NetApp adds RAG features to BlueXP and makes ONTAP more secure

NetApp has increased ONTAP’s security and cyber-resilience and given its BlueXP control plane classification capabilities for retrieval-augmented generation.

Along with its A-Series all-flash array and StorageGRID news, NetApp has ONTAP software and BlueXP data services management releases. The new ONTAP 9.15.1 version can automatically detect and respond to system anomalies in real-time that may signal a ransomware attack. It can restore data from secure snapshots in minutes and NetApp provides a ransomware recovery guarantee to back this up. 

Sandeep Singh

Sandeep Singh, NetApp’s SVP and GM for Enterprise Storage, claimed in a blog that ONTAP can: ”Pre-empt cyber threats via autonomous ransomware detection that’s built into ONTAP and enhanced by embedded machine-learning models. Together, these capabilities help you achieve better than 99 percent percent accuracy in detecting ransomware attacks in real time – an industry first.”

ONTAP now has SnapMirror ActiveSync between ONTAP systems to protect applications with continuous availability using bi-directional synchronous replication. It features transparent app failover and load-balancing. It can be coupled with VMware’s vSphere Metro Storage Cluster (vMSC) feature.  NetApp suggests using SnapMirror active sync to provide business continuity for critical VMware, Microsoft, Oracle and SAP applications.

A FlexCache write back feature helps distributed developments across multiple sites by locally caching active read data. Writes go to local cache so local apps perform faster, and copy management is handled at origin. The copies stay consistent across the origin and all caches.

ONTAP v9.15.1 has a cyber vault reference architecture based on virtually air-gapped immutable and indelible snapshots. The vault has strict access controls and the data is stored on disk or flash in deduped and compressed form.

The software also provides Multi-Admin Verification, requiring multiple approvals for critical admin tasks. NetApp says this is an industry-first native approach to prevent malicious and accidental changes to customers’ data.

NetApp tells us it is the only enterprise storage vendor validated to store top-secret data as it’s on the NSA’s Commercial Solutions for Classified *CSfC) component list, has FIPS 140-2 validation, is on the US DoS Approved Product List (DoDIN APL) and meets Common Criteria requirements.

NetApp says its ONTAP software “provides the most secure storage on the planet.” Read an ONTAP datasheet here. Check out SnapMirror active sync here.


The BlueXP storage and data services control plane facility has a data cleansing classification service which can automatically tag data for both the ingest and inferencing phases of the AI data pipeline. This AI/ML-driven service is now available as a BlueXP core capability at no additional charge. It provides the ability to automatically classify, categorize, and tag data across the entire data estate for governance, security and compliance reasons.

Using this customers can securely and programmatically augment pre-trained GenAI models with auto-classified, proprietary data on demand, enabling retrieval-augmented generation (RAG).

Two additional BlueXP features are now generally available: disaster recovery and ransomware protection.

Find out more about BlueXP here.