

Support for Legal Hold feature Beginning in ONTAP 9.3, the Legal Hold feature enables files in SnapLock Compliance volumes to be protected against deletion or change for the duration of a litigation. All WORM files have a fixed retention time associated with them. Using the Legal Hold feature, you can override the fixed retention time and hold the files indefinitely while the litigation proceeds. After the files are released from Legal Hold, they revert to their original state, either a regular file or a WORM file with its original retention period.

Support for Event Based Retention feature Beginning in ONTAP 9.3, you can use the Event Based Retention (EBR) feature on SnapLock Compliance and SnapLock Enterprise volumes to set a predefined retention period when triggered by an event or policy. You can create EBR policies for an SVM with a specific retention time. Apply this policy either on a single file or an entire directory. If applied on a directory, the EBR policy will be applied to all files inside that container. If a file is not a WORM file, it will be committed to WORM state. If a file is a WORM file or a WORM appendable file with a retention period, its retention period will be extended by the retention period defined by the EBR policy. New and changed features in the ONTAP 9 release family | 29

Support for configuring a data protection relationship in a single step Beginning in ONTAP 9.3, you can use the snapmirror protect command to configure a data protection relationship in a single step. When you invoke the command, you can specify a list of volumes to be replicated, an SVM on the destination cluster, a job schedule, and a SnapMirror policy. snapmirror protect chooses an aggregate associated with the specified SVM. If no aggregate is associated with the SVM, it chooses from all the aggregates in the cluster. The choice of aggregate is based on the amount of free space and the number of volumes on the aggregate. snapmirror protect then performs the following steps: • Creates a destination volume with an appropriate type and amount of reserved space for each volume in the list of volumes to be replicated. • Configures a replication relationship appropriate for the policy you specify. • Initializes the relationship.

XDP replaces DP as the SnapMirror default in ONTAP 9.3 Beginning with ONTAP 9.3, SnapMirror extended data protection (XDP) mode replaces SnapMirror data protection (DP) mode as the SnapMirror default. Until ONTAP 9.3, SnapMirror invoked in DP mode and SnapMirror invoked in XDP mode used different replication engines, with different approaches to version-dependence: • SnapMirror invoked in DP mode used a version-dependent replication engine in which the ONTAP version was required to be the same on primary and secondary storage:

cluster_dst::> snapmirror create -type DP -source-path ... - destination-path ... • SnapMirror invoked in XDP mode used a version-flexible replication engine that supported different ONTAP versions on primary and secondary storage:

cluster_dst::> snapmirror create -type XDP -source-path ... - destination-path ...

With improvements in performance, the significant benefits of version-flexible SnapMirror outweigh the slight advantage in replication throughput obtained with version-dependent mode. For this reason, beginning with ONTAP 9.3, XDP mode has been made the new default, and any invocations of DP mode on the command line or in new or existing scripts are automatically converted to XDP mode. Existing relationships are not affected. If a relationship is already of type DP, it will continue to be of type DP. The table below shows the behavior you can expect.

If you specify... The type is... The default policy (if you do not specify a policy) is... DP XDP MirrorAllSnapshots (SnapMirror DR) Nothing XDP MirrorAllSnapshots (SnapMirror DR) XDP XDP XDPDefault (SnapVault)

As the table shows, the default policies assigned to XDP in different circumstances ensure that the conversion maintains the functional equivalence of the old types. Of course, you can use different policies as needed, including policies for unified replication:

If you specify... And the policy is ... The result is... DP MirrorAllSnapshots SnapMirror DR 30 | Release Notes

If you specify... And the policy is ... The result is... DP XDPDefault SnapVault DP MirrorAndVault Unified replication XDP MirrorAllSnapshots SnapMirror DR XDP XDPDefault SnapVault XDP MirrorAndVault Unified replication

The only exceptions to conversion are as follows: • SVM data protection relationships continue to default to DP mode. Specify XDP explicitly to obtain XDP mode with the default MirrorAllSnapshots policy. For SnapLock volumes the recommended policy is MirrorAndVault. • Load-sharing data protection relationships continue to default to DP mode. • SnapLock data protection relationships continue to default to DP mode. • Explicit invocations of DP continue to default to DP mode if you set the following cluster-wide option:

options replication.create_data_protection_rels.enable on

This option is ignored if you do not explicitly invoke DP.

Support for simplified cluster and SVM peering ONTAP 9.3 offers enhancements that simplify the way you configure peer relationships between clusters and SVMs. In previous ONTAP releases, you needed to know in advance the intercluster LIF IP addresses of the remote cluster with which you wanted to peer. Both clusters needed to agree on the passphrase used for authentication, and each needed to authenticate itself to the other with the passphrase. Beginning with ONTAP 9.3, you can use the generate passphrase feature to create a peer relationship with a cluster whose intercluster LIF IP addresses you don't know in advance. The generated passphrase is more secure than the human-created passphrase used in previous releases, and eliminates the need for the initiating cluster to authenticate itself to the remote cluster. In a typical scenario, the administrator at the data protection destination cluster runs cluster peer create with the -generate-passphrase option, sending a copy of the output to the administrator at the data protection source cluster:

cluster02::> cluster peer create -generate-passphrase -offer-expiration 2days -initial-allowed-vserver-peers vs1,vs2

Passphrase: UCa+6lRVICXeL/gq1WrK7ShR Expiration Time: 6/7/2017 08:16:10 EST Initial Allowed Vserver Peers: vs1,vs2 Intercluster LIF IP: 192.140.112.101 Peer Cluster Name: Clus_7ShR (temporary generated)

The source cluster can then use the generated password to authenticate itself to the destination cluster, as long as it does so within the specified expiration period. The passphrase can be used by one cluster only. ONTAP 9.3 also includes SVM peering enhancements. Previous releases let you authorize a peer relationship for only one SVM at a time. You needed to run the vserver peer accept command each time you authorized a pending SVM peer relationship. New and changed features in the ONTAP 9 release family | 31

Beginning with ONTAP 9.3, you can “pre-authorize” peer relationships for multiple SVMs on the initiating cluster by listing the SVMs in the -initial-allowed-vserver option when you create a cluster peer relationship. You can specify "*" to pre-authorize all the SVMs on the initiating cluster. These enhancements are available from the command-line interface and OnCommand System Manager.

Related information Cluster and SVM peering

Support for volume protection Beginning with ONTAP 9.3, you can use OnCommand System Manager to create protection relationships while creating volumes and for existing volumes.

Support for Replication between SolidFire Element OS and ONTAP Beginning with ONTAP 9.3, you can use SnapMirror to replicate SolidFire Snapshot copies to an ONTAP destination volume. In the event of a disaster at the SolidFire site, you can serve data to clients from the ONTAP system, and reactivate the SolidFire source volume when service is restored. Beginning with ONTAP 9.4, you can replicate Snapshot copies of a LUN created on an ONTAP node back to a SolidFire system. You might have created a LUN during a SolidFire outage, or you might be using a LUN to migrate data from ONTAP to SolidFire. For more information, see Replication between SolidFire Element OS and ONTAP.

Related information Replication between NetApp element software and ONTAP

Support for breaking protection relationships between ONTAP and SolidFire systems Beginning with ONTAP 9.3, you can use OnCommand System Manager to break SnapMirror relationships between ONTAP and SolidFire storage systems.

Support for SVM unified replication Beginning with ONTAP 9.2, you can use SnapMirror unified replication to configure an SVM data protection relationship for both disaster recovery (DR) and long-term retention. In contrast to a DR- only relationship, in which the destination contains only the Snapshot copies currently on the source, a unified replication relationship typically retains point-in-time Snapshot copies created over a much longer period. That means you can use the same destination for failover or for long-term retention. For more information, see the Data Protection Power Guide.

Related information Data protection

Support for encryption of data at rest NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. Beginning with ONTAP 9.1, you can use NVE by itself, or with NetApp Storage Encryption (NSE) to “double encrypt” data on NSE drives. The following changes have been made beginning with ONTAP 9.2: 32 | Release Notes

• NVE and OKM are FIPS-140-2 Level 1 compliant https://csrc.nist.gov/projects/cryptographic- module-validation-program/certificate/3072. The following changes have been made beginning with ONTAP 9.3: • You can use KMIP servers to secure NVE authentication keys. ONTAP automatically “pushes” an authentication key to the KMIP server when you encrypt a volume. • You can use the volume encryption rekey command to change the encryption key for a volume “in place.” You no longer need to invoke volume move to rekey an encrypted volume. • The KMIP server connection configuration for both NVE and NSE has been simplified. The system discovers all needed network information automatically. You no longer need to enter the information manually. • ONTAP configures KMIP server connectivity for all nodes in the cluster, not only the current node and its partner. • NSE supports 10-Gb network interfaces for communications with external key management servers. • You can use any storage controller port for communication with the key management server. Important: If you are upgrading to ONTAP 9.3 from a previous version, you must delete any existing KMIP server connections using the security key-manager delete-kmip-config command, then reconfigure the KMIP server connections using the security key-manager setup command.

The following changes have been made beginning with ONTAP 9.4: • You can use the secure-purge feature to non-disruptively “scrub” data on NVE-enabled volumes. Scrubbing data on an encrypted volume ensures that it cannot be recovered from the physical media. • You can use the protected reboot feature to require that the user enter the onboard key manager passphrase when a node is rebooted. The following changes have been made beginning with ONTAP 9.5:

• Support for Cloud Volumes ONTAP. • Support for encryption of the fingerprint database created by background deduplication operations.

Support for encryption-free ONTAP NetApp Volume Encryption (available in ONTAP 9.1 and later) requires authorizations, permits, or licenses to import, export, re-export, or use the software in certain countries (the “Restricted Countries”). If you are unsure whether your company has complied with all applicable legal requirements on encryption technology, you can download an encryption-free version of ONTAP. On the “Software download instructions and images” page at the NetApp Support Site, download the image in the “Restricted Countries” column, which will install ONTAP without NetApp Volume Encryption.

Related information NetApp Downloads: Software New and changed features in the ONTAP 9 release family | 33

Data Protection Optimized (DPO) systems available for target storage Beginning with ONTAP 9.1, pre-configured systems can be purchased as target storage for data protection such as backup consolidation. Data Protection Optimized (DPO) systems are FAS8200/ Premium Bundle 2-Node Switchless Clusters only. Beginning with ONTAP 9.5, DPO systems support the following: • A200 and ONTAP Select • A default storage QoS policy that limits the impact of I/O operations on SnapMirror performance. The policy (named “dpo_default”) is assigned to new SVMs and to existing SVMs to which a policy has not been assigned. You can use standard QoS commands to modify the throughput ceiling or to create a custom policy. DPO systems are available in three capacities: • 251TB (240TB HDD with 11TB SSD) • 503 TB (480TB HDD with 23TB SSD) • 1006TB (960TB HDD with 46TB SSD) When you purchase a DPO system, you are entitled to use SnapMirror without having to purchase a SnapMirror license for primary systems without those licenses. This option is available only with this product bundle. Note: Primary systems include FAS2000, FAS3000, FAS6000, and FAS800 series which were released prior to ONTAP 9.1. To use DPO systems, you should install premium bundle software license on new platforms released with ONTAP 9.1.

The DPO system can be setup easily with a configuration script to be used as a backup target for multiple primary clusters.

Support for local copies on the SnapMirror destination Beginning with ONTAP 9, you can use the snapmirror policy add rule command with the - schedule option to create a local copy on the SnapMirror destination of the most recent Snapshot copy transferred to the destination using a vault or mirror-vault policy. Doing so enables you to retain Snapshot copies on the destination that would otherwise be deleted when the source Snapshot copies are deleted. The new feature applies to both volume and SVM replication.

Support for triple parity RAID protection Beginning with ONTAP 9, RAID-TEC is supported on all disks types and all platforms, including AFF. Aggregates that contain larger disks have a higher possibility of concurrent disk failures. RAID-TEC helps to mitigate this risk by providing triple parity so that your data can survive up to three simultaneous disk failures. Beginning with System Manager 9.1, RAID-TEC is the only available RAID type, if the disk type of the aggregate disks is FSAS or MSATA, and the disk size is equal to or larger than 10 TB.

Related information Disk and aggregate management Cluster management using System Manager 34 | Release Notes

Support for SnapLock technology SnapLock is a high-performance compliance solution for organizations that use WORM storage to retain files in unmodified form for regulatory and governance purposes. A single license entitles you to use SnapLock in strict Compliance mode, to satisfy external mandates like SEC Rule 17a-4, and a looser Enterprise mode, to meet internally mandated regulations for the protection of digital assets. SnapLock technology was previously available in 7-Mode Data ONTAP only. Note: SSDs and Flash Pool aggregates are supported by SnapLock beginning with ONTAP 9.1. Advanced Drive Partitioning (ADP) is supported by SnapLock beginning with ONTAP 9.1. NetApp Volume Encryption (NVE) is supported by SnapLock beginning with ONTAP 9.2. Beginning with ONTAP 9.5, you can replicate WORM files with the XDP (extended data protection) type rather than the DP (data protection) type. XDP mode is ONTAP version- independent, and is able to differentiate files stored in the same block, making it much easier to resync replicated Compliance-mode volumes. Beginning with ONTAP 9.5, you can use either a SnapLock Enterprise volume or a SnapLock Compliance volume for privileged delete audit logging. For information on how to revert from ONTAP 9.1 to ONTAP 9.0 after you have created a SnapLock SSD or Flash Pool aggregate, see the Upgrade and Revert/Downgrade Guide. Upgrade, revert, or downgrade

You can use SnapLock to do all of the following and more: • Set a default retention period for WORM files on a volume • Use an application to commit files to WORM over NFS or CIFS • Use the autocommit feature to commit files to WORM automatically • Use a WORM appendable file to retain data written incrementally (like log information) • Incrementally commit audio or video streaming data to WORM • WORM-protect Snapshot copies on secondary storage • Replicate WORM files to another geographic location for disaster recovery • Protect critical data against rogue administrators, ransomware, and bad actors A special compliance administrator can use an audited privileged delete procedure to delete Enterprise-mode WORM files during the retention period. Full support for SnapLock is available in the ONTAP CLI. Archive and compliance using SnapLock technology A limited but important set of SnapLock technology is available in System Manager. You can install SnapLock licenses, set the Compliance Clock, create SnapLock aggregates (including SSD and Flash Pool aggregates), and create and configure SnapLock volumes. Cluster management using System Manager

Support for cloning data protection volumes Beginning with ONTAP 9, in an SVM disaster recovery relationship, the cluster administrator can clone data protection (DP) volumes from the destination SVM to another SVM in the destination cluster for development testing. New and changed features in the ONTAP 9 release family | 35

Support for excluding volumes from replication Beginning with ONTAP 9, in an SVM disaster recovery relationship, the cluster administrator can exclude one or more volumes from replication if all the volumes that are on the source SVM do not have to be protected. Data protection

Support for excluding LIFs from replication Beginning with ONTAP 9, in an SVM disaster recovery relationship, if the source SVM and destination SVM are in different network subnets, and if the destination SVM must have different LIFs, the cluster administrator can exclude the LIFs from replication. Data protection

Support for converting volume-level SnapMirror relationships to an SVM disaster recovery relationship Beginning with ONTAP 9, if there are volume-level SnapMirror relationships between two SVMs, you can create a SnapMirror relationship between the SVMs to convert the volume-level SnapMirror relationships to an SVM disaster recovery relationship.

Support for using a SnapMirror license to enable SnapVault Beginning with ONTAP 9, you can use either a SnapMirror license or a SnapVault license to enable SnapVault. In previous releases, you could use a SnapVault license only to enable SnapVault. Note: Beginning with ONTAP 9.1, you can use a SnapMirror license to enable SnapVault in SnapManager or SnapDrive. Those products did not allow you to use a SnapMirror license to enable SnapVault in ONTAP 9.0.

Supported naming conventions for Snapshot copies Beginning with ONTAP 9, you can use timestamp-based naming conventions and ordinal naming conventions for configuring the scheduled Snapshot copies.

Expiry time for Snapshot copies Beginning with ONTAP 9, you can configure the expiry time for Snapshot copies to protect them from deletion until the expiry time elapses. Configuring the expiry time is not applicable for the Snapshot copies of Infinite Volumes.

Support for NDMP extension Beginning with ONTAP 9, NDMP extension 0x2050, which enables Snapshot copy management and backup restart extensions, is supported. The NDMP_SNAP_RECOVER message, which is part of the Snapshot copy management extension, allows the recovery of volumes and regular files only.

Related information Data protection using tape backup 36 | Release Notes

Support for intercluster SVM peer relationships between SVMs with the same name Beginning with ONTAP 9, it is no longer required for storage virtual machines (SVMs) in a peer relationship to have unique names. You can now configure a peer relationship across clusters between SVMs that have the same name. This functionality is useful in a multi-tenant environment where it is not feasible to ensure that all SVM names are unique; for example, when providing backup and data recovery as a service. You can now specify a unique local name, using the vserver peer create command with the local- name parameter, to identify the peer SVM with which you want to create the SVM peer relationship. You can use System Manager to peer clusters or SVMs of the same name by using an alias name for the remote cluster or SVM.

Related information Cluster management using System Manager

Support for SnapMirror and SnapVault global throttling Beginning with ONTAP 9, global network throttling is available for all SnapMirror and SnapVault transfers at a per-node level. You can now limit the total bandwidth used by all SnapMirror and SnapVault transfers in the following ways: • Enabling and disabling the node-level throttle • Setting the maximum bandwidth for outgoing transfers • Setting the maximum bandwidth for incoming transfers These options are enforced on all nodes in the cluster.

