#How often you would upgrade ONTAP?

What is your policy on upgrading ONTAP? I cannot remember, but once a while NetApp would release some patches, and major release. I guess, we don't want to catch up every single patches, but, what are your considerations in terms of how often you would apply patches or releases and why?

For me it was always about reading patch notes.

1. Does it address an immediate need I have, whether it's a bug or a new feature? Am I going to get something out of it?

2. Does it address critical known security vulnerabilities (honestly, this should be #1)?

If either of those conditions are met, plan for the upgrade.

Why wouldn’t we upgrade ONTAP every time when new patches or versions get released? Asked by our systems and VMware management team.

that is a valid strategy, at least for patch versions. We have happy customers doing exactly that. For new versions, most of our customers wait for at least P2 or P3, except if they want or need a certain feature that is in that version. Then they happily update to GA and keep patching regularly until at least P2 or P3

if you're just using it for vmware nfs, there's little technical reason not to upgrade.. it just takes time, effort, change control etc

Usually our customers update twice a year. (We do a little audit for them to also check other settings.) I would recommend to do it at least once a year.
Updating every patch is often not necessary. I would say 4x a year is very good but I donÄt see that very often.

If you update regularly you have the added benefit of knowing how your environment behaves when a failover is necessary. With all the configuration drift going on you can't confidently say "everything will stay online" if you do failovers during an update of a system with like 800 days uptime. Most likely there will be no problems but you simply don't know if you've never done it the last two years.

Another argument for regular updates:
There a fixes for security vulnerabilities in many ONTAP-patches. The only issue here is that it's not easy to find out which patches includes security fixes and which don't. You can basically only check here (https://security.netapp.com/advisory/) regularly but there are so many security advisories released every week and many of them don't impact ONTAP. You need to click on every one and see if it's fixed in a certain ONTAP-patch.

It would be great if NetApp could include all security fixes for a certain ONTAP-patch in the fixed bugs list (e.g. https://mysupport.netapp.com/site/products/all/details/ontap9/downloads-tab/download/62286/9.11.1P10).

Unlike Systems(Windows/ Linux), NetApp ONTAP is the foundation of everything, too many patches and too many failover/failback could cause unstable environment, we should not do that so oten, unless it is necessary, or some real benefits we can result in. So, to me, 4 times a year is too often. Once a year may be better. Make sense?

I have not seen "unstable environment" due to takeover/giveback except when something was misconfigured. And in that case it might be better to notice that sooner rather than later? As OG1 said, you should regularly test your DR scenarios anyway, so if you do an ONTAP update a few times a year, you know that everything works as designed... But in the end, it's totally up to you how you handle updates

I support a large site with thousands of NFS clients. I upgrade when a new release hits P3 or P4 so that's roughly twice per year. For later P releases, I weigh the the pros and cons of benefits vs the risks of not patching. NEVER assume that not patching means less risk - it some cases, it is more risk to not patch. Are your customers going to be happy that you didn't patch but panic'ed due to a known bug that was already fixed in a release you could have upgraded to?

I’d say it’s the opposite - frequent testing by to/gb shows any other instabilities. But at any rate, twice a year is typical

More is fine if you want

normally once a year. i have more than 150 nodes and a lot of metroclusters with switches & bridges. updating everything takes me weeks 😉

Fair 🙂

My customers with MCCs tend to only do one a year too

(Or once every 3 years..)

Upgrades go so smoothly compared to the "old days" that I really don't worry about them. I upgrade whenever I want the fixes or need the new functionality. I haven't had to intervene to force a giveback for a couple of years now, also on MCC's

only thing what can bring you some beads of swear is, when you in azure cloud running ontap cvo and having during upgrade 2 times for an ha of 2 nodes a cloud provider event of type freeze which stops your upgrade - and then it could be funny if you can resume the running upgrade... this cloud provder events are known 15 minutes before so you can not avoid this and if you are running an upgade good lucj

We do updates at least once a year. So we get fixes for e.g. security problems and get new features, too. Netapp sometimes gets faster with newer releases. If we need an update to address a problem in your environment, we do updates as needed. And we try to have all out systems on the same releases.