ONTAP 9.3 was officially announced back in October 2017 during the annual NetApp Insight event. With it now officially in GA (as of January 2018), is it time to be looking at upgrading to this new release?
As always there is a buzz around the latest releases of vendor software to find out which of the new features are going to make the biggest impact. Whether it’s for individual user cases or a knockout blow to competitors in the market. With the latest ONTAP release there are the usual performance increases and additional effective storage capacity increases due to more efficient optimisations of dedupe and compression. However, the features that catches the eye the most and will certainly draw attention in the current security conscious business world is the additional features around security and compliance.
External Key Management
With the addition of NetApp Volume Encryption (NVE) in ONTAP 9.1 meant bringing encryption to existing arrays with the granularity of only encrypting specific volumes, previously it was all or nothing approach. The draw back has always been on box key management, meaning that if the storage array was compromised then the key to decrypt the data is held on the same array. This type of encryption and key management will fail some compliance standards. ONTAP 9.3 now introduces external key management by using the industry standard Key Management Interoperability (KMIP).
Encrypting data is never a bad thing and now having suitable external key management control for volume level encryption can only increase compliance with GDPR just around the corner. I must point out that encryption is not mandatory for GDPR but it definitely helps mitigate risks and adds safeguards to any sensitive customer data being held at rest.
The other notable security feature added to ONTAP 9.3 is the introduction of MFA for OnCommand System Manager further protecting the data from compromised Administrator passwords. This will be done by using SAML authentication and Microsoft Active Directory Federation Services (ADFS) as the identity provider.
As mentioned ONTAP 9.3 has performance increases over previous versions, this time by up to 30% via WAFL improvements, parallel processing and flash optimizations. Significant increase have been made in iSCSI parallel processing and general parallel processing of workloads allowing for higher throughput and IOPS at lower latencies.
Adaptive QoS has also been introduced to manage QoS policies across multiple volumes. Adaptive QoS effectively automatically adjusts the defined IOPS/TB QoS policy when the volume grows or shrinks to keep the effective IOPS/TB inline with the data size change. As you can imagine without this management of potentially hundreds of QoS policies could consume large amounts of time from the storage Administrator.
Storage efficiency increases are by up to 30% with ONTAP 9.3 by enabling inline aggregate deduplication on All Flash FAS (AFF) arrays. Inline deduplication, compression and compaction on all new volumes is also enabled by default to give the best possible efficiencies on all data.
With the Software Defined Datacentre in full swing and with vendors nowadays introducing faster than ever update cycles for software and vendors always recommend being on the latest release, NetApp are now on bi-annual major releases, it can be easy to get left behind with new features and performance upgrades. Most vendors include the software itself as part of the support fees businesses pay each year so why not upgrade to receive these latest and greatest improvements and others that could have been missed in previous updates. If updates aren’t completed regularly then you are not only missing out on virtually free performance and new features that could benefit the business but also vital security updates which are rolled into each update.
Martyn Lewis: Enterprise Architect
Martyn is responsible to help understand customer business challenges and provides robust, secure solution ideas to drive business efficiency through change.