Support for secondary SnapVault Snapshot copies Beginning with ONTAP 9, you can create Snapshot copies on a SnapMirror SnapVault destination for longer term retention without having to create and maintain a corresponding longer term Snapshot copy at the primary destination. Two new options have been added to the SnapMirror policy: Snapshot copy creation schedule This option is required. The new Snapshot copy on the destination is created with the specified value. -schedule schedule value Snapshot copy creation prefix This option is optional. It specifies the prefix for the name of the Snapshot copy associated with the schedule to be created. If the prefix is not specified, the Snapshot copy label is used as a prefix. -prefix prefix value

Support for renaming SnapVault Snapshot copies Beginning with ONTAP 9, SnapVault enables you to transfer a Snapshot copy from the SnapMirror primary volume even if the secondary volume already has a Snapshot copy with the same name. During a SnapVault transfer, when a name conflict occurs between the old Snapshot copy on the secondary volume and the new Snapshot copy on the primary volume, the old Snapshot copy is renamed by appending the original name with the time creation of this Snapshot copy. This feature is automatic. New and changed features in the ONTAP 9 release family | 37

Support for all SnapMirror and SnapVault cascade configurations Beginning with ONTAP 9, all cascading configurations for asynchronous disaster recovery (ADR), and vault and logical replication engine with storage efficiency disaster recovery (LRSE-DR) are supported providing that Secondary SnapVault Snapshots are not used with SnapVault relationships that are part of a cascade.

File access protocol enhancements This ONTAP release includes new features and enhancements for file access protocols management.

LDAP referral chasing Beginning with ONTAP 9.5, you can enable LDAP referral chasing, which allows the ONTAP LDAP client to refer look-up requests to other LDAP servers if an LDAP referral response is not returned by the primary LDAP server. The client can then retrieve the target object from the server described in the referral data.

Related information NFS configuration

4-byte UTF-8 encoded characters Beginning with ONTAP 9.5, support for 4-byte UTF-8 encoded characters enables the creation and display of UTF-16 file names with supplementary characters. UTF-16 file names with supplementary characters, also known as surrogate pairs, were not supported in earlier releases. 4-byte UTF-8 encoded characters can be displayed in the names of files, directories, and qtrees. Note: Support for 4-byte UTF-8 encoded characters is not available for the Data Fabric Solution for Cloud Fabric.

Related information SMB/CIFS management

Windows machine accounts can now be mapped to non-default users Beginning with ONTAP 9.5, Windows machine accounts can be mapped explicitly to users other than the default UNIX user. Previously, machine account mappings failed when there was no default UNIX user, even if a mapping was present.

Related information SMB/CIFS management

Enhanced support for SMB protocols Beginning with ONTAP 9, SMB 3.1.1 and enhanced features for SMB 2.0 and later are supported. Support for enabling and disabling SMB 1.0 is modified in ONTAP 9.2 and later releases. The following table lists the SMB enhancements that are now supported. 38 | Release Notes

SMB feature Description Beginning Beginning SMB ONTAP 9 protocol version version Accelerated Intel AES New Instructions (Intel AES NI) improves 3.0 9.0 AES-NI on the Advanced Encryption Standard (AES) encryption algorithm and accelerates data encryption with supported processor families. AES-128- AES-128-GCM replaces AES-128-CCM as the hash 3.1.1 9.1 GCM algorithm used by SMB encryption in SMB 3.1.1. encryption Credit limits The -max-credits option limits the number of 2.0 9.4 credits to be granted on an SMB connection. The default value is 128. LDAP Signing (protection against tampering) and sealing 2.0 9.0 signing and (encryption) enables secure communication between sealing SVMs and AD servers. Large MTU Increased efficiency and throughput are enabled by 2.0 9.0 packet sizes up to 1 MB; previously, the maximum was 64 KB. Note: Large MTU values must be enabled through the CIFS server. Small packet sizes might result in performance degradation.

Multichannel Multiple connections for a single SMB session 3.0 9.4 improves throughput and fault tolerance when appropriate NICs are deployed on the cluster and its clients. SMB clients automatically detect and use multiple network connections if a proper configuration is identified on the ONTAP cluster, and if the clients negotiate at SMB 3.0 or later versions. Null user and Used together, SMB null user and IP qualifiers 2.0 9.0 IP qualifiers enable CIFS anonymous users to receive the same credentials as an existing user through table mapping, enable customers to map to valid credentials using IP addresses, and allow for IP addresses and subnets to be mapped to different user accounts. Workgroup You can configure a CIFS server in a workgroup 2.0 9.0 authenticatio with CIFS clients that authenticate to the server by n using locally defined users and groups.

Beginning with ONTAP 9.2, SMB 1.0 can be disabled using the -smb1-enabled option to the vserver cifs options modify command. While SMB 1.0 is still enabled by default in ONTAP 9.2, in previous releases it could not be disabled. Beginning with ONTAP 9.3, SMB 1.0 is disabled by default for new CIFS servers created in ONTAP 9.3 and later releases. For environments with existing CIFS servers running SMB 1.0, you should migrate to a later SMB version as soon as possible to prepare for security and compliance enhancements. Contact your NetApp representative for details. New and changed features in the ONTAP 9 release family | 39

Related information SMB/CIFS management

Support for name service caching Beginning in ONTAP 9.3, name service caching is supported for external servers like DNS, NIS, and LDAP. It is enabled by default. Name service caching supports improved performance and resiliency by storing name service information in the cache of the storage controller. This reduces the amount of network traffic to the external service where the name service information is maintained. The length of time that name service information remains in cache is determined by the time-to-live (TTL) value. The TTL value can be modified using the vserver services name-service cache command, which is available in advanced privilege mode.

Related information ONTAP 9 commands

Export policy configuration checker Beginning in ONTAP 9.3, you can enable export policy configuration checking as a background job that records any rules violations in an error rule list. The vserver export-policy config- checker commands invoke the checker and display results, which you can use to verify your configuration and delete erroneous rules from the policy. The commands only validate export configuration for host names, netgroups, and anonymous users.

Domain controller discovery options for improving performance Beginning in ONTAP 9.3, you can modify the default process by which domain controllers (DCs) are discovered. This enables you to limit discovery to your site or to a pool of preferred DCs, which can lead to performance improvements depending on the environment. By default, the dynamic discovery process discovers all available DCs, including any preferred DCs, all DCs in the local site, and all remote DCs. This configuration can lead to latency in authentication and accessing shares in certain environments. If you have already determined the pool of DCs you want to use, or if the remote DCs are inadequate or inaccessible, you can now change the discovery method. ONTAP 9.3 introduces the discovery-mode parameter to the cifs domain discovered- servers command. By default, it behaves as before, discovering all available DCs. You can also set the following options:

• all (default): All DCs in the domain are discovered.

• site: Only DCs in the local site are discovered. To use this mode, you must define the default-site parameter for the SMB/CIFS server.

• none: DC discovery is not performed, the SMB/CIFS server configuration depends only on preferred DCs. To use this mode, you must first define the preferred DC’s for the SMB/CIFS server.

Support for NFS security tracing Beginning in ONTAP 9.3, you can add permission tracing filters to instruct ONTAP to log information about why NFS servers allow or deny a client or user's request to perform an operation. Previously, security tracing was only available for SMB/CIFS servers. 40 | Release Notes

Related information SMB/CIFS and NFS auditing and security tracing

SMB 2.0 support for domain controller connections Beginning with ONTAP 9.1, SVMs can connect to domain controllers (DC) using the SMB 2.0 protocol. In ONTAP 9.1, you must set SMB 2.0 connections explicitly; in ONTAP 9.2 and later, SMB 2.0 is enabled by default. In ONTAP 9.1, the ONTAP default for DC connections is enabled for SMB 1.0 and disabled for SMB 2.0; SMB 2.0 DC connections must be configured explicitly. Doing so is necessary if you have disabled SMB 1.0 on domain controllers. In ONTAP 9.2 and later, the ONTAP default is enabled for both SMB 1.0 and SMB 2.0 DC connections. The DC will choose the highest SMB version that it supports.

Support for new SMB auditing events Beginning with ONTAP 9.2, new SMB object access events can be audited. The following are the new events: • 4670 - Object permissions were changed • 4907 - Object auditing settings were changed • 4913 - Object Central Access Policy was changed

Related information SMB/CIFS and NFS auditing and security tracing

NFS clients enabled to view exports of SVMs Beginning with ONTAP 9.2, the default value of the vserver nfs modify -vserver vsl – showmount command is enabled. You can use this command to see a list of exports of SVMs available on the NFS server.

Ability to report widelinks as reparse points based on SMB version Beginning with ONTAP 9.2, you can use the widelink-as-reparse-point-versions parameter of the cifs options modify command to specify the CIFS protocol versions for which widelinks are reported as reparse points. Previously, only widelinks accessed using the default SMB1 were reported, and systems using SMB2 or SMB3 were unable to access the widelinks.

Ability to display effective permissions for Windows or UNIX users Beginning with ONTAP 9.2, the show-effective-permissions parameter to the vserver security file-directory command enables you to display effective permissions granted to a Windows or UNIX user on the specified file or folder path. In addition, the optional parameter - share-name enables you to display the effective share permission.

Name service configuration checker Beginning in ONTAP 9.2, the name service configuration checker feature performs immediate validation when a name service configuration is created or modified. The name service configuration checker validates the DNS and LDAP servers using the vserver services name-service commands. For DNS configuration, all the servers are tested and need to be working for the configuration to be considered valid. For LDAP configuration, as long as any New and changed features in the ONTAP 9 release family | 41

server is up, the configuration is valid. The name service commands apply the configuration checker unless the skip-config-validation field is true (the default is false).

Support for specifying hostnames in LDAP and NIS configurations Beginning with ONTAP 9.2, you can specify both hostnames and IP addresses for servers when creating LDAP or NIS client configurations. In previous releases, you could only specify IP addresses. For LDAP clients, the new field-ldap-servers replaces the -servers field in the vserver services name-service ldap client create command. For NIS clients, the new field - nis-servers replaces the -servers field of the vserver services name-service nis- domain client create command. The -servers fields are deprecated in ONTAP 9.2.

Changes to NetBios name service (NBNS) support Beginning in ONTAP 9, the NetBios name service (NBNS, sometimes called Windows Internet Name Service or WINS) is disabled by default. In previous releases, CIFS-enabled storage virtual machines (SVMs) sent name registration broadcasts regardless of whether WINS was enabled on a network. To limit such broadcasts to configurations where NBNS is required, you must enable NBNS explicitly for new CIFS servers. If you are already using NBNS and you upgrade to ONTAP 9 or later, NBNS will continue to work as before. For new CIFS servers, NBNS must be enabled using the -is-nbns-enabled option to the vserver cifs options modify command.

Support for CIFS server in workgroup mode Beginning with ONTAP 9, you can configure a CIFS server in a workgroup with CIFS clients that authenticate to the server by using locally defined users and groups. You can configure a CIFS server in a workgroup when the Microsoft Active Directory domain infrastructure is not available. A CIFS server in workgroup mode supports only NTLM authentication and does not support Kerberos authentication. Certain CIFS features are not supported by a CIFS server in workgroup mode.

Related information SMB/CIFS management

Enhancements for Kerberos 5 Beginning with ONTAP 9, Kerberos 5 authentication with privacy service (krb5p) is supported. The krbp5 authentication mode is secure, and it protects against data tampering and snooping. The privacy service includes verifying the integrity of the received data, authenticating users, and encrypting data before transmission. Kerberos 5 authentication can be configured using either the CLI or System Manager.

Related information NFS management Cluster management using System Manager 42 | Release Notes

Support for LDAP signing and sealing Beginning in ONTAP 9, you can configure signing and sealing to enable session security on queries to an LDAP server. This provides an alternative to LDAP over TLS session security. Signing confirms the integrity of the LDAP payload data using secret key technology. Sealing encrypts the LDAP payload data to avoid transmitting sensitive information in clear text. The session security settings on the SVM correspond to those available on the LDAP server.

Related information SMB/CIFS management NFS configuration NFS management

LDAP support for SHA2 hashed passwords Beginning with ONTAP 9, LDAP clients in ONTAP clusters can recognize SSHA2 and SHA2 hashed user passwords if the user has been created with hashed passwords on the LDAP server.

Multiple client match specifications in NFS export rules Beginning with ONTAP 9, you can specify multiple client match values in every rule in an NFS export policy, using either the CLI or System Manager. This provides comparable functionality to standard /etc/exports files and earlier 7-Mode releases.

Related information NFS configuration Cluster management using System Manager

NFS export access cache enhancements Beginning with ONTAP 9, access cache parameters for NFS export rules can be specified for individual storage virtual machines (SVMs), which allows the parameters to differ according to SVM access requirements. In addition, access cache entries that are not actively used are no longer refreshed, which reduces unnecessary and wasteful communication with external name servers.

FPolicy enhancements Beginning with ONTAP 9, the FPolicy file access notification framework is enhanced with filtering controls and resiliency against short network outages. This release includes the following FPolicy enhancements:

• Filtering controls New filters are available for SetAttr and for removing notifications on directory activities. • Async resiliency If an FPolicy server operating in asynchronous mode experiences a network outage, FPolicy notifications generated during the outage are stored on the storage node. When the FPolicy server comes back online, it is alerted of the stored notifications and can fetch them from the storage node. The length of time the notifications can be stored during an outage is configurable up to 10 minutes. New and changed features in the ONTAP 9 release family | 43

Support for new CIFS auditing events Beginning with ONTAP 9, new CIFS auditing events are available. CIFS auditing must be enabled to generate the auditing events. The new auditing events are as follows: file-share Generates an audit event when a CIFS network share is added, modified, or deleted using the related vserver cifs share commands. audit-policy-change Generates an audit event when the audit policy is disabled, enabled, or modified using the related vserver audit commands. user-account Generates an audit event when a local CIFS or UNIX user is created or deleted; a local user account is enabled, disabled, or modified; or a password is reset or changed using the related vserver cifs users-and-groups local-group command or the related vserver services name-service unix-user command. security-group Generates an audit event when a local CIFS or UNIX security group is created or deleted using the related vserver cifs users-and-groups local-group command or the related vserver services name-service unix-group command. authorization-policy-change Generates an audit event when rights are granted or revoked for a CIFS user or a CIFS group using the related vserver cifs users-and-groups privilege command.

Related information ONTAP 9 commands

Support for managing shares using Microsoft Management Console Beginning with ONTAP 9, you can use the Microsoft Management Console (MMC) to perform certain tasks related to managing shares on SVMs. You can perform the following management tasks on shares contained within SVMs using the Microsoft Management Console: • View details about current open sessions • Close an outstanding session • View details about currently open files • Close an open file

Note: The view displayed by the preceding capabilities are node specific and not cluster specific. Therefore, when you use the Microsoft Management Console to connect to the CIFS server host name (that is, cifs01.domain.local), you are routed, based on how you have set up DNS, to a single LIF within your cluster.

Related information NetApp Knowledgebase Answer 1001942: FAQ - Using Windows MMC in Clustered Data ONTAP 44 | Release Notes

FlexArray Virtualization (V-Series) enhancements This ONTAP release includes a number of new features and enhancements for FlexArray Virtualization (V-Series).

Support for 16 TB array LUNs Beginning with ONTAP 9, FlexArray Virtualization can support a maximum array LUN size of 16 TB for back-end storage arrays. Additional FlexArray Virtualization limits are available in the Hardware Universe.

Related information NetApp Hardware Universe

FlexArray Virtualization resiliency enhancements Beginning with ONTAP 9, FlexArray Virtualization (V-Series) includes resiliency enhancements to reliably handle disruptions caused by back-end path failures such as link and switch failures. The resiliency enhancements include the following: • Consistent I/O failover timing in case of path failures • Temporary suspension of I/O for a tunable period of time in case of all-path fail conditions • Automatic path quiescence in case of intermittent path failures

Related information NetApp KB Article 1015889: FlexArray Virtualization resiliency enhancements

Support for E-series direct attached storage in FlexArray stretch MetroCluster configurations FlexArray stretch MetroCluster configurations support direct attached E-Series backend storage arrays without any backend fabric.

Related information NetApp Interoperability Matrix Tool Stretch MetroCluster installation and configuration

Support for shared initiator ports and target ports for FlexArray MetroCluster configurations FlexArray MetroCluster configurations support sharing initiator ports on the controller and target ports on the backend array.

Related information Fabric-attached MetroCluster installation and configuration New and changed features in the ONTAP 9 release family | 45

Hardware support updates This release of ONTAP includes new or extended support for hardware. For a complete list of hardware supported in this release, see the Hardware Universe.

Related information NetApp Hardware Universe

Adapters supported on FAS and AFF systems ONTAP 9 and later releases support certain adapters on FAS and AFF systems.

Adapter part Description Category Available beginning number

X1146A 2-port 100 GbE iWARP • Networking ONTAP 9.4 QSFP28 • HA/ MetroCluster

X1116A 2-port 25 GbE iWARP • Networking ONTAP 9.4 SFP28 • HA/ MetroCluster

X91135A 4-port 32 Gb FC SFP+ Op • Block Access ONTAP 9.3 • Storage

X1134A 2-port 32 Gb FC SFP+ Op • Block Access ONTAP 9.1

X1133A-R6 4-port 16-Gb FC SFP+ Op • Block Access ONTAP 9.0 • Networking • Storage • Tape

Support for the X190100 or X190100R 100 GbE switch Beginning with ONTAP 9.4, the 32-port X190100 or X190100R 100 GbE switch will be available to use as cluster interconnect switch on AFF A800.

Disk auto-assignment changes for AFF systems Beginning with ONTAP 9.2, the default AFF auto-assignment policy is changed. ONTAP assigns SSDs in bay locations 0-11 to one node, and SSDs in bay locations 12-23 to the partner node. The policy is used any time unassigned SSDs are added to an AFF system and when an AFF system with unassigned SSDs is re-initialized. In earlier releases of ONTAP 9, disks are automatically assigned only when adding an entire shelf of disks. 46 | Release Notes

Support for new FAS and AFF platforms New FAS and AFF platforms are supported beginning with ONTAP 9.2 and 9.4.

Platforms (with links to data sheets) Available beginning FAS2700 series (FAS2720, FAS2750) ONTAP 9.4 AFF A220 ONTAP 9.4 AFF A800 ONTAP 9.4 FAS2600 series ONTAP 9.2 FAS8200 ONTAP 9.2 FAS9000 ONTAP 9.2 AFF A200 ONTAP 9.2 AFF A300 ONTAP 9.2 AFF A700 ONTAP 9.2 AFF A700s ONTAP 9.2

Support for automatic Interoperability Matrix update notifications Beginning with ONTAP 9.1, you can subscribe to a specific configuration within the Interoperability Matrix. When a change occurs to the configuration to which you are subscribed, you receive a notification of the change. This enables you to be automatically updated with the latest interoperability information for your specific configuration.

Related information NetApp Interoperability Matrix Tool

Support for the Baseboard Management Controller in the AFF A700s ONTAP 9.1 supports a new compact AFF storage controller, the AFF A700s. The ONTAP software is customized to support a new system management controller in the AFF A700s called the Baseboard Management Controller (BMC). The BMC works similarly to the Service Processor (SP) and uses many of the same commands. The BMC also has commands that operate from the BMC command line. You can perform the following tasks using the BMC CLI commands: • Configure the BMC network using its IP address. • Access the BMC over either a serial or network port. • Access a node remotely and perform node management tasks such as diagnose, shut down, power-cycle, or reboot the node.

Related information System administration New and changed features in the ONTAP 9 release family | 47

Support for increasing the maximum SAN cluster size to 12 nodes Beginning with ONTAP 9.1, the number of nodes you can add to a SAN cluster has increased from 8 to 12. Support for 12-node SAN clusters has the same limits as those used for 8-node clusters; that is, the per-node and per-cluster object count limits are the same as for 8-node SAN. The user cannot disable Selective LUN Map (SLM) when the cluster has more than 8 nodes. If SLM is disabled, you cannot add the ninth node to the cluster until SLM is turned on again.

Related information NetApp Hardware Universe

Support for DS460C, DS224C, and DS212C disk shelves ONTAP 9 and later releases support the configuration of 15.3 TB SSDs with DS224C shelves on AFF8080 systems. ONTAP 9 and later releases support the configuration of DS460C, DS224C, and DS212C disk shelves on all supported storage systems. For a comprehensive overview of the DS460C, DS224C, and DS212C disk shelves, see the disk shelves technical specifications.

Related information NetApp Technical Specifications: Disk Shelves and Storage Media

ACP cabling for disk shelves no longer needed Beginning with ONTAP 9, ONTAP supports new In-Band ACP (IBACP) functionality for resiliency and diagnostics with storage shelves, making external ACP cabling unnecessary. You need to prepare your IOM6 shelf for IBACP before upgrading to ONTAP 9. For more information on how to migrate to IBACP support, see Instructions for migrating to IBACP Instructions for Downloading and Installing Disk Shelf and ACPP Firmware

Manageability enhancements This release of ONTAP includes new and changed manageability capabilities.

Support for new volume replication policies The StrictSync and Sync volume replication policies are added in System Manager 9.5. You can use these two policies to provide zero RPO replication with and without primary I/O restriction during replication failures. You can also enable volume protection using the Protection tab. Cluster management using System Manager

Support for SVM DR Beginning with System Manager 9.5, disaster recovery capability is available at the SVM level. You can use System Manager to create and manage mirror relationships and mirror and vault relationships between SVMs. SVM disaster recovery (DR) provides disaster recovery capability at the SVM level. You can recover the data that is present in the constituent volumes of the SVM and you can recover the SVM configuration. 48 | Release Notes

Cluster management using System Manager

NVMe multipath support Beginning with ONTAP 9.5, multipathing using Asynchronous Namespace Access (ANA) is supported for NVMe configurations.

Public SSL certificate authentication Starting in System Manager 9.5, you can view a public SSL certificate associated with an storage virtual machine (SVM). You can view the certificate details, the serial number, the start date, and the expiration date. You can also copy the certificate to the clipboard, and email the certificate details. Additionally, when you add the vsadmin user account to an SVM, a login method is automatically included that uses HTTP as the application and is authenticated with a certificate.

MAX Data applications list Beginning with ONTAP 9.5, System Manager lists MAX Data applications on the Application page under different host names. Clicking on the host name opens a new window in the MAX Data interface. For each application, System Manager also lists IOPs and latency measurements.

FlexCache support in OnCommand System Manager Beginning with System Manager 9.5, FlexCache volumes are displayed in System Manager as a FlexGroup.

System Manager support for NVMe subsystems and namespaces System Manager supports the NVM Express over Fabrics (NVMe-oF) protocol, which was developed primarily for SSD drives. You can enable and configure the NVMe-oF protocol on existing SVMs. You can also monitor in near-real time the status and performance of an existing SVM configured with the NVMe-oF protocol. System Manager simplifies the provisioning and managing of an NVMe namespace and connecting it to a host or hosts identified by an NVMe Qualification Name (NQN) in an SVM configured with an NVMe-oF protocol stack. Beginning with System Manager 9.5, you can manage NVMe subsystems in a cluster. Management tasks include listing the NVMe systems, creating new NVMe subsystems, editing existing NVMe subsystems, and deleting NVMe subsystems.

Support for creating aggregates based on storage recommendations You can create an aggregate based on storage recommendations. System Manager analyzes the configuration of your storage system and provides storage recommendations such as the number of aggregates that can be created, the available nodes, and the available spare disks.

Enhancements to FabricPool-enabled aggregates Beginning with System Manager 9.4, FabricPool-enabled aggregates have been enhanced to support more features. FabricPool-enabled aggregates have been enhanced to support the following features and functionalities: • New UI navigation for the external capacity tier menu New and changed features in the ONTAP 9 release family | 49

• New “Auto” tiering policy • Support for inactive (cold) data reporting • Support for Microsoft Azure Blob storage external capacity tier • More information in the capacity tab of the cluster dashboard • Support for ONTAP Select • Support for viewing external capacity tier, other than StorageGRID, Amazon AWS S3, and Microsoft Azure Blob storage, created using the command-line interface (CLI).

Support for SMB multichannel protocol Beginning with System Manager 9.4, you can enable the SMB protocol to establish multiple channels between an SMB 3.0 session and transport connections, specifically for higher performance, fault tolerance, and resiliency.

Support for direct image upload Beginning with System Manager 9.4, you can add or select the ONTAP software image from the local client or from the NetApp Support Site.

Enhancements to FlexGroup volumes Beginning with System Manager 9.4, FlexGroup volumes have been enhanced to support more features. FlexGroup volumes include the following enhancements and new features: • Support for advanced options such as volume encryption, storage efficiency, and QoS. • Protect volumes • More information in the protection tab of the cluster dashboard

Support for updating single-node clusters disruptively Beginning with System Manager 9.4, you can update single-node clusters. Updating single-node cluster is disruptive, and client data will not be available while the update is in progress.

Support for configuring Snapshot copies You can configure Snapshot copies by adding a schedule to an existing Snapshot policy. Beginning with System Manager 9.4, you can have fewer than 1024 Snapshot copies of a FlexVol volume.

Support for provisioning an SVM by using a preconfigured template Beginning with ONTAP 9.3, you can create and provision an SVM by using a preconfigured template. To configure the SVM, you must provide values for the parameters in the template, such as security style, IPspace, protocols, networking configuration, and name services configuration.

Related information Software setup 50 | Release Notes

Support for Storage QoS You can use storage quality of service (QoS) to guarantee that performance of critical workloads is not degraded by competing workloads. QoS is available in the ONTAP CLI, System Manager, NetApp Service Level Manager, Workflow Automation, Virtual Storage Console (VMware Plug-in), and APIs.

Supported metrics for throughput ceilings Beginning with ONTAP 9.0, you can specify a combination of IOPS and MB per second to set a throughput ceiling (QoS Max). Whichever limit is reached first is enforced.

Throughput floors Beginning with ONTAP 9.2, Storage QoS supports throughput floors (QoS Min). A throughput floor guarantees that throughput for a workload does not fall below a minimum number of IOPS. Throughput floors are available on AFF platforms only. Throughput floors are available on the following protocols: • In ONTAP 9.2, iSCSI and FC only. • Beginning with ONTAP 9.3, all NAS and SAN protocols. Throughput floors are available for the following storage objects: • In ONTAP 9.2, volumes and LUNs only. • Beginning with ONTAP 9.3, volumes, files, and LUNs.

Adaptive QoS Beginning with ONTAP 9.5, adaptive QoS supports the following: • Workload size expressed as used space for throughput floors. • Throughput limits expressed in both IOPS and MB/s. Beginning with ONTAP 9.3, Storage QoS supports adaptive QoS. Adaptive QoS automatically scales a throughput ceiling or floor, maintaining the ratio of IOPS to TBs|GBs as the size of the volume changes. Three built in cluster-scoped policies are available, Extreme, Performance, and Value. You can also create custom policies. Adaptive QoS is available for the following storage objects: • In ONTAP 9.3, volumes only. • Beginning with ONTAP 9.4, volumes, files, and LUNs.

Support for non-shared QoS policy groups Starting with ONTAP 9.4, you can use a non-shared QoS policy group to specify that the defined throughput ceiling or floor applies to each member workload individually. Behavior of shared policy groups depends on the policy type: • For throughput ceilings, the total throughput for the workloads assigned to the shared policy group cannot exceed the specified ceiling. • For throughput floors, the shared policy group can be applied to a single workload only.

Policy groups per cluster • Beginning with ONTAP 9.0, Storage QoS supports up to 12,000 policy groups per cluster. • Beginning with ONTAP 9.4, Storage QoS supports up to 40,000 policy groups per cluster. New and changed features in the ONTAP 9 release family | 51

FlexGroup support FlexGroup support is available for the following storage QoS features: • In ONTAP 9.3, throughput ceilings only. • In ONTAP 9.4, throughput ceilings, floors, and adaptive QoS.

Application Aware Data Management and Balanced Placement ONTAP 9.2 introduces application aware data management workflow for both AFF and FAS platforms. Application aware data management simplifies storage setup and enables you to serve data in minutes for key applications by providing inputs relevant to the application. Storage is configured and provisioned to both application vendor and NetApp best practices, helping prevent misconfigurations that can lead to performance issues. Application aware data management also uses balanced placement to help optimally provision applications, providing automatic placement of storage objects based on the desired performance service levels and available system resources. This allows you to understand if desired performance is or is not available at the time of provisioning the applications. Once applications are provisioned, you can gain insight and control with the ability to view and manage storage resources at an application granularity. The application data management workflow can be accessed from OnCommand System Manager under the Applications tab. Support is provided for common applications including general SAN and NAS, server virtualization (SAN and NFS), and Oracle single instance and RAC (SAN and NAS).

Enhancement of cluster switch health monitor to detect cluster switch reboot The cluster switch health monitor can now detect and report when a cluster switch has rebooted since the last polling period.

Inline Aggregate-level Data Deduplication enabled by default in AFF systems Beginning with ONTAP 9.2, you can perform Cross Volume Sharing in volumes belonging to the same aggregate using Inline Aggregate-level Deduplication. Cross Volume Deduplication is enabled by default on AFF systems.

Support for capacity based license Beginning with System Manager 9.2, you can add capacity based licenses. However, the capacity based license can be added only for ONTAP Select and FabricPool. For ONTAP Select, the capacity based license defines the total amount of data capacity that the instance is licensed to manage. For FabricPool, the capacity based license defines the amount of data that can be managed in the attached third-party storage (for example, AWS). Cluster management using System Manager 52 | Release Notes

Support for Cluster Expansion Beginning with System Manager 9.2, you can use the cluster expansion feature to increase the size and capabilities of your storage by adding compatible nodes to the cluster and configuring the node network details. Cluster management using System Manager

Support for automatic switchless-cluster detection Beginning with ONTAP 9.2, ONTAP detects if a cluster is switched. It is no longer necessary to manually set the switchless-cluster network option. The detect-switchless-cluster network option is enabled when creating and upgrading clusters.

Unified Manager 7.2 integrates Performance Manager functionality Beginning with OnCommand Unified Manager 7.2, the performance collection and reporting functionality of OnCommand Performance Manager is included in Unified Manager. Now you can use a single product to monitor both the health and performance status of your clusters from a single URL and single user interface.

Unified Manager 7.2 supports ONTAP 8.2 and later software. Customers should upgrade to Unified Manager 7.2 as soon as possible to take advantage of the integrated functionality and new features.

Max aggregate size increase In ONTAP 9.2, the maximum aggregate size for some AFF (AFF) systems has been increased to 800 TiB from 400 TiB. This enables you to create one aggregate for larger capacity SSDs, which is easier to manage and maintain. The increased aggregate size also aids in aggregate-level deduplication, providing more storage efficiency savings. The NetApp Hardware Universe contains more information about system maximums and limits. NetApp Hardware Universe

Support for encrypting volumes Beginning with System Manager 9.5, for supported and licensed platforms, you can enable volume encryption while creating or modifying a FlexVol volume or a FlexGroup volume. You can also change the data encryption key of the volume. Cluster management using System Manager

Support for root-data partitioning enhancements Beginning with ONTAP 9, several enhancements are support for root-data partitioning. • A new version of root-data partitioning called root-data-data partitioning is supported on AFF (AFF) platforms and FAS platforms with only solid state drives (SSDs) attached. With root-data-data partitioning, less space is used for the root partition, which frees more space for data usage. • The root-data partitioning is supported by the FAS2600 series on hard disk drives (HDDs) in external disk shelves. • Beginning with ONTAP 9.2, root-data partitioning is also supported by the following systems on HDDs in external disk shelves. Partitioning of HDDs provides higher storage efficiency for NL- SAS based systems. New and changed features in the ONTAP 9 release family | 53

◦ FAS9000 ◦ FAS8200 ◦ 80xx

Related information Disk and aggregate management

Enhancements to the System Manager cluster dashboard The System Manager cluster dashboard has been enhanced and made responsive for handheld devices to view information about the important alerts and notifications; the efficiency and capacity of aggregates and volumes, and unprotected volumes; the nodes that are available in a cluster; the status of the nodes in an HA pair; the top active file and clients for IOPS and throughput; and the performance metrics like latency, IOPS, and throughput of the cluster or a node. Cluster management using System Manager

Support for cluster setup Beginning with System Manager 9.1, you can use System Manager to set up a new cluster by configuring the node management IP address on any node, and then by adding other nodes. Using the Cluster Setup feature, you can add licences; set up node management, cluster management, and Service Processor management networks; configure the DNS and NTP servers; set up AutoSupport messages and event notifications; create backup information for single-node clusters; and create SVMs using the recommended storage settings. You can set up the cluster by using a template file or by manually entering the values in the guided setup. Cluster management using System Manager

Support for most active files or clients functionality You can track and report the most active instances of a file or client in a cluster using statistical sampling techniques. This information is available through a command line or System Manager. In an enterprise data center where ONTAP systems are deployed and accessed with multiple protocols (NFS, CIFS, FC, iSCSI) by multiple clients simultaneously, it is possible that a particular file might receive a disproportionally large amount of traffic. Similarly, a particular client might be generating disproportionally large amount of traffic. This can cause severe performance degradation on a cluster. The most active files or clients functionality tracks and reports the most active instance of file or client in the cluster, enabling you to narrow in on a high traffic file or client to resolve the issue quickly. The most active files or clients functionality is a standard ONTAP component and does not require any setup or installation.

FIPS 140-2 support for cluster-wide control plane web service interfaces Beginning with ONTAP 9, you can enable the Federal Information Processing Standard (FIPS) 140-2 compliance mode for cluster-wide control plane web service interfaces. By default, the FIPS 140-2 only mode is disabled. You can enable the FIPS 140-2 compliance mode by setting the is-fips-enabled parameter to true for the security config modify command, and then use the security config show command to confirm the online status. When the FIPS 140-2 compliance is enabled, TLSv1 and SSLv3 are disabled, and only TLSv1.1 and TLSv1.2 remain enabled. ONTAP prevents you from enabling TLSv1 and SSLv3 when the FIPS 140-2 compliance mode is enabled. 54 | Release Notes

If you enable FIPS 140-2 mode and then subsequently disable it, TLSv1 and SSLv3 remain disabled, but TLSv1.2 or both TLSv1.1 and TLSv1.2 remain enabled depending on the previous configuration.

Related information System administration

Changes in audit configuration operation A storage administrator can create an audit configuration for a storage virtual machine (SVM) by using the vserver audit create command. If the audit destination path has volumes hosted on an unmirrored aggregate on the MetroCluster configuration node, ONTAP displays a message warning that the specified path does not have MetroCluster synchronous disaster recovery protection.

Support for SHA-2 password hash function To enhance password security, ONTAP 9 and later releases support the SHA-2 password hash function and use SHA-512 by default for hashing newly created or changed passwords. You can also expire or lock accounts as needed. Existing user accounts with unchanged passwords continue to use the MD5 hash function after the upgrade to ONTAP 9 or later, and users can continue to access their accounts. However, it is strongly recommended that you migrate MD5 accounts to SHA-512 by having users change their passwords. The password hash functionality enables you to do the following: • Display user accounts that match the specified hash function. • Expire accounts that use a specified hash function (for example, MD5), forcing the users to change their passwords in their next login. • Lock accounts whose passwords use the specified hash function. • When reverting to a release earlier than ONTAP 9, reset the cluster administrator’s own password for it to be compatible with the hash function (MD5) that is supported by the earlier release.

ONTAP accepts pre-hashed SHA-2 passwords only by using NetApp Manageability SDK (security- login-create and security-login-modify-password).

Related information Upgrade, revert, or downgrade

Password security enhancements ONTAP 9 introduces several enhancements that enable you to increase user password security. The following functionality is now supported. Configurable settings are managed by using the security login role config modify command.

• Configuring password policies to enforce a minimum number of digits, lowercase characters, or uppercase characters • Requiring a delay after a failed login attempt • Defining the account inactive limit • Expiring a user account • Displaying a password expiry warning message • Sending invalid login notifications New and changed features in the ONTAP 9 release family | 55

Every invalid login attempt is audited in the audit.log file. The system generates an EMS message on an hourly basis for invalid login attempts.

Enhanced audit logging Beginning with ONTAP 9, audit logging for the management interface is simplified and consolidated to a single audit.log file. In addition, you can now securely transmit audit logs to external servers using the TCP and TLS protocols, and you can verify the identity of the external servers by validating their certificates. Note: The audit.log file replaces the previous command-history.log and mgwd.log files. In addition, audit logs no longer include internal ONTAP commands or command aliases. Before upgrading, you should review any scripts or tools that refer to the legacy files and their contents.

Related concepts Change in audit logging after upgrade on page 87

Related information System administration

Support for Unicode characters in qtree names Beginning with ONTAP 9, Unicode characters are allowed in qtree names. You can use either the CLI or System Manager to create and modify qtree names to include multi-byte characters that can be in Unicode format, such as Japanese and Chinese characters. You use the volume qtree command family to set or modify qtree names. Note: The junction-path of the qtree's parent volume can contain qtree and directory names with Unicode characters. The volume show command displays these names correctly when the parent volume has a UTF-8 language setting. But if the parent volume language is not one of the UTF-8 language settings, some parts of the junction-path are displayed using a numeric NFS alternate name.

Changes in EMS configuration operation You must configure important EMS event notifications to be sent either as email, forwarded to a syslog server, or forwarded to an SNMP traphost. Beginning with ONTAP 9, the commands have changed. If the AutoSupport noteto parameter is configured with email addresses, they are automatically copied into EMS notification destinations when upgrading to ONTAP 9 or 9.1. A new EMS notification is also created that maps the important-events filter to these addresses. As a result, you will start receiving two email notifications for each callhome event until you remove the email addresses from the AutoSupport noteto parameter. You will also start receiving email notifications about other important events that are originally configured.

Related information EMS express configuration

Support for Storage Encryption onboard key management Beginning with ONTAP 9, onboard key management for Storage Encryption is available. Onboard key management creates and stores authentication keys on the same system with your data, which eliminates the need for and expense of an external key management server. 56 | Release Notes

Related information Disk and aggregate management

Support for cache-retention policies on Flash Pool aggregates Beginning with ONTAP 9, you can assign cache-retention policies to volumes in Flash Pool aggregates. Data in volumes with a high cache-retention policy remains in cache longer and data in volumes with a low cache-retention policy is removed sooner. You can use either the CLI or System Manager to assign a caching policy to a volume and to set the retention priority for the cached data in a volume. These options are available only for data protection volumes in Flash Pool aggregates.

Related information Disk and aggregate management Cluster management using System Manager

Support for headroom functionality ONTAP 9 provides visibility into the cluster's remaining performance capacity, or headroom, at the node or aggregate levels. Monitoring the remaining performance capacity information has the following benefits: • Assists workflow provisioning and balance. • Helps you prevent overloading a node or pushing its resources beyond the optimal point, thereby eliminating undesirable high latencies. • Helps you determine more precisely where additional storage equipment might be needed. With this feature, you receive alerts when a workload is approaching the optimal point (running out of headroom). OnCommand Performance Manager 7.0 supports headroom functionality. The statistics show –object resource_headroom_cpu and statistics show –object resource_headroom_aggr commands provide real-time headroom information for both CPU and aggregate resources, as well as hourly, daily, weekly, and monthly averages for each resource. With a single command a storage administrator can gather insight into how their CPU or aggregate cluster resources has been operating over the last month. The NetApp Manageability SDK interface allows administrators to quickly integrate headroom statistics into other performance frameworks.

Related information Performance management

Support for performance monitoring You can use System Manager to monitor the state of different configured objects. You can view the performance metrics graphs of volumes, LUNs, aggregates, nodes, Ethernet ports, and FC/FCoE adapters.

Support for OnDemand ASUP You can use System Manager for generating AutoSupport data to monitor the health of your storage system and to send notifications to the technical support team. You can generate AutoSupport data for a single node or for all nodes. You can also view the status and details of all previous AutoSupport data to understand the data that was sent to the technical support team. New and changed features in the ONTAP 9 release family | 57

Modified GUI and navigation The graphical user interface (GUI) of OnCommand System Manager has been revamped to simplify navigation and to provide a more intuitive user experience.

MetroCluster configuration enhancements This ONTAP release includes new features and enhancements for MetroCluster configurations.

MetroCluster FC configuration support for Brocade and Cisco switches MetroCluster FC configurations support Brocade and Cisco switches in the back-end storage switch fabric.

Brocade FC switches Available beginning DCX 8510-8 ONTAP 9.4 7840 ONTAP 9.3 This switch includes support for FCIP ISLs. G610 ONTAP 9.3 G620 ONTAP 9.2

Cisco FC switches Available beginning 9132T ONTAP 9.4 9396S ONTAP 9.2

MetroCluster IP configuration support for Cisco switches MetroCluster IP configurations support Cisco switches in the back-end storage switch fabric.

Cisco IP switches Available beginning 3232C ONTAP 9.4 3132Q-V ONTAP 9.3

MetroCluster configuration support for ONTAP features ONTAP 9 releases have added support for certain ONTAP features on both MetroCluster IP and FC configurations.

Supported features in Description Available MetroCluster beginning configuration SVM disaster recovery Active storage virtual machines (SVMs) in a ONTAP 9.5 MetroCluster configuration can be used as sources with the SnapMirror SVM disaster recovery feature. DS460C disk shelves ONTAP 9.2 58 | Release Notes

Supported features in Description Available MetroCluster beginning configuration Reestablishing MetroCluster configurations support the replication of ONTAP 9 SnapMirror or any SnapMirror or SnapVault SVM intracluster SnapVault peering relationship. It is not necessary to re-create relationships SnapMirror relationships after a switchback or switchover operation. Implementation of The implementation of node-level Quality of Service ONTAP 9 node-level QoS (QoS) supports MetroCluster operation. This reduces node outage by prioritizing the I/O operations needed to complete a disaster recovery (DR) operation, such as switchover or switchback.

New MetroCluster features ONTAP 9 releases have added support for new MetroCluster features.

Supported features in Description and where to learn more Available MetroCluster beginning configuration Cluster update with You can update a cluster in MetroCluster ONTAP 9.5 OnCommand System configurations. Manager For clusters in MetroCluster configurations, you must perform each operation on both of the clusters except for updating the cluster. Cluster management using System Manager ISL sharing ISL sharing is supported between two MetroCluster ONTAP 9.2 configurations. ISLs cannot be shared with traffic originating outside of the two MetroClusters. Onboard FC-VI ports MetroCluster configurations support onboard UTA ONTAP 9.1 on AFF A300 and ports pre-configured in FC-VI mode on the AFF A300 FAS8200 storage and FAS8200 storage systems. systems Note: AFF systems are not supported with array LUNs.

Eight-node MetroCluster configurations using the NAS protocol ONTAP 9 MetroCluster support eight nodes. configurations Prior to ONTAP 9, only two-node or four-node MetroCluster configurations were supported. The MetroCluster documentation provides procedures for performing the initial installation of an eight-node MetroCluster configuration. Fabric-attached MetroCluster installation and configuration It also provides procedures for expanding a four-node MetroCluster configuration to an eight-node MetroCluster configuration. MetroCluster Service Guide New and changed features in the ONTAP 9 release family | 59

Supported features in Description and where to learn more Available MetroCluster beginning configuration Unmirrored aggregates MetroCluster configurations support unmirrored data ONTAP 9 aggregates for data that does not require the redundant mirroring provided by MetroCluster configurations. Unmirrored aggregates are not protected in the event of a site disaster. Unimirrored aggregates are supported only on MetroCluster FC configurations.

MetroCluster IP configuration platform support ONTAP 9 releases have added support for different platforms on MetroCluster IP configurations. MetroCluster IP configurations are not supported with array LUNs.

Supported platforms in MetroCluster IP configurations Available beginning AFF A300 and FAS8200 platforms ONTAP 9.5 AFF A800 platforms ONTAP 9.4 ADP ONTAP 9.4 Support AFF platforms with ADP (Advanced Disk Partitioning) enabled. AFF A700 and FAS9000 systems ONTAP 9.3

Networking and security protocol enhancements This ONTAP release includes new networking features and security protocol enhancements.

Functionality Description and where to learn more Available beginning NTPv3 support Network Time Protocol (NTP) version 3 includes symmetric ONTAP authentication using SHA-1 keys which increases network 9.5 security. Commands for managing symmetric authentication on NTP servers SSH login When you log in as an SSH admin user, you can view ONTAP security alerts information about previous logins, unsuccessful attempts to log 9.5 in, and changes to your role and privileges since your last successful login. SSH login security LIF service You can create new service policies or use a built-in policy; for ONTAP policies example, to create a LIF for carrying intercluster or BGP 9.5 peering traffic. Configuring LIF service policies 60 | Release Notes

Functionality Description and where to learn more Available beginning Virtual IP (VIP) A VIP data LIF is a LIF that is not part of any subnet and is ONTAP LIFs and border reachable from all ports that host a BGP LIF in the same 9.5 gateway protocol IPspace. A VIP data LIF eliminates the dependency of a host (BGP) support on individual network interfaces. Creating a virtual IP (VIP) data LIF Multipath routing Multipath routing provides load balancing by utilizing all the ONTAP available routes to a destination. 9.5 Enabling multipath routing Portmap service You can modify firewall policies to control whether the ONTAP portmap service is accessible on particular LIFs. 9.4 Portmap service is configurable in firewall in ONTAP 9.4 SSH MFA for SSH MFA for LDAP or NIS uses a public key and nsswitch to ONTAP LDAP or NIS authenticate remote users. 9.4 Enabling LDAP or NIS account access SSH MFA for SSH MFA for local accounts uses a public key and a password ONTAP local administrator to authenticate local users. 9.3 accounts Enabling SSH multifactor authentication (MFA) Security Assertion You can use SAML authentication to configure MFA for web ONTAP Markup Language services such as Service Processor Infrastructure (spi), ONTAP 9.3 (SAML) APIs, and OnCommand System Manager. authentication Setting up SAML authentication SSH login You can configure the maximum number of unsuccessful ONTAP attempts secure shell (SSH) login attempts to protect against brute force 9.2 attacks. Managing failed login attempts Digital security ONTAP provides enhanced support for digital certificate ONTAP certificates security with Online Certificate Status Protocol (OCSP) and 9.2 pre-installed default security certificates. Verifying digital certificates are valid using OCSP Security with You can configure SNMPv3 traphosts with the User-based ONTAP SNMPv3 Security Model (USM) security. With this enhancement, 9.1 traphosts SNMPv3 traps can be generated by using a predefined USM user's authentication and privacy credentials. Configuring traphosts to receive SNMP notifications IPv6 Dynamic DNS (DDNS) name service is available on IPv6 LIFs. ONTAP Creating a LIF 9.0 LIFs per node The supported number of LIFs per node has been increased for ONTAP some systems. See the Hardware Universe for the number of 9.0 LIFs supported on each platform for a specified ONTAP Release. Creating a LIF NetApp Hardware Universe New and changed features in the ONTAP 9 release family | 61

Functionality Description and where to learn more Available beginning LIF management: ONTAP and System Manager automatically detect and isolate ONTAP identifying and network port failures. LIFs are automatically migrated from 9.0 isolating bad ports degraded ports to healthy ports. Monitoring the health of network ports Link Layer LLDP provides a vendor-neutral interface for verifying and ONTAP Discovery troubleshooting cabling between an ONTAP system and a 9.0 Protocol (LLDP) switch or router. It is an alternative to Cisco Discovery Protocol (CDP), a proprietary link layer protocol developed by Cisco Systems. Enabling or disabling LLDP Unified Capability DSCP marking is a mechanism for classifying and managing ONTAP (UC) compliance network traffic and is a component of UC compliance. You can 9.0 with enable DSCP marking on outgoing (egress) IP packet traffic for Differentiated a given protocol with a default or user-provided DSCP code. Services Code If you do not provide a DSCP value when enabling DSCP Point (DSCP) marking for a given protocol, a default is used: marking • The default value for data protocols/traffic is 0x0A (10). • The default value for control protocols/traffic is 0x30 (48). DSCP marking for UC Compliance

SAN enhancements This ONTAP release includes new features and enhancements for SAN.

LUN resizing limitation removed in ONTAP 9.5 Beginning with ONTAP 9.5, a LUN can be resized up to 16 TB, which is the maximum size allowed, regardless of the LUN's initial size. This limitation applies to LUNs created in any version of ONTAP 9, except LUNs with the Solaris osytpe. Solaris LUNs cannot be resized. The ONTAP 9 SAN Administration Guide indicates that you can only grow your LUN up to 10 times the original size. This applies only to ONTAP 9.4 and earlier.

Support for NVMe protocol ONTAP 9.4 introduces NVMe over Fibre Channel (NVMe/FC), a new block access protocol that serves blocks to the host in a similar manner to FCP and iSCSI. NVMe/FC uses an NVMe command set instead of SCSI. The NVMe architecture, lean command set, and scalable sessions enable significant reduction in latency and increase in parallelism, making it well suited to low-latency and high-throughput applications such as in-memory databases, analytics, and more. You can provision and configure NVMe/FC through on-box OnCommand System Manager entering the IP address of the cluster management or any of the node management ports or by using the command line interface (CLI). End-to-end NVMe/FC connectivity from the host through SAN Fabric to NetApp AFF controllers is necessary to get the maximum performance using this new protocol. Consult the NetApp Interoperability Matrix Tool to verify the latest supported solution stack for ONTAP 9.4. 62 | Release Notes

Note: ONTAP 9.4 implementation of NVMe/FC requires application-level high availability. In the event of a controller loss or path failure, the application host needs to manage path failover to its high availability (HA) partner. This limitation exists because the NVMe multipathing specification called Asymmetric Namespace Access (ANA), analogous to ALUA in the SCSI protocol, was still under development. While implementing NVMe/FC, NetApp has helped design the ANA protocol at the NVMe forum, where it was recently ratified.

Support for iSCSI Endpoint Isolation In ONTAP 9.2 existing iSCSI security commands where enhanced to now accept an IP address range, or multiple IP addresses. This new functionality prevents an initiator from logging into the cluster if the origination IP address is unsupported or unknown, providing a more unique identification scheme. Add an IP address range, or multiple IP addresses with the vserver iscsi security add- initiator-address-range command.

cluster1::> vserver iscsi security add-initiator-address-range

Refer to the SAN administration guide for more information on iSCSI initiator security management. Refer to the ONTAP command reference manual for more information on iSCSI initiator commands. ONTAP 9 commands

Support for Foreign LUN Import (FLI) with AFF Beginning with ONTAP 9.1, FLI is supported with AFF. You can now use FLI to import LUNs from other arrays directly into AFF clusters.

Support for Foreign LUN Import (FLI) Interoperability Matrix (IMT) Beginning with ONTAP 9.1, the Foreign LUN Import (FLI) Interoperability Matrix (IMT) defines the source arrays that NetApp qualifies for Foreign LUN Import.

Related information NetApp Interoperability Matrix Tool

Support for simplified SAN AFF provisioning templates Beginning with ONTAP 9.1, a new SAN provisioning template based on NetApp best practices is available in the OnCommand System Manager. Using the storage provisioning templates can prevent misconfigurations that lead to performance issues. The following template is accessible under the Application Provisioning tab: • SAN SAP HANA

Support for increasing the maximum SAN cluster size to 12 nodes Beginning with ONTAP 9.1, the number of nodes you can add to a SAN cluster has increased from 8 to 12. Support for 12-node SAN clusters has the same limits as those used for 8-node clusters; that is, the per-node and per-cluster object count limits are the same as for 8-node SAN. The user cannot disable Selective LUN Map (SLM) when the cluster has more than 8 nodes. If SLM is disabled, you cannot add the ninth node to the cluster until SLM is turned on again. New and changed features in the ONTAP 9 release family | 63

Related information NetApp Hardware Universe

Gigabit Ethernet connectivity link speed is autoconfigured for FAS2552 and FAS2554 systems For FAS2552 and FAS2554 systems with Converged Network Adapter (CNA) ports, also known as Unified Target Adapters 2 (UTA 2) ports, the Gigabit Ethernet (GbE) connectivity link speed is autoconfigured. The speed at which the interface operates (1 or 10 GbE) depends on the type of module that is inserted. If a 10 GbE module is inserted, the interface operates at 10 GbE. Similarly, if a 1 GbE module is inserted, the interface operates at 1 GbE. Note:

• FCoE is not supported when the interface is operating at 1GbE speed. • The terms converged network adapter and unified target adapter are synonyms. Depending on the model and how it is configured, the adapter can provide Fibre Channel, iSCSI, or FCoE/ Ethernet capability.

ODX LUN copy is now supported between clusters Beginning with ONTAP 9, you can use Microsoft Offloaded Data Transfer (ODX, also known as copy offload) for intercluster LUN transfers in SAN environments, in addition to inter-volume and inter-SVM transfers that were previously supported. Intercluster ODX is supported for SAN protocols only, not for SMB.

Related information SAN administration iSCSI target support for an FQDN response Beginning with ONTAP 9, clusters can be configured to return a fully qualified domain name (FQDN) response when a host OS sends an iSCSI discovery request. An FQDN response is configured with the iSCSI interface modify command at the advanced privilege level. The return of an FQDN response is useful when there is a Network Address Translation (NAT) device between the host OS and the storage service. IP addresses on one side of the NAT device are invalid on the other side, but FQDNs can be valid on both sides.

Storage resource management enhancements This ONTAP release includes a number of enhancements for performance, resiliency, and management capabilities for storage resources.

Support for MAX Data 1.1 ONTAP 9.5 adds support for MAX Data 1.1. MAX Data provides very low latency storage for high- performance applications. For more information, see the MAX Data documentation and resources.

Related information NetApp Documentation: Product Guides and Resources 64 | Release Notes

Support for FlexCache volumes Starting with ONTAP 9.5, FlexCache volumes are supported. A FlexCache volume is a sparsely populated volume that is backed by an origin volume. The FlexCache volume provides access to data in the origin volume without requiring that all of the data be in the FlexCache volume. You can use FlexCache volumes to speed up access to data or to offload traffic from heavily accessed volumes. FlexCache volumes help improve performance, especially when clients need to access the same data repeatedly, because the data can be served directly without having to access the origin volume. Therefore, you can use FlexCache volumes to handle system workloads that are read- intensive. The origin volumes can be mounted using any NAS protocols. In ONTAP 9.5, FlexCache volumes must be mounted using NFSv3. Also, FlexCache volumes are supported on AFF, FAS, and ONTAP Select systems. In ONTAP 9.5, FlexCache volumes support quotas at the origin volume.

Related information FlexCache volumes management

FlexGroup eligible aggregates Starting with System Manager 9.5, when you create a FlexGroup on a FabricPool-enabled aggregate, aggregates are selected by default according to best practices. For All-Flash Optimized storage systems, thin provisioning is enabled by default, and for other storage systems, thick provisioning is enabled by default. You can override the best practices defaults and select your choices from a list of eligible FabricPool aggregates.

Enhancements for FabricPool functionality FabricPool adds several enhancements that help you manage storage tiers more efficiently. The key enhancements for FabricPool in ONTAP 9.4 include the following:

• Support for the auto tiering policy The auto tiering policy moves cold user data in both the Snapshot copies and the active file system to the capacity tier after the tiering minimum cooling period (31 days by default). • Support for modifying the tiering minimum cooling period You can change the tiering minimum cooling period on a volume that uses the snapshot-only or auto tiering policy.

• Support for Microsoft Azure Blob Storage for the cloud as the external capacity tier

• Inactive data reporting Inactive data reporting enables you to see how much data in a volume is inactive, regardless of whether the aggregate is part of FabricPool. You need to explicitly enable the inactive data reporting functionality if the aggregate is not used for FabricPool. • Support for ONTAP Select Only all flash (all SSD) aggregates are supported for using FabricPool with ONTAP Select. • Support for object defragmentation FabricPool now defragments objects based on the percentage of used blocks in the object. This enhancement reclaims space used by blocks that have been deleted or are no longer being referenced by the performance tier. The default percentage for the threshold depends on the object store's provider type. You can specify the threshold percentage. New and changed features in the ONTAP 9 release family | 65

The key enhancements for FabricPool in ONTAP 9.5 include the following: • Support for specifying the aggregate fullness threshold You can modify the aggregate fullness threshold used by the tiering scan by using the storage aggregate object-store modify command with the -tiering-fullness-threshold parameter in the advanced privilege level to adjust the aggregate utilization percentage reached before FabricPool starts tiering. The default value is 50 percent. • Support for using IBM Cloud Object Storage as the cloud tier for FabricPool • Support for AWS Commercial Cloud Services (C2S) • Support for attaching aggregates that contain qualified FlexGroup volume constituents You can use the allow-flexgroup true option with the storage aggregate object- store attach command to attach aggregates that contain FlexGroup volume constituents.

• NetApp Volume Encryption (NVE) of the cloud tier If the source volume is NVE enabled, this feature is enabled by default, and the encryption is preserved across the cloud tier.

Related information Disk and aggregate management

Support for fast zeroing of drives For systems that are freshly installed with ONTAP 9.4 or later or systems that are reinitialized with ONTAP 9.4 or later, drive zeroing takes place automatically and is complete in seconds. This enhancement, called fast zeroing, greatly reduces the time it takes for system initialization, aggregate creation, or aggregate expansion. ONTAP automatically and quickly zeros drives. You no longer experience long wait times for drives to zero before provisioning. This enhancement is supported on both SSDs and HDDs. If you choose to manually zero drives (for example, using the storage disk zerospares command at the admin level or boot menu option (4) Clean configuration and initialize all disks), the process also takes only seconds. The fast zeroing enhancement does not support systems upgraded from a release earlier than ONTAP 9.4. If any node on the cluster contains an aggregate with fast-zeroed drives, then you cannot revert the cluster to ONTAP 9.2 or earlier.

Support for FlexGroup volumes ONTAP 9.1 introduces a new type of volume called FlexGroup volume. A FlexGroup volume is a scale-out NAS container that provides high performance, automatic load distribution, and scalability. FlexGroup volumes support NFSv3 and SMB 2.x. FlexGroup volumes support several ONTAP features such as Snapshot copies, SnapMirror disaster recovery (DR), quota reporting, thin provisioning, and storage efficiency. Full support for configuring and managing FlexGroup volumes is available in the ONTAP command- line interface (CLI). An important subset of the features of FlexGroup volumes is available in System Manager. You can use System Manager to create, view, edit, delete, resize, expand, and change the status of FlexGroup volumes. 66 | Release Notes

Features supported starting from ONTAP 9.5 • ODX copy offload • Storage-Level Access Guard • Enhancements to change notifications for SMB shares Change notifications are sent for changes to the parent directory on which the changenotify property is set and for changes to all of the subdirectories in that parent directory. • FabricPool • Quota enforcement • Qtree statistics • Adaptive QoS for files in FlexGroup volumes

Features supported starting from ONTAP 9.4 Beginning with ONTAP 9.4, the following features are supported on FlexGroup volumes: • FPolicy • File auditing • Throughput floor (QoS Min) and adaptive QoS for FlexGroup volumes • Throughput ceiling (QoS Max) and throughput floor (QoS Min) for files in FlexGroup volumes You can use the volume file modify command to manage the QoS policy group that is associated with a file. • Enhancements for managing FlexGroup volumes using System Manager Enhancements to FlexGroup volumes on page 49

Features supported starting from ONTAP 9.3 Beginning with ONTAP 9.3, the following features are supported on FlexGroup volumes: • Qtrees You can use qtrees for data management and quota reporting. Tree quota type is also supported in ONTAP 9.3. • Antivirus You can use the vserver vscan commands to configure virus scanning for FlexGroup volumes.

• Throughput ceiling (QoS Max) Throughput floor (QoS Min) and adaptive QoS are not supported for FlexGroup volumes.

• Change notifications for SMB shares Only non-inherited watches are supported for FlexGroup volumes. Notifications are generated only for the files that are placed immediately below the directory for which a change notification is set. For example, if the change notification is set at the root (/) directory, notifications are sent only for the files that are in the root directory. For any files that are within a subdirectory of the root directory, notifications are not sent. • Option to expand the source and destination FlexGroup volumes in a SnapMirror relationship When the destination FlexGroup volume is created, the volume is set up for automatic expansion by default. You can modify the destination FlexGroup volume for manual expansion, if required. Important: The best practice is to expand the destination FlexGroup volume automatically. New and changed features in the ONTAP 9 release family | 67

• SnapVault backup and restore You can perform a full-volume restore of FlexGroup volumes. Single-file restore is not supported for FlexGroup volumes. • Unified data protection relationships Long-term retention and storage efficiency are not supported for SnapVault relationships and unified data protection relationships. • Autogrow option and autoshrink option You can use the volume autosize command with the grow option or the grow_shrink option to automatically resize a volume. You must use the ONTAP CLI to perform all of these operations.

Features supported starting from ONTAP 9.2 Beginning with ONTAP 9.2, you can enable encryption on FlexGroup volumes. Note: You must enable encryption on FlexGroup volumes at the time of creation. You cannot enable encryption on existing FlexGroup volumes.

Related information FlexGroup volumes management Cluster management using System Manager NetApp Technical Report 4557: NetApp FlexGroup - A Technical Overview Antivirus configuration Upgrade, revert, or downgrade

Support for auto-provisioning aggregates Beginning in ONTAP 9.2, you can let ONTAP recommend aggregate configurations for your system by running the storage aggregate auto-provision command. The auto-provision command analyzes spare disks in the cluster and recommends how many spare disks should be used to create aggregates. This command can be invoked after adding new drive shelves to a running system. In addition, the command will automate the process of combining partitioned disks and whole disks into aggregates as needed. A detailed summary of recommended aggregates, including names and usable size, is then generated. The user is prompted to decide whether the aggregates should be created as recommended.

Related information Disk and aggregate management

Support for storage tiers by using FabricPool Beginning with ONTAP 9.2, you can enhance the efficiency and balance the performance and cost of your storage system by using FabricPool as a storage tiering solution. You can use the CLI or OnCommand System Manager for this functionality. FabricPool uses an all flash (all SSD) aggregate as the performance tier to store data that is “hot” (frequently accessed). It uses an object store as the external capacity tier to store data that is “cold” (infrequently accessed). Tiering policy options are available at the volume level to provide flexibility and efficiency in moving data across tiers as data becomes hot or cold. ONTAP supports using Amazon Web Services Simple Storage Service (AWS S3) and NetApp StorageGRID as the capacity tier for FabricPool. Newly ordered AFF systems come with 10 TB of free capacity for using AWS S3 with FabricPool. If you need additional capacity for AWS S3 on an AFF system, if you use AWS S3 as the capacity tier with a non-AFF system, or if you upgrade from 68 | Release Notes

an existing cluster, you need a FabricPool license. A license is not required if you use NetApp StorageGRID as the capacity tier. The following functionality or features are not currently supported with FabricPool: • Information lifecycle management (ILM) policies that are applied to object store buckets • 7-Mode data transition using the ONTAP CLI commands or the 7-Mode Transition Tool • FlexArray Virtualization • FlexGroup volumes • Infinite Volumes • MetroCluster configurations • RAID SyncMirror • SnapLock volumes • SVM disaster recovery (SVM DR) • Tape backup using SMTape, NDMP, or a dump backup • The Auto Balance functionality • Volumes using a space guarantee other than none

Related information Disk and aggregate management

Support for data compaction Beginning with ONTAP 9, you can run inline data compaction on a FlexVol volume or an Infinite Volume to achieve optimal space savings. Data compaction increases storage efficiency by storing more data in less space. Data compaction stores multiple user data blocks and files within a single 4 KB block on a system running ONTAP. You can run data compaction independently or together with data compression or deduplication. Data compaction is enabled by default on AFF systems, and you can optionally enable it on volumes on FAS systems. You can use either the CLI or System Manager to provide storage efficiency. For more information about running data compaction on existing data, see the volume efficiency start command in the man pages. You can use System Manager to view the total logical space used, total physical space used, overall savings from storage efficiency, data reduction ratio, FlexClone volume ratio, and Snapshot copies ratio. You can view the storage efficiency savings for a cluster or a specific node.

Related information Logical storage management Cluster management using System Manager

Support for automated SAN and NAS storage provisioning Beginning with ONTAP 9, new templates based on vendor and NetApp best practices are available in OnCommand System Manager to provision NAS and SAN storage. Using the templates for storage provisioning can prevent misconfigurations that lead to performance issues. The following new templates are accessible under the Application Provisioning tab: • NFS Oracle • NFS Oracle RAC • SAN Oracle Single New and changed features in the ONTAP 9 release family | 69

• SAN Oracle RAC • SMB SQL Server • SAN SQL Server • NAS Virtual Server Infrastructure • SAN Virtual Server Infrastructure • SAN Virtual Desktop Beginning with ONTAP 9.2, the following types of applications can be created through the Application Provisioning tab: • SAN SQL Server • SMB SQL Server • SAN Virtual Desktop • NAS Virtual Desktop • SAP HANA • Mongo DB Also beginning with ONTAP 9.2, new application navigation is available to provide enhanced application support for the following. Enhanced application support provisions storage according to best practices and tracks the capacity and performance of the application’s storage. • SAN containers • NAS containers • NFS Oracle • NFS Oracle RAC • NFS Virtual Server Infrastructure • SAN Oracle • SAN Oracle RAC • SAN Virtual Server Infrastructure

Support for volume-level user and group IDs (UIDs and GIDs) in FlexClone volumes Beginning with ONTAP 9, you can specify volume-level user and group IDs (UIDs and GIDs) for FlexClone volumes using the volume clone create command with the -uid and -gid parameters. If specified, all files and directories in a FlexClone volume inherit the specified UID and GID. If not, the UID and GID of the parent volume are inherited by default.

Support for relocating root volumes to new aggregates ONTAP 9 enables you to move the root volume to a newly created aggregate in a functional system. You can now change the location of the root volume to a new aggregate in the following scenarios: • When the root aggregates are not on the disks you prefer. • When you want to rearrange the disks connected to the node. 70 | Release Notes

• When you are performing a shelf replacement of the EOS disk shelves.

Support for rehosting a volume from one SVM to another SVM Beginning with ONTAP 9, you can rehost any NAS or SAN volume from one storage virtual machine (SVM) to another SVM without performing a data copy operation. Volume rehost is a disruptive operation. You must perform some manual steps before and after rehosting a volume.

Related information Logical storage management

Supported security styles for Infinite Volumes Beginning with ONTAP 9, Infinite Volumes can have any of the following security styles: unix, ntfs, mixed, or unified. Infinite volumes management

Storage efficiency enhancements This release of ONTAP provides new and changed storage efficiency capabilities.

Enhanced Storage Efficiency reporting The percentage of logical space used and the status of logical space reporting is now displayed in the System Manager Volumes window.

Support for Automatic Background Deduplication on AFF systems Beginning with ONTAP 9.3, background deduplication jobs run automatically with Automatic Background Deduplication (ADS) on AFF systems. ADS is enabled by default for all newly created volumes. The feature uses the block fingerprints created during the inline deduplication process. Beginning with ONTAP 9.4, AFF users upgrading from ONTAP 9.2 and earlier can run the storage aggregate efficiency cross-volume-dedupe start command to eliminate duplicates on previously created volumes belonging to the same aggregate:

cluster-1::> storage aggregate efficiency cross-volume-dedupe start - aggregate aggr1 -scan-old-data true

After you run the command, ADS performs automatic continuous background deduplication on the volumes belonging to the specified aggregate.

Support for cross volume deduplication on AFF systems Beginning with ONTAP 9.3, when Automatic Background Deduplication is enabled on an AFF (AFF) system, duplicate blocks within a volume and between volumes that are provisioned on the same data aggregate are deduplicated. New and changed features in the ONTAP 9 release family | 71

Support for inline storage efficiency enablement on AFF systems Storage efficiency features are currently enabled by default on all newly created volumes on AFF systems. Beginning with ONTAP 9.2, all inline storage efficiency features are enabled by default on all existing and newly created volumes on all AFF systems. Storage efficiency features include inline deduplication, inline cross-volume deduplication and inline compression, and are enabled by default on AFF systems as shown in the table. Note: Data compaction behavior on AFF volumes is unchanged in ONTAP 9.2 as it is already enabled by default.

Volume conditions Storage efficiency features enabled by default in ONTAP 9.2 Inline deduplication Inline cross-volume Inline compression deduplication Cluster upgrade to 9.2 Yes Yes Yes ONTAP 7-Mode Yes Yes Yes transition to clustered ONTAP Volume move Yes Yes Yes Thick-provisioned Yes No Yes volumes Encrypted volumes Yes No Yes

The following exceptions apply to one or more inline storage efficiency features: • Only read-write volumes can support default inline storage efficiency enablement. • Volumes with compression savings are omitted from enabling inline compression. • Volumes that have postprocess deduplication turned on are omitted from enabling inline compression. • On volumes where volume efficiency is turned off, the system overrides the existing volume efficiency policy settings and sets it to enable the inline-only policy.

Storage efficiency visualization changes in the CLI Beginning with ONTAP 9.2, the storage aggregate show-efficiency command was introduced to the CLI. This command shows the overall storage efficiency ratio along with logical and physical used details, and has now been enhanced to show efficiency technology ratios separately. The ONTAP command man page documentation outlines the parameters and use cases for theaggregate show-efficiency command. ONTAP 9 commands The Logical storage management guide provides procedures for using efficiency technologies and the views available when using the storage aggregate show-efficiency command. Logical storage management 72 | Release Notes

Transition enhancements This ONTAP release includes some enhancements to the SnapMirror functionality that enable you to transition from Data ONTAP operating in 7-Mode to ONTAP.

Support for transitioning SnapLock volumes Beginning with ONTAP 9, you can transition 7-Mode SnapLock volumes by using SnapMirror commands. You can transition SnapLock Enterprise or SnapLock Compliance volumes that are either in a stand-alone configuration or in a volume SnapMirror relationship.

Related information 7-Mode data transition using SnapMirror

Support for transitioning a disaster recovery relationship between vFiler units Beginning with ONTAP 9, you can transition the disaster recovery (DR) relationship between the primary vFiler unit and secondary vFiler unit on 7-Mode systems to a disaster recovery relationship between the source SVM and destination SVM in clusters. 7-Mode data transition using SnapMirror

Support for transitioning peering networks from IPv4 to IPv6 ONTAP 9 and later releases enable you to transition your peering networks from IPv4 to IPv6 by optionally allowing both protocols to be present simultaneously on the IC LIFs. In prior releases, all IC relationships for an entire cluster were either IPv4 or IPv6. This meant that transitioning from one to the other was a potentially disruptive event.

Upgrade enhancements This ONTAP release includes new features and enhancements related to the software upgrade process.

Support for direct ONTAP software image upload Beginning in ONTAP 9.4, you can copy the ONTAP software image from the NetApp Support Site to a local folder. You do not have to copy the software image to an HTTP or FTP server.

Support for automated non-disruptive upgrade for MetroCluster configurations Beginning with ONTAP 9.4, automated non-disruptive upgrade from ONTAP 9.3 to ONTAP 9.4 is supported for MetroCluster configurations through the command line interface (CLI). New and changed features in the ONTAP 9 release family | 73

Enhancements for cluster join and unjoin Beginning with ONTAP 9.3, changes have been made to the cluster join functionality to enhance cluster stability and to the cluster unjoin functionality for mixed version clusters to enhance ease of use. Beginning with ONTAP 9.3, all nodes in a cluster must be running the same version of ONTAP before a new node can be joined. By default, you cannot join new nodes of a different version. This increase cluster stability. If necessary for an upgrade, you can override the default behavior and join a node of a different version using the following advance privilege commands:

• cluster join -allow-mixed-version-join

• cluster add-node -allow-mixed-version-join

In such cases, you should complete the upgrade as quickly as possible; do not allow the cluster to remain in a mixed version state longer than necessary.

Also beginning with ONTAP 9.3, in the case of a mixed version cluster, you can now unjoin the last low version node from the cluster using the advance privilege cluster unjoin -skip-last- low-version-node-check command.

Support for additional upgrade, downgrade, and revert paths With each ONTAP release, new paths are available for upgrade to the last ONTAP version. Paths to downgrade or revert from the latest version are also available. See the Upgrade Express Guide or the Upgrade and Revert/Downgrade Guide for valid upgrade, downgrade, and revert paths.

Related information Software express upgrade Upgrade, revert, or downgrade

Support for installing ONTAP software and firmware from an external USB mass storage device For hardware models initially supported by ONTAP 9.1, you can install the ONTAP software and firmware from an external USB mass storage device. With this enhancement, the external USB port on hardware platforms installs or copies ONTAP software and firmware on the embedded boot media. The USB device is specified as file://usb0/filename. For example, the file name can be image.tgz. The ONTAP software and firmware installation package must be present in the root directory of the USB mass storage device. The following commands access the ONTAP software and firmware installation package from the external USB mass storage device:

• system node image get

• system node image update

• system node firmware download

• storage firmware download

Note: The commands system node firmware download and storage firmware download are available to cluster administrators at the advanced privilege level. 74 | Release Notes

Expanded support for automated nondisruptive upgrades ONTAP 9 expands the automated nondisruptive upgrade (NDU) method to include major upgrades from Data ONTAP 8.3.x to ONTAP 9. Software express upgrade

EMS Upgrade Requirements If you are using EMS messages on a system running ONTAP 8.3, you will need to remove your current EMS configuration prior to upgrading to ONTAP 9. EMS operations have been redesigned for ONTAP 9. The best way to upgrade is to start with a fresh installation. After upgrading to ONTAP 9, use the EMS Configuration Express Guide to configure EMS. To remove your current configuration, do the following: event route remove-destinations -message-name !callhome.* -destinations * event route modify -message-name callhome.* -destinations asup 75

Fixed issues in OnCommand System Manager

It is a good practice to review the bugs that are fixed in this release of System Manager. Bugs Online provides detailed information about fixed issues. To view information about the status of a bug, you can click the Bug ID hyperlink to access the report in Bugs Online. Note: Currently, Bugs Online does not display fixed-in version information for System Manager.

Bug ID Description 1016348 SnapMirror reverse resynchronization operation fails from OnCommand System Manager 975029 System Manager returns wrong results when a CIFS share name starting with “!” is queried. 950656 System Manager displays the container type for the remote cluster disks as “unknown”. 982697 When viewing the LUNs of a specific storage virtual machine (SVM) in the LUN window, the system returns the wrong value of “Nil” for the Online and State fields. 982768 System Manager must provide a warning message before deleting Snapshot copies, and rephrase the text of the labels for clarity. 670176 System Manager sets the default security style of SAN volumes to UNIX while creating volumes, which is incorrect. 860591 System Manager fails to open in the same browser after an ONTAP upgrade. 747446 Incorrect node information is displayed in the Aggregates window when the aggregate is not on the home node. 708534 The performance degradation warning message is not displayed during a reverse synchronization operation. 1047910 SVM configuration with iSCSI protocol does not work in OnCommand System Manager when the cluster has CNA ports on the nodes. 76

Unsupported features for ONTAP 9

Support is discontinued for some ONTAP and System Manager functionalities in the ONTAP 9 release family, and some ONTAP commands are deprecated.

Infinite Volumes not supported Beginning with ONTAP 9.5, Infinite Volumes are no longer supported. Infinite Volumes will no longer serve data. In order to preserve the data access to Infinite Volumes, you must stay on ONTAP 9.4 or migrate data out of Infinite Volumes and delete them prior to upgrading. It is recommended that you contact technical support for assistance in decommissioning your Infinite Volumes configuration before upgrading to ONTAP 9.5.

Fast path routing not supported As part of a networking stack update for improved performance and resiliency, fast path routing support was removed in ONTAP 9.2 and later releases because it made it difficult to identify problems with improper routing tables. Therefore, it is no longer possible to set the ip.fastpath.enable option in the nodeshell, and existing fast path configurations are disabled when upgrading to ONTAP 9.2 and later. For more information, see NetApp Knowledgebase Answer 1072895: Network traffic not sent or sent out of an unexpected interface after upgrade to 9.2 or later.

Removal of support for network routing-groups commands The network routing-groups commands are deprecated in ONTAP 9 releases, and beginning with ONTAP 9.4, they are no longer supported. You should use the network route command set to configure routes instead.

Deprecated kmip-server-ip option The kmip-server-ip option from the security certificate install command is deprecated.

Deprecated security key-manager certificate update command The security key-manager certificate update command is deprecated.

Legacy hardware not supported The following legacy hardware is no longer supported:

Devices Support discontinued in ONTAP... DS14 disk shelves 9.0 Unsupported features for ONTAP 9 | 77

Devices Support discontinued in ONTAP... FAS platforms 9.2 • FAS2220 • FAS2240-2 • FAS2240-4 • FAS3220 • FAS3250 • FAS3270 • FAS6210 • FAS6220 • FAS6240 • FAS6250 • FAS6280 • FAS6290

V-Series platforms 9.2 • V3220 • V3250 • V3270 • V6210 • V6220 • V6240 • V6250 • V6280 • V6290

IOM3 modules for DS4243 shelves 9.4 and later Note: Support was initially discontinued in ONTAP 9.2. DS4243 IOM3 shelves for FAS2500 and FAS8000 system continued to be supported from ONTAP 9.2P1 to ONTAP 9.3Px.

For more information about the supported platforms, see the Hardware Universe. NetApp Hardware Universe 78 | Release Notes

Deprecated auto-giveback-override-vetoes, check-partner, and bypass-takeover- optimization parameters Beginning with ONTAP 9.2, the auto-giveback-override-vetoes, check-partner, and bypass-takeover- optimization parameters are deprecated from the storage failover modify and storage failover show commands.

Disabled cluster name parameter Beginning with ONTAP 9.2, the cluster name parameter is disabled from the cluster join command.

Load-sharing mirrors for data volumes are deprecated Beginning with ONTAP 9.1, you can no longer create new load-sharing mirrors for data volumes. Existing load-sharing mirrors data volumes continue to be supported but support will be withdrawn in a future ONTAP release. If you want to use load-sharing relationships on data volumes, you should use the command options -option-name replication.ls_mirrors_on_data_volumes.enable on and retry creating the SnapMirror relationship. Load-sharing mirrors for root volume protection continue to be supported as a NetApp best practice.

DS14 shelves are not supported DS14 disk shelves are not supported for ONTAP 9.

LDAP over SSL replaced with LDAP over TLS The SSL protocol is no longer supported for secure communication between the LDAP server and the ONTAP LDAP client. Secure LDAP communication is now supported with the more secure TLS protocol using LDAP over TLS. The -allow-ssl option of the vserver services name- service ldap client command family is no longer available.

Remote Support Agent (RSA) replaced with AutoSupport On Demand Remote Support Agent is no longer available in the SP firmware that is bundled with ONTAP 9. The corresponding SP CLI command directory rsa is no longer supported. For remote support features in ONTAP, you should enable AutoSupport On Demand.

Ordinal Snapshot Renaming not supported with secondary Snapshot copies The Ordinal Snapshot Renaming feature will not work with Vault Long Term Retention.

Deprecated -ns-switch and -nm-switch options The -ns-switch and -nm-switch options of the vserver create and vserver modify commands are deprecated. You must use the new vserver services name-service ns- switch command instead.

Deprecated event commands The following event commands are deprecated:

• event destination create

• event destination delete

• event destination modify Unsupported features for ONTAP 9 | 79

• event destination show

• event mailhistory delete

• event mailhistory show

• event route add-destinations

• event route modify

• event route remove-destinations

• event route show

• event snmphistory delete

• event snmphistory show

Deprecated system node coredump commands The following system node coredump commands are deprecated:

• coredump segment show

• coredump segment delete

• coredump segment delete-all

Deprecated node scope commands The savecore and partner savecore commands are deprecated.

Deprecated dashboard commands The following dashboard commands are deprecated:

• dashboard health vserver

• dashboard alarm

Obsoleted v3-tcp-max-read-size and v3-tcp-max-write-size options The v3-tcp-max-read-size and v3-tcp-max-write-size options of the vserver nfs create, vserver nfs modify, and vserver nfs show commands are obsolete. You must use the -tcp-max-xfer-size option instead.

Browser service not supported The host announcements are not made using the User Datagram Protocol (UDP). These announcements are needed to support the Windows browser service for NETBIOS name resolution. To resolve this issue, you should switch to a Microsoft Active Directory.

Deprecated automatic LIF rebalancing feature The automatic LIF rebalancing feature, which allowed LIFs to automatically migrate to a less-used port based on the load balancing weights assigned to the LIFs, is deprecated from ONTAP 9.

Log file changes You do not have to create a support bundle and send it to technical support to analyze and resolve issues with System Manager. The System Manager log files are located in the mlog directory along 80 | Release Notes

with the ONTAP log files, and are included as part of the AutoSupport messages that are triggered on a daily basis.

Password caching You cannot enable password caching to save your storage system credentials. 81

Requirements for running ONTAP 9

You must ensure that you have the required storage systems and firmware to run the ONTAP software for the ONTAP 9 release family.

Supported systems and cluster configurations To ensure that your systems and cluster configurations are supported to run ONTAP 9, you should check your configuration on the Hardware Universe before upgrading clustered nodes or before adding new nodes to an existing cluster. The maximum number of nodes that are supported per cluster depends on the hardware platform model and whether NAS or SAN protocols are running. A cluster can be homogenous (all nodes have the same platform model) or mixed (nodes have different platform models); mixed clusters are supported with some restrictions. The maximum number of nodes within a cluster is determined by the platform that supports the fewest number of nodes. Clusters must consist of high-availability (HA) pairs, and the nodes within an HA pair must have the same platform model. To know about the ONTAP systems that use array LUNs and supported ONTAP 9.x releases, see the Hardware Universe. Note: If your system sends AutoSupport records to NetApp, you should use the Upgrade Advisor tool to plan your upgrade. Upgrade Advisor can also help you to determine whether your systems and cluster configurations are supported to run ONTAP 9. For more information, see the Upgrade Advisor help screens.

Related information NetApp Active IQ NetApp Hardware Universe

Cluster network and management network switch compatibility requirements The software, firmware, and reference configuration files (RCFs) that are used by the NetApp and Cisco cluster and management Ethernet switches must be compatible with ONTAP software. When planning an ONTAP deployment or upgrade, you must consult the cluster network and network management compatibility matrix for your switches to determine whether updates to the switch configurations are also required.

Related information NetApp CN1601 and CN1610 Cluster Network and Management Network Compatibility Matrix: mysupport.netapp.com/NOW/download/software/cm_switches_ntap Cluster Network and Management Network Compatibility Matrix: mysupport.netapp.com/NOW/ download/software/cm_switches 82 | Release Notes

FlexArray Virtualization (V-Series) interoperability and limits information All ONTAP releases may not support the same features, configurations, storage system models, and storage array models. During your deployment planning, you must check ONTAP support information to ensure that your deployment conforms to the ONTAP hardware and software requirements for all the systems in the deployment. The following table lists the information sources that contain details of the hardware and software requirements that are associated with the systems that are running ONTAP software:

For information about... You should look here... ONTAP software working with devices, NetApp Interoperability Matrix Tool including the following: • Supported storage arrays and storage array firmware • Supported switches and switch firmware • Whether your storage array supports nondisruptive (live) upgrade of the storage array firmware • Whether a MetroCluster configuration is supported with your storage array

ONTAP limits for releases and platforms, NetApp Hardware Universe including the following: • Minimum and maximum array LUN sizes, including the minimum array LUN size for the root volume and spare core array LUNs • Minimum aggregate size for aggregates with array LUNs • Supported block size • Minimum and maximum capacity • Neighborhood limits

Browser requirements for running OnCommand System Manager OnCommand System Manager is included with ONTAP as a web service, is enabled by default, and can be accessed by using a browser. You must use a supported browser to run the System Manager software. The following browsers are supported: • Google Chrome • Internet Explorer • Mozilla Firefox Requirements for running ONTAP 9 | 83

For information about the browser versions, see the NetApp Interoperability Matrix Tool. 84

Important cautions

Before upgrading to this release of ONTAP, you should read the important cautions to identify and resolve issues that might affect the operation of your storage systems. To request more information about an individual bug and to explore other bug-related tools, see Bugs Online on the NetApp Support Site.

Related information NetApp Bugs Online

Upgrade cautions Before upgrading to this ONTAP release, you should review the upgrade cautions and take appropriate action that apply to your environment.

SSH connections fail after upgrade to ONTAP 9.3 if HMAC algorithms not removed prior to upgrade Beginning in ONTAP 9.3, HMAC algorithms are not supported. If, prior to upgrading to ONTAP 9.3, your storage virtual machines (SVMs) are configured with HMAC algorithms, after upgrading to ONTAP 9.3, SSH connections fail. You can use the following command to determine if you have SVMs configured with the HMAC algorithm: security ssh show mac-algorithms hmac-ripemd160* -vserver *-fields vserver

If you have SVMs configured with the HMAC algorithm, you can use the ssh remove command to remove the algorithm before the upgrade.

Fast path routes disabled after upgrade to ONTAP 9.2 and later As part of general networking stack enhancements, fast path routing configurations are disabled after upgrading to ONTAP 9.2 and later. If you use fast path routing, you should plan to verify that routing is correctly configured by checking Active IQ system risks before upgrading. In earlier releases, fast path routing configurations made it difficult to identify problems with improper routing tables. Fast path routing has been replaced by route caching, which accelerates routing lookups. For more information, see NetApp Knowledgebase Answer 1072895: Network traffic not sent or sent out of an unexpected interface after upgrade to 9.2 or later.

NFS client outage might occur after upgrading to ONTAP 9.2 or later After upgrading to ONTAP 9.2 or later, you might experience an outage on your NFS client due to rate-limiting of the User Datagram Protocol (UDP) and IP-fragments. Rate-limiting is implemented in ONTAP 9.2 and later to protect against Denial of Service attacks. You can use the vserver services name-service dns check command to validate the connectivity of your storage virtual machines (SVMs) after the upgrade. If this command returns an operation timed out message, contact technical support for assistance. Important cautions | 85

Related information NetApp Bugs Online Bug ID 1151206

An additional reboot might be required after upgrading to ONTAP 9.2 or later If Data Encryption Standard (DES) or Triple Data Encryption Standard (3DES) is enabled when you upgrade to ONTAP 9.2 or later, an additional reboot might be required after the reboot required for the upgrade. When the upgrade is complete, the output of the security config status show command indicates if an additional reboot is needed. Note: The command output only states if a reboot is required. It does not reference DES or 3DES as the reason for the reboot.

To avoid this issue, disable DES and 3DES before upgrading.

Data transfers might be queued on lower memory platforms after upgrade to ONTAP 9.2 In ONTAP 9.2 or later, the number of source systems that can simultaneously transfer data to a destination system is based on a percentage of system memory. This can cause some data transfers to be queued on platforms with low system memory. Contact technical support for assistance if you encounter this issue.

Related information NetApp Bugs Online Bug ID 1114055

Upgrade to ONTAP 9.2 fails on systems with unicode directories greater than 2MB in root volume If you have unicode directories that are 2MB or greater in the root volume, an upgrade from ONTAP 9.1 on ONTAP 9.2 might fail. This issue is fixed in ONTAP 9.2P3 and later. If you are upgrading to a version of ONTAP 9.2P2 or earlier, you must perform steps prior to the upgrade to reduce the size of the unicode directories and prevent the failure.

Steps

1. On the root volume, verify that the create_ucode or the convert_ucode option is activated: volume show volume_name -fields create-ucode,convert-ucode

2. From the Freebsd system shell, verify that there are directories greater than 2MB: find /mroot -type d -size +2M

3. Turn off the create_ucode option: vol options volume_name create_ucode off

4. Turn off the convert_ucode option: vol options volume_name convert_code off

5. From the Freebsd system shell, use the mkdr and mv commands to make a new directory and move the files.

6. Delete the original directory.

7. Rename the newly created directory to the name used for the original directory. 86 | Release Notes

Related information NetApp Bugs Online Bug ID 1120684

Some mixed-mode environments impact the smb1-enabled option In mixed-mode environments with ONTAP 9.1P8 (and later 9.1 releases) and ONTAP 9.2, the node running ONTAP 9.2 does not show a value for the smb1-enabled option and also blocks any modification. However, for nodes running ONTAP 9.1P8 (and later) the same option can be controlled, and settings apply to all of the nodes.

Related information NetApp Bugs Online Bug ID 1113224

'smb1-enabled' option resets to 'true' when a node upgrades to or reverts from ONTAP 9.2 When the last node upgrades to ONTAP 9.2 or the first node reverts from ONTAP 9.2, the value of the smb1-enabledoption is reset to true, and thus allows SMB1 access. The administrator can disable the same using the command cifs options modify -smb1-enabled false from advanced mode.

Related information NetApp Bugs Online Bug ID 1113225

LDAP clients using SSL must be reconfigured for TLS before upgrading to ONTAP 9 If you have enabled an SVM as an LDAP client in a Data ONTAP 8.x release and you are using SSLv3 for secure communications with LDAP servers, you must reconfigure the client to use TLS before upgrading to ONTAP 9. SSL is not supported in ONTAP 9, and existing SSL configurations will cease to function after the upgrade.

Related information Upgrade, revert, or downgrade

LDAP parameters empty after upgrade to ONTAP 9.2 If you simultaneously set values for the LDAP servers and ad-domain parameters, then later clear the value of the servers parameter while running ONTAP 9.1, you must create a new LDAP client configuration before upgrading to ONTAP 9.2. Otherwise, both parameters become empty as a result of the upgrade.

Related information Bugs Online 1084413 Important cautions | 87

Change in audit logging after upgrade Beginning in ONTAP 9, the command-history.log file is replaced by the audit.log file, and the mgwd.log file no longer contains audit information. Before upgrading, you should review any scripts or tools that refer to the previous files and their contents. Although new command-history.log files are no longer created, existing command- history.log files are preserved after upgrade to ONTAP 9. They are rotated out (deleted) as new audit.log files are rotated in (created). Tools and scripts that check the command-history.log file might continue to work because a soft link from the command-history.log file to the audit.log file is created during the upgrade. However, tools and scripts that check the mgwd.log file will fail because that file no longer contains audit information. In addition, audit logs in ONTAP 9 and later releases no longer include the following entries, which are not considered useful and cause unnecessary logging activity: • Internal commands run by ONTAP (that is, where username=root) • Command aliases (separately from the command they point to)

Related information System administration

An incorrect license error message is displayed while creating a vault relationship or a mirror and vault relationship by using OnCommand System Manager A SnapMirror license is sufficient for creating a mirror relationship, vault relationship, and mirror and vault relationship for cluster running ONTAP 9. However, when you create a vault relationship or a mirror and vault relationship by using OnCommand System Manager 8.3.2, when the remote cluster is running ONTAP 9, an incorrect error message is displayed: SnapVault license is required.

Related information NetApp Bugs Online Bug ID 1018119

Revert and downgrade cautions If you are reverting or downgrading from this release of ONTAP to an earlier release, you should review the revert and downgrade cautions, and take appropriate action for any cautions that apply in your environment.

Reverting to ONTAP 9.2 or earlier not supported for fast-zeroed drives Reverting to ONTAP 9.2 or earlier fails if any node on the cluster contains an aggregate with fast- zeroed drives. The earliest ONTAP version you can revert to is ONTAP 9.3. 88 | Release Notes

Revert requirements for FabricPool You need to be aware of a few revert requirements related to FabricPool. • The following revert requirements apply if you have a FabricPool or object store configuration in the cluster and you want to revert to a release earlier than ONTAP 9.2: ◦ You must first move volumes in any existing FabricPool-enabled aggregate to another aggregate prior to the revert. ◦ You must remove any associated object store configuration from the cluster.

• The following revert requirements apply if you use Azure Blob Storage as the object store for the FabricPool cloud tier and you want to revert to a release earlier than 9.4: ◦ You must first move volumes from the aggregate that is attached to Azure Blob Storage to another aggregate. ◦ You must remove the object store configuration that is associated with Azure Blob Storage from the cluster. • The following revert requirements apply if you use ONTAP Select with FabricPool and you want to revert to a release earlier than ONTAP 9.4: ◦ You must first move volumes in any existing FabricPool-enabled aggregate to another aggregate. ◦ You must remove any associated object store configuration from ONTAP Select.

• If you have a volume that uses the auto tiering policy and you want to revert to ONTAP 9.3 or ONTAP 9.2, you must first change the tiering policy from auto to another tiering policy (snapshot-only, backup, or none).

• The following revert requirements apply if you use IBM Cloud Object Storage as the object store for the FabricPool cloud tier and you want to revert to a release earlier than 9.5: ◦ You must first move volumes from the aggregate that is attached to IBM Cloud Object Storage to another aggregate. ◦ You must remove the object store configuration that is associated with IBM Cloud Object Storage from the cluster. • The following revert requirements apply if a FlexGroup resides on FabricPool aggregates and you want to revert to a release earlier than ONTAP 9.5: ◦ You must first move all the constituents from FabricPool aggregates to non-FabricPool aggregates using the vol move command with the -allow-mixed-aggr-types option.

◦ You must ensure that existing non-FabricPool aggregates have enough space to host the FlexGroup you are moving from FabricPool, or that there are enough spare disks available to create new non-FabricPool aggregates to host the FlexGroup you are moving. • If you are using NetApp Volume Encryption (NVE) enabled volumes with FabricPools and you want to revert to a release earlier than ONTAP 9.5, you must do one of the following: ◦ Convert the volume to plaintext (unencrypted) ◦ Move the volume to a non-FabricPool aggregate Important cautions | 89

Downgrade or revert not supported for SnapLock volumes You cannot downgrade or revert aggregates containing SnapLock volumes to an ONTAP version prior to ONTAP 9.1.

Requirement to revert password hash function to a release before ONTAP 9 Before reverting to a release earlier than ONTAP 9, you must run the advanced command security login password-prepare-to-downgrade with the -disable-feature-set downgrade_version option from the console by using a user account with the cluster admin role. If you do not run this command, the revert process fails. After the revert, users must change their passwords. If your password is not encrypted with a hash function supported by the release you are reverting to, the command prompts you for a new password and encrypts it with the supported hash function. The passwords for all other users are marked expired. After the revert, you must temporarily change the passwords for all users, and users are prompted to change their passwords again upon login through a console or SSH session.

Related information Upgrade, revert, or downgrade 90

Known problems and limitations

Some unexpected and potentially undesired post-upgrade behaviors, and in some cases workarounds to avoid these behaviors, have been identified. For issues related to earlier releases in Data ONTAP 8.x release families, see the Release Notes in the NetApp Library on the NetApp Support Site.

Related information NetApp Bugs Online NetApp Documentation: Data ONTAP 8 (current releases)

7-Mode transition issues You should review the known issues and limitations with features related to 7-Mode transition.

7-Mode to ONTAP transition process leads to controller disruption During a 7-Mode to ONTAP transition, if the destination volume resides on an AFF node, it causes controller disruption due to an issue in ONTAP 9.5.

Related information NetApp Bugs Online Bug ID 1208905

Command-line interface issues You should review the known issues and limitations with features related to command-line interface.

Nodeshell commands ifgrp timer and cmvfiler_run are incorrectly marked as deprecated The nodeshell commands ifgrp timer and cmvfiler_run are incorrectly marked as deprecated. Although the DEPRECATED tag is added to the Usage: section of the commands, there is no change in the functionality of the commands, and the commands function normally.

Currently, the ifgrp timer and cmvfiler_run commands are displayed as follows:

ifgrp timer (DEPRECATED)

cmvfiler_run vfname command (DEPRECATED)

ONTAP Disk Qualification Package does not update after running the storage firmware download command If you are running ONTAP 9.4, the ONTAP Disk Qualification Package (DQP), contained in either the qual_drives.zip file or qual_drives.tar.gz file, might not update due to an error in the storage firmware download command. If this occurs, you can use an SCP/SFTP host to update the DQP. Contact technical support if you need assistance. Known problems and limitations | 91

Related information See Method 2: Using an SCP/SFTP host to update your firmware.

Data protection issues You should review the known issues and limitations with features related to data protection.

Initialization of SVM DR relationship converted to XDP fails if you specify DP Starting with ONTAP 9.4, SVM data protection relationships created with type DP are automatically converted to type XDP by default. Attempting to initialize the converted relationship with type DP, however, fails with the error message “Cannot find any Vserver DR relationship for Vserver SVM_name”. You can avoid the issue by omitting the type when you initialize the relationship, or by using the XDP type when you initialize the relationship:

cluster_dst::> snapmirror initialize -destination-path vs4dp: -type XDP

SnapMirror enable-storage-efficiency parameter disabled The enable-storage-efficiency parameter to the snapmirror update command and the snapmirror-update ONTAPI is disabled for use in ONTAP 9 and returns an error when used. Attempts to execute this parameter return the following error message: Error: command failed: Parameter "-enable-storage-efficiency" not supported for "XDP" relationships.

Cannot resize data protection volumes You cannot resize a data protection volume whose mirror relationship is broken or if a reverse resynchronization operation is performed.

Related information NetApp Bugs Online Bug ID 684125

SVMs are not created correctly if subnet name includes special characters System Manager does not support special characters in the subnet name. Therefore, the LIF creation for a storage virtual machine (SVM) will fail if the name of the subnet on which you want to create the SVM includes special characters.

Related information NetApp Bugs Online Bug ID 779606

No warning message displayed when hash store path is modified If you modify the hash store path to a value other than read/write type, the BranchCache page in System Manager does not display a warning message.

Related information NetApp Bugs Online Bug ID 808031 92 | Release Notes

OnCommand System Manager enables setting up the unsupported policy type for vault relationship with SnapLock destination A vault relationship with a SnapLock volume as destination, supports only the “vault” policy type. However, OnCommand System Manager enables setting up the unsupported policy types such as "async_mirror" or "mirror_vault" on such relationships. This causes the relationship to stop transferring data and display a data transfer error.

Related information NetApp Bugs Online Bug ID 1006403

File access and protocols issues You should review the known issues and limitations with features related to file access and protocols management.

The statistics show command for the cifs_client counter object cannot filter instances that have the "?" character in the fingerprint The statistics show command for the cifs_client counter object does not filter correctly if the counter instance contains the “?” character in the fingerprint. The wildcard also does not work because these fingerprints have spaces in between characters. If you encounter this situation, you must provide the whole instance string.

Related information NetApp Bugs Online Bug ID 924122

Restores might fail on CIFS servers with SnapManager for Hyper-V If you have a Virtual Machine (VM) installed on a CIFS share , you might not be able to use SnapManager for Hyper-V to perform a successful restore. This is caused by an internal issue with permissions in ONTAP. To prevent a potential restore failure, you need to create a UNIX group named antivirus with GID 49153 on the storage virtual machine (SVM) where SnapManager for Hyper-V is deployed. Use the following command to create the UNIX group: vserver services name-service unix-group create -vserver vserver -name antivirus -id 49153

HA pair issues You should review the known issues and limitations with features related to HA pairs if they are deployed in your cluster.

Auto giveback process defers when the giveback time expires During the takeover process between two nodes in an HA pair, the auto giveback process starts before the partner node is ready for the giveback. When the time limit of the auto giveback process expires and the partner node is still not ready, the timer restarts. As a result, the time between the partner node being ready and the actual giveback being performed might be shorter than the auto giveback time. Known problems and limitations | 93

Related information NetApp Bugs Online Bug ID 779744

Infinite Volume issues You should review the known issues and limitations with features related to Infinite Volumes.

OnCommand Workflow Automation workflows for Infinite Volumes require Windows operating system Although you can run OnCommand Workflow Automation 3.1 and later on a Linux operating system, workflows for Infinite Volumes are not supported on a Linux operating system. You must run OnCommand Workflow Automation 3.1 and later on a supported Windows operating system to access workflows for Infinite Volumes.

Related information NetApp Bugs Online Bug ID 870635

Writes to Infinite Volumes fail due to lack of space when the df command shows free space Writes of data to Infinite Volumes fail due to lack of space, even though the Infinite Volume appears to have available space when you use the df command. The command output includes free space from the namespace constituent and namespace mirror constituent, which are not used for data storage. Increase the size of the Infinite Volume by using the volume modify command.

Related information NetApp Bugs Online Bug ID 684579

Operation for moving constituents fails to restart after a node reboots If a node reboots or fails over while you are moving constituents of an Infinite Volume from a source aggregate to a destination aggregate, the operation is interrupted, and some constituents might not be moved after the node is back online. You must restart the operation to move the remaining constituents.

Related information NetApp Bugs Online Bug ID 754947

OnCommand Workflow Automation requires RAID-DP aggregates for namespace constituents of Infinite Volumes When you create an Infinite Volume by using OnCommand Workflow Automation, an aggregate of type RAID-DP is required for the namespace constituent. You can use a different aggregate type to provide storage for the namespace constituent by using the CLI or OnCommand System Manager to create the volume.

Related information NetApp Bugs Online Bug ID 846924 94 | Release Notes

Management interface issues You should review the known issues and limitations with features related to the management interface. These issues can include problems with command behavior, command output, or error messages that are presented in the ONTAP CLI or web interface, and problems with UNIX commands or other operating system commands that are used to interface with your storage system.

Unexpected application impacts after resizing application volumes and LUNs In ONTAP 9.2 and earlier, when an application is initially provisioned, a Quality of Service (QoS) policy is created for each application volume. If an application volume or LUN within the application volume is resized, the QoS policy is not automatically updated and the application might experience unexpected impacts. ONTAP does not prevent the resizing of application volumes or application LUNs, but to avoid unexpected impacts, call support before attempting to resize application volumes or application LUNs. Beginning with ONTAP 9.3, the QoS policy is automatically updated so that manual adjustment of the QoS policy associated with any resized application LUNs is not necessary.

SP and BMC remote management devices on multiple FAS and AFF systems can be affected by high network load On several FAS and AFF systems, a high network load in the management network might cause the Service Processor (SP) or Baseboard Management Controller (BMC) to become unresponsive. If this happens, the device cannot report environmental conditions correctly, which could cause the system to shut down. The following systems are potentially affected by this issue: • AFF A700, AFF A300, AFF A220, AFF A200, and AFF8000 series • FAS9000, FAS8200 and FAS8000 series • FAS2700, FAS2600 and FAS2500 series The high network load might be due to excessive ingress broadcast traffic, multicast traffic, or in some cases unicast denial-of-service (DoS) attacks. To avoid this problem, you should ensure that you are running the latest firmware for the SP or BMC, and you should avoid putting the wrench port in a network with excessive ingress broadcast or multicast traffic loads.

Related information NetApp Bugs Online Bug ID 1083414 NetApp Bugs Online Bug ID 911759 NetApp Bugs Online Bug ID 903158

SnapMirror relationship might cause application deletion failure If you need to delete an application with a SnapMirror relationship, you should delete the SnapMirror relationship before deleting the application. Deleting the application before deleting the SnapMirror Known problems and limitations | 95

relationship might cause the application deletion to fail and render the application unusable. If this happens, delete the SnapMirror relationship, then reinitiate the application deletion.

FQDN character interoperability limit Some host operating systems displayed limitations in character length of the iSCSI Fully Qualified Domain Name (FQDN). The FQDN value interoperability limit is 128 characters on all host OS.

AutoSupport messages for system health alerts might include an incorrect subject when in mixed-version state When upgrading to ONTAP 9, the cluster can operate in a mixed-version state, in which some nodes are running ONTAP 9 and some are running Data ONTAP 8.3. While in this state, the cluster switch health monitor might generate health alerts. These alerts trigger AutoSupport messages that include an incorrect subject. The subject of the AutoSupport message states that the alert is from the “SAS Connectivity Monitor”, which is incorrect. The cluster switch health monitor generated the alert. The health alerts themselves are valid. You can use the information in the AutoSupport messages to respond to the issue. This issue does not occur when all nodes are running ONTAP 9.

Related information NetApp Bugs Online Bug ID 676937

Modifying the default value of the IP addresses that are allowed to access the SP can impact certain SP functionality When you modify the configuration for the IP addresses that are allowed to access the SP, the SP capability of using the network interface for firmware updates might be affected. In addition, the SP might fail to transfer logs from a remote node in the cluster.

Related information NetApp Bugs Online Bug ID 856443

MetroCluster configuration issues You should review the known issues and limitations of the features that are related to MetroCluster configurations.

Solaris host panic after a storage failover operation Solaris hosts in an MetroCluster configuration can encounter a panic during a storage failover event. The related panic string will show a reservation conflict. You can reboot the host and proceed.

Stale entry in the storage bridge show command In a MetroCluster configuration, a stale entry might remain in the storage bridge show command output after an ATTO FibreBridge is replaced or removed. Manually removing the bridge by using the storage bridge remove command might still leave a stale entry. 96 | Release Notes

Related information NetApp Bugs Online Bug ID 891285

MetroCluster switchback fails when the maximum configuration limit for QoS policy groups is exceeded In a MetroCluster setup, when a maximum number of storage Quality of Service (QoS) policy groups are configured and one of the sites is down, you cannot delete and create new QoS policy groups on the surviving site. Deleting and creating new QoS policy groups on the surviving site might exceed the QoS limits on the recovered site during switchback, and cause the switchback operation to fail.

Related information NetApp Bugs Online Bug ID 863460

Networking issues You should be aware of the known limitations with features related to networking.

Cluster peering in ONTAP 9.5 requires PSK cipher suites for TLS ONTAP 9.5 must allow pre-shared key (PSK) cipher suites for cluster peering to work. PSK cipher suites (and most other secure suites) are enabled by default. However, if you need to restrict the cipher suites using the security config modify command with the -supported-cipher option, you must allow cipher suites based on PSKs as well as AES-GCM suites. If you do not use the default or explicitly include PSK suites, cluster peering will fail. To explicitly include PSK suites, be sure to include the value "PSK-AES256-GCM-SHA384" in addition to any other required values with the -supported-cipher option.

Converting 40GbE NIC ports into multiple 10GbE ports for 10GbE connectivity The X1144A-R6 and the X91440A-R6 40GbE Network Interface Cards (NICs) can be converted to support four 10GbE ports. If you are connecting a hardware platform that supports one of these NICs to a cluster that supports 10GbE cluster interconnect and customer data connections, the NIC must be converted to provide the necessary 10GbE connections.

Before you begin You must be using a supported breakout cable.

About this task The following hardware platforms support the X1144A-R6 NIC. • FAS8200 • AFF A300 • AFF A700s

Note: On the X1144A-R6 NIC, only port A can be converted to support the four 10GbE connections. Once port A is converted, port e is not available for use.

The following hardware platforms support the X91440A-R6 NIC. Known problems and limitations | 97

• FAS9000 • AFF A700

Steps 1. Enter maintenance mode.

2. Convert the NIC from 40GbE support to 10GbE support. nicadmin convert –m [40G | 10G] [port-name]

3. Reboot the system.

New limits for IPspaces Beginning with ONTAP 9, there is a cluster-wide limit of 512 IPspaces. The cluster-wide limit is reduced to 256 IPspaces for clusters that have platforms with 6 GB of RAM or less, such as FAS2220 or FAS2240. See the Hardware Universe to determine whether additional limits apply to your platform.

Related information NetApp Hardware Universe

Other System Manager issues You should review other issues related to using System Manager in this release.

Aggregate create and add capacity operations are blocked from OnCommand System Manager on nodes with low hot spares Aggregate create and add capacity to aggregate operations that use root_data1_data2 partitioned disks are blocked from System Manager on nodes with low hot spares.

Related information NetApp Bugs Online Bug ID 996574

System Manager does not refresh the licenses page automatically after modifying licenses from another session If you have opened the licenses page in one session of System Manager, and you start another session of System Manager and modify the license for a package, then although the license entitlement risk changes are reflected in the dashboard of the original session, these changes are not reflected in the licenses page of the original session.

Related information NetApp Bugs Online Bug ID 1032278

Incorrect network configuration or bad network connectivity can cause the create protection relationship operation to fail For a cluster, if the cluster management port is not configured properly or if the network connectivity between the client and the remote cluster is bad due to packet drops, then while creating a protection relationship, the license information retrieved from the remote cluster might be incomplete. This can cause the creation of a protection relationship to fail. 98 | Release Notes

Related information NetApp Bugs Online Bug ID 1057294

Export Configuration file in Cluster Setup cannot be downloaded if you are using Internet Explorer 11 in Windows Server 2012 R2 The Export Configuration file in the Cluster Setup > Summary window does not get downloaded if you are using System Manager to set up a cluster in Windows Server 2012 R2 using Internet Explorer 11.

Related information NetApp Bugs Online Bug ID 1067652

Unable to read the cluster setup configuration template file containing non- ASCII characters, when edited and saved as CSV, using Microsoft Excel software The Cluster Setup configuration template file containing non-ASCII characters, is typically present in Japanese and Chinese locale specific template files. This file is not being read by using System Manager 9.1 Cluster Setup workflow, when downloaded, edited, and saved in CVS format only through Microsoft Excel software. This is because the non-ASCII characters get missed/jumbled up when saving the file in CSV format.

Related information NetApp Bugs Online Bug ID 1043427

Users with read-only privileges are able to delete admin user or change password for admin using System Manager in IE browser While working in the Internet Explorer (IE) browser, if the user does not have all the permission to access System Manager such as read-only privileged user, the browser displays the login prompt. If higher privilege credentials such as an administrator privileged user are provided in this prompt, the browser saves these credentials and uses them later when the current user does not have enough permission. This issue occurs because the IE browser uses the already saved cached credentials to make requests to the server.

Related information NetApp Bugs Online Bug ID 1029131

Discrepancy in the physical used space shown in the dashboard and the used space shown in the aggregate inventory page The “physical space used” field shown in the Efficiency portlet of the cluster dashboard does not match with the combined value of the “Used space” field shown in the aggregate inventory page.

Related information NetApp Bugs Online Bug ID 1006076 Known problems and limitations | 99

OnCommand System Manager is unable to peer between ONTAP 9 and Data ONTAP 8.3.2 If you have configured ONTAP 9 and Data ONTAP 8.3.2 in such a way that ONTAP 9 does not support Transport Layer Security (TLS) protocol 1.0 and supports only TLS protocol 1.1 and 1.2, then the cluster on ONTAP 9 cannot communicate with a Data ONTAP 8.3.2 cluster using OnCommand System Manager and an error message similar to the following is displayed: "svm4svm_name", "Output": "

Related information NetApp Bugs Online Bug ID 998928

Incorrect SVM peer state displayed for clusters running mixed versions of ONTAP software If the source cluster is of mixed version, and its effective cluster version is Data ONTAP 8.3.2, and the destination cluster is running ONTAP 9, and if both of them have the same SVM name and are in a peered state, then during the protection workflow, the peering status of that SVM in the remote cluster is displayed as “not peered”, which is incorrect.

Related information NetApp Bugs Online Bug ID 996133

SAN administration issues You should review the known issues and limitations with features related to SAN protocols and administration.

Storage LUNs/paths not accessible by the host with Cisco Nexus 5000/6000 running NX-OS versions 7.1(3)N1(1) to 7.1(3)N1(4) A SAN host might not see its LUN after the target port goes down and then comes back up again. The port shows as up on both host and target. The host might also show a LUN, but the target port is down and the LUN is not accessible. This issue is caused by the Nexus 5000/6000 Switches not sending the RSCN message to connected devices when a member in the same zone disconnects or connects when there is a zoning change. You can check whether or not a Nexus Switch has sent RSCN messages by running the following switch command: show rscn statistics vsan

Nexus-Switch# show rscn statistics vsan 10

Number of RSCN sent = 0 <=== In this case, the RSCN counter did not increment. 100 | Release Notes

This issue affect Nexus 5500, Nexus 5600 and Nexus 6000 switches running NX-OS versions: 7.1(3)N1(1) to 7.1(3)N1(4). Upgrade the NX-OS firmware on the switch. The issue is fixed in the following releases, and it is strongly recommended that customers upgrade to an NX-OS release that includes the fix: 7.1(4)N1(1) 7.3(1)N1(1) 7.3(0)N1(1)

Related information NetApp Bugs Online Bug ID 1145695

Limitation of LUN resizing support LUN resizing is not supported for ostype solaris. If resizing is required for a LUN on a Solaris host, you must create the LUN with ostype linux.

Storage resource management issues You should review the known issues and limitations with features related to storage resource management.

Issue with volume flexcache origin cleanup-cache-relationship command The volume flexcache origin cleanup-cache-relationship command cleans up the FlexCache configuration from the origin cluster. After running this command, the FlexCache relationship cannot be reestablished. You should only use the volume flexcache origin cleanup-cache-relationship command if deleting the FlexCache volume fails and you are prompted to run this command. The warning message displayed when you run the command does not clearly say that the FlexCache relationship cannot be reestablished. If you run this command by mistake, the FlexCache volume must be deleted and created again.

Related information NetApp Bugs Online Bug ID 1139762

Performance impact on FlexGroup volumes if SMB/CIFS change notification is enabled If you have enabled SMB/CIFS change notification on FlexGroup volumes, certain file operations (for example, create, delete, setattr, write, rename, and so on) that result in these change notifications might experience increased latency.

Related information NetApp Bugs Online Bug ID 1191388

Storage SLC and size of second redo log component is applied to both mirrored redo log components of Oracle RAC applications There is a limitation with how the storage service level class (SLC) and size values are applied in applications for Oracle Real Application Clusters (RAC) that have redo log mirroring enabled if the Oracle application is created in ONTAP 9.2 and modified in ONTAP 9.4 or later. Applications for Oracle RAC that have redo log mirroring enabled and that are created in ONTAP 9.2 have two redo log application components. Known problems and limitations | 101

When you modify the storage SLC for the second application-component using OnCommand System Manager in ONTAP 9.4, the value gets applied to both redo log components. When you modify the SLC or the size of the second application-component using OnCommand System Manager in ONTAP 9.5, the value gets applied to both redo log components. In ONTAP 9.4 and later, the value specified for the first redo log application-component with such an application is ignored during the modify operation, and the value specified for the second redo log application-component is applied to both. This behavior is seen only in Oracle application that is created in ONTAP 9.2 and modified in ONTAP 9.4 or later. Starting with ONTAP 9.3, only one redo log component is created even when redo log mirroring is enabled.

Related information NetApp Bugs Online Bug ID 1160280

Resizing a FlexGroup volume fails If you try to resize a FlexGroup volume to more than 83% of its maximum size by using the command-line interface (CLI) or OnCommand System Manager, the resizing operation fails. Resizing of a FlexGroup volume fails even if the maximum autosize parameter is not modified and regardless of whether the autosize feature is used.

Related information NetApp Bugs Online Bug ID 1106552

ONTAP Select system on ESXi can panic when datastore is full or unreachable When an ONTAP Select virtual machine is paused and resumed, the virtual machine can panic if the datastore is full or if the datastore cannot be reached.

Related information NetApp Bugs Online Bug ID 1113107 NetApp Technical Report 4597: VMware vSphere with ONTAP NetApp Technical Report 4571: NetApp FlexGroup Best Practices and Implementation Guide

LUN path characters are truncated to 252 characters The ideal size of a LUN path name is 581 characters. However, due to a limitation in the counter manager functionality, LUN path names larger than 252 characters are truncated.

Related information NetApp Bugs Online Bug ID 789091

FlexCache volume limitations Prior to ONTAP 9.5, FlexVol volumes in ONTAP 9 are only supported as origin volumes serving data to FlexCache volumes created on systems running Data ONTAP 8.2.x operating in 7-Mode. Beginning in ONTAP 9.5 FlexVol volumes are supported. 102

Changes to published documentation

Additional information has become available after the documentation provided with this release was published. The information in this section should be used in conjunction with the materials originally published for this release.

AltaVault product now called Cloud Backup Beginning in ONTAP 9.4, the AltaVault product is renamed to Cloud Backup. You might continue to see references to AltaVault in product documentation and man pages.

Compatible ONTAP versions for SnapMirror relationships You should verify that the source and destination volumes are running compatible ONTAP versions before creating a SnapMirror data protection relationship. The ONTAP 9 Data Protection Power Guide provides information about the compatibility requirements for SnapMirror source and destination volumes across ONTAP versions. Data protection

Updated route command syntax in Command Map for 7- Mode Administrators The Command Map for 7-Mode Administrators incorrectly states that the 7-Mode route -s command was replaced by the network routing- groups route show command. The network routing-groups command family was deprecated in ONTAP 9 releases, and the commands are not supported beginning with ONTAP 9.4. You should use the network route show command instead.

New Power Guides ONTAP 9 and later releases introduces new Power Guides, which explain how to complete key tasks for advanced configurations using NetApp best practices. The following Power Guides are provided in ONTAP 9 and later releases:

• FlexCache Volumes for Faster Data Access Power Guide Describes how to create and manage FlexCache volumes in the same cluster or different cluster as the origin volume for accelerating data access. • Administrator Authentication and RBAC Power Guide Describes how to enable login accounts for cluster and storage virtual machine (SVM) administrators, and how to use role-based access control (RBAC) to define the capabilities of administrators. This new power guide has been adapted from material that originally appeared in the System Administration Guide. • Archive and Compliance Using SnapLock Technology Power Guide Describes how to use NetApp SnapLock technology to retain files in unmodified form for regulatory and governance purposes. It shows you how to use SnapLock commands to commit Changes to published documentation | 103

files to “write once, read many” (WORM) storage, and how to set retention periods for committed files. • Cluster and SVM Peering Power Guide Describes how to create peer relationships between source and destination clusters and between source and destination SVMs. You must create peer relationships between these entities before you can replicate Snapshot copies using SnapMirror. • Data Protection Power Guide Describes how to prevent data loss using Snapshot copies and SnapMirror replication to a remote system. • Disks and Aggregates Power Guide Describes how to create and expand aggregates, taking into consideration performance and storage needs, disk drive types, partitioning, disk layout, and RAID group considerations. It also explains how to maintain disks and how to configure disk encryption. This new power guide replaces the Physical Storage Management Guide. • NetApp Encryption Power Guide Describes how to use NetApp Volume Encryption to enable encryption on new or existing volumes, and how to manage volume-encrypted data. The new NetApp Encryption Power Guide combines the documentation for NetApp Volume Encryption (NVE) with the documentation for NetApp Storage Encryption (NSE), formerly included in the Disks and Aggregates Power Guide. • Scalability and Performance Using FlexGroupVolumes Power Guide Describes how to set up, manage, and protect FlexGroup volumes for scalability and performance. • SMB/CIFS Configuration Power Guide Describes how to use CLI commands for advanced CIFS server configuration and SMB/CIFS client access to files contained in volumes and qtrees. This new power guide has been adapted from material that originally appeared in the SMB/CIFS Reference. • Replication between NetApp Element Software and ONTAP Describes how to replicate data between Element and ONTAP, including how to back up Element Snapshot copies to an ONTAP system, and how to migrate ONTAP LUNs to an Element system.

New Upgrade Express Guide ONTAP 9 introduces the Upgrade Express Guide. This Express Guide describes how to nondisruptively perform an automated upgrade of clusters to the latest version of ONTAP software and firmware. Software express upgrade

New Concepts Guide The ONTAP 9 Concepts Guide describes the features and benefits of ONTAP data management software. It explains cluster configuration, high-availability, network architecture, virtualization, replication, storage efficiency, and security. The ONTAP Concepts Guide was condensed and reorganized beginning with ONTAP 9.2. The aim of the new guide is to provide a concise, illustrated description of ONTAP features and benefits for the IT generalist. In 30 pages, the new guide brings together for the first time content previously published in widely disparate manuals ONTAP concepts 104 | Release Notes

ONTAP platform mixing rules now included in Hardware Universe The Software Storage Platform Mixing Rules for FAS and AFF systems, which was previously published as a separate document, is now included in the NetApp Hardware Universe (HWU). NetApp Hardware Universe

Scope and title changes in the ONTAP library Several guides have been renamed, restructured, or discontinued in ONTAP 9 as part of a library reorganization emphasizing the distinction between goal-oriented task guidance and conceptual background documentation.

Previous title New title Replication between SolidFire Element OS and Beginning with ONTAP 9.5, the title has been ONTAP changed to Replication between NetApp Element Software and ONTAP. NFS Client Configuration with VAAI for ESX Beginning with ONTAP 9.4, the title has been Express Guide changed to NFS Configuration for ESXi using VSC Express Guide. Now includes using VMware VAAI for datastore provisioning as a best practice. FC Configuration for ESX Express Guide Beginning with ONTAP 9.4, the title has been changed to FC Configuration for ESXi using VSC Express Guide. iSCSI Configuration for ESX Express Guide Beginning with ONTAP 9.4, the title has changed to iSCSI Configuration for ESXi using VSC Express Guide. Data Fabric Solution for Cloud Backup Beginning with ONTAP 9.4, the title has been Workflow Guide Using ONTAP Commands changed to Data Fabric Solution for Cloud Backup Using ONTAP and NetApp Cloud Backup. CIFS and NFS Auditing Guide Beginning with ONTAP 9.4, the title has been changed to SMB/CIFS and NFS Auditing and Security Tracing Guide. CIFS and NFS Multiprotocol Configuration Beginning with ONTAP 9.4, the title has been Express Guide changed to SMB/CIFS and NFS Multiprotocol Configuration Express Guide. CIFS Reference Beginning with ONTAP 9.4, the title has been changed to SMB/CIFS Reference. Basic configuration guidance has been moved to the SMB/CIFS Configuration Power Guide. CIFS/SMB Configuration Guide for Microsoft Beginning with ONTAP 9.4, the title has been Hyper-V and SQL Server changed to SMB/CIFS Configuration Guide for Microsoft Hyper-V and SQL Server. Changes to published documentation | 105

Previous title New title CIFS/SMB Configuration Express Guide Beginning with ONTAP 9.4, the title has been changed to SMB/CIFS Configuration Express Guide. Data Protection Using SnapMirror and Beginning with ONTAP 9.4, the Data Protection SnapVault Technology Using SnapMirror and SnapVault Technology guide is split into two guides: • Data Protection Power Guide • Cluster and SVM Peering Power Guide

NFS File Access Reference Guide Beginning with ONTAP 9.4, the title has been changed to NFS Reference. Basic configuration guidance has been moved to the NFS Configuration Power Guide. System Administration Guide Beginning with ONTAP 9.4, the title has been changed to System Administration Reference. • QoS content has been moved to the Performance Monitoring Power Guide. • Administrator authentication and RBAC content has been moved to a new Administrator Authentication and RBAC Power Guide. • SVM content has been moved to protocol- specific express guides. • Cluster performance monitoring content has been moved to the Performance Monitoring Power Guide.

• SVM Disaster Recovery Express Guide Beginning with ONTAP 9.3, Data Protection Power Guide replaces the SVM express guides. • SVM Disaster Recovery Preparation Express Guide • SVM Root Volume Protection Express Guide

MetroCluster Installation and Configuration Beginning with ONTAP 9.2, the MetroCluster Guide Installation and Configuration Guide is split into two guides: • Stretch MetroCluster Installation and Configuration Guide • Fabric-attached MetroCluster Installation and Configuration Guide

The followings guides are discontinued: • Using All Flash FAS with ONTAP Software • NFS Client Configuration for ESX Express Guide 106 | Release Notes

Previous configuration instructions for ESXi hosts are now consolidated in the NFS Configuration for ESXi using VSC Express Guide. • Data Fabric Solution for Cloud Backup Workflow Guide Using SnapCenter • Edge and Data ONTAP-v documentation See the ONTAP Select documentation instead. • Express Setup Guide for 80xx Systems See the FAS80xx and basic setup documentation instead. • MetroCluster Installation Express Guide See the Stretch MetroCluster Installation and Configuration Guide or Fabric-attached MetroCluster Installation and Configuration Guide instead. • Physical Storage Management Guide This guide is replaced by the Disks and Aggregates Power Guide. • Remote Support Agent Configuration Guide The Remote Support Agent is no longer supported. 107

Where to find product documentation and other information

You can access documentation for all NetApp products and find other product information resources, such as technical reports and white papers, in the NetApp Library on the NetApp Support Site.

Related information NetApp Documentation: Product Guides and Resources 108

Copyright

Copyright © 2019 NetApp, Inc. All rights reserved. Printed in the U.S. No part of this document covered by copyright may be reproduced in any form or by any means— graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. Software derived from copyrighted NetApp material is subject to the following license and disclaimer: THIS SOFTWARE IS PROVIDED BY NETAPP "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. NetApp reserves the right to change any products described herein at any time, and without notice. NetApp assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by NetApp. The use or purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of NetApp. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. Data contained herein pertains to a commercial item (as defined in FAR 2.101) and is proprietary to NetApp, Inc. The U.S. Government has a non-exclusive, non-transferrable, non-sublicensable, worldwide, limited irrevocable license to use the Data only in connection with and in support of the U.S. Government contract under which the Data was delivered. Except as provided herein, the Data may not be used, disclosed, reproduced, modified, performed, or displayed without the prior written approval of NetApp, Inc. United States Government license rights for the Department of Defense are limited to those rights identified in DFARS clause 252.227-7015(b). 109

Trademark

NETAPP, the NETAPP logo, and the marks listed on the NetApp Trademarks page are trademarks of NetApp, Inc. Other company and product names may be trademarks of their respective owners. http://www.netapp.com/us/legal/netapptmlist.aspx 110

How to send comments about documentation and receive update notifications

You can help us to improve the quality of our documentation by sending us your feedback. You can receive automatic notification when production-level (GA/FCS) documentation is initially released or important changes are made to existing production-level documents. If you have suggestions for improving this document, send us your comments by email. [email protected] To help us direct your comments to the correct division, include in the subject line the product name, version, and operating system. If you want to be notified automatically when production-level documentation is released or important changes are made to existing production-level documents, follow Twitter account @NetAppDoc. You can also contact us in the following ways: • NetApp, Inc., 1395 Crossman Ave., Sunnyvale, CA 94089 U.S. • Telephone: +1 (408) 822-6000 • Fax: +1 (408) 822-4501 • Support telephone: +1 (888) 463-8277