Episode 12: Sensu – Full-Stack Monitoring Platform with Sean Porter

Sean Porter is the Co-Founder, CTO, and author of Sensu, an open source infrastructure and application monitoring solution. Sensu’s customers include Netflix, Uber, General Electric, and the Associated Press. In this episode, Sean discusses the challenges of managing two distributions of the Sensu code, and their journey to raising Series A funding.

Transcript coming soon!

Episode 11: data Artisans – Apache Flink Stream Processing with Kostas Tzoumas

Kostas Tzoumas is the Co-Founder and CEO of Berlin-based data Artisans, the leading company behind Apache Flink, an open source stream processing framework that merges event-driven applications and real-time analytics. In this episode, Kostas discusses how Flink went from university research, to open source project, and finally to a commercial enterprise.

Transcription coming soon!

Episode 10: Nextcloud – File Sharing Platform with Frank Karlitschek

Frank Karlitschek is the Founder and Managing Director of Nextcloud, an open source file sharing and communication platform. NextCloud provides cloud, virtual desktop, and application hosting services for a range of organizations that include healthcare, education, finance, and government. In this episode, Frank discusses the value of Nextcloud’s community contributors and why he believes transparency the best competitive differentiator.

Transcription coming soon!

Episode 9: Rocket.Chat – Open Source Enterprise Team Chat with Gabriel Engel

Gabriel Engel is the Founder and CEO of Rocket.Chat, one of the most popular open source chat platforms on the Internet. Rocket.Chat is used for secure team communication by companies and individuals from a variety of sectors ranging from education and technology, to financial, non-profit, governmental and public services.

Transcription coming soon!

Episode 8: SaltStack – Event-Driven Automation with Thomas Hatch

Thomas Hatch is the Co-Founder and CTO of SaltStack, an event-driven automation platform that delivers threat-aware security compliance, fast and scalable control of any cloud, and configuration management for heterogeneous application environments and data center infrastructure. In this episode, Thomas describes how SaltStack has built tools and point solutions to monetize a very flexible open source platform for orchestration and configuration.

Transcription coming soon!

Episode 7: MongoDB – Cross-Platform Document DB with Eliot Horowitz

Eliot Horowitz is the Co-Founder and CTO of MongoDB. MongoDB is the fastest-growing database ecosystem, with over 30 million downloads, thousands of customers, and over 1,000 technology and service partners. In this episode, Eliot describes how Mongo uses a combination of cloud services and licensing to drive growth of their business.

Transcription coming soon!

Episode 6: Automattic – Web Dev & Publishing with Matt Mullenweg

Matt Mullenweg is Co-Founder of WordPress, the most popular open source blogging and content management platform in the world. In 2005 he founded Automattic, the company behind, WooCommerce, Jetpack, and more. In this episode, Matt describes how they built a thriving business around WordPress.

Transcription coming soon!

Episode 5: Cloudera – Machine Learning & Big Data with Mike Olson

Mike Olson Co-Founded Cloudera in 2008 and served as CEO until 2013, when he took on his current role of Chief Strategy Officer (CSO). Cloudera delivers enterprise tools that leverage the open source Apache Hadoop platform for big data analytics. In this episode, Mike describes how Cloudera contributes to the open source community while also holding back enough proprietary IP to build one of the most successful open source software businesses of all time.



Michael Schwartz: Welcome to Open Source Underdogs, the podcast where we dig into the business models of the best open source software companies in the world.

Today I’m excited to be with Mike Olson, Founder and Chief Strategy Officer at Cloudera.

Cloudera provides Enterprise tools for data engineering, data warehousing, machine learning, and analytics that leverage the open source Apache Hadoop platform.

Mike Olson, thank you so much for joining the podcast today.

Mike Olson: Michael thanks for coming by, I’m excited to talk.

How Did Cloudera Get Started?

Michael Schwartz: How did Cloudera get started?

Mike Olson: The company’s ten years and a few months old at this point. We started in 2008, early summer.

The conviction that I had, along with my three co-founders Amr Awadallah, Christophe Bisciglia, and Jeff Hammerbacher. The conviction we all had was that big data was going to be a big deal.

So if you looked at Yahoo, and Google, and Facebook and others, they were collecting and analyzing data at enormous scale – much bigger than banks or hospitals were doing at the time. And they had invented a collection of new tools to do that.

So Apache Hadoop was sort of the foundational project of this ecosystem. We all believed that banks, hospitals, insurance companies would want to get lots of data and then analyze it in powerful new ways. And this wonderful open source Hadoop project was ideally designed for that.

So our idea was let’s bring those capabilities to traditional Enterprises.

Now I had had a long career in database technology, I had worked for Informix, and Oracle, and a bunch of other database startups you never heard of. I had a long career in open source, so I had worked at Berkeley Unix, on Postgres, Berkeley DB.

So I understood the big Enterprise data consumption behavior, and I kind of got open source. I didn’t know anything about Hadoop.

I had no code running in there, I had not developed it. But I understood what it did, how it worked. And my co-founders had all been actively involved in its development and its use at Facebook, Yahoo, Google.

So together I think we were uniquely positioned at that time to start the business and to try to bring this web technology to traditional Enterprises.

Cloudera Customers

Michael Schwartz: Who’s using Cloudera’s product today?

Mike Olson: Let me talk about what we’ve built for the market, because it’s been heavily influenced by our target customer; and that’ll give me a chance to explain then, who we chose, why and so on.

When we started the company, all we had was Apache Hadoop. That is two open source components, a file system DTFS, and distributed processing engine, MapReduce.

Those two things together were what Google invented for big data processing and what took over the consumer internet. Fast forward ten years, we have 26 different open source projects in the bundle now.

In general all of the new stuff has swiped the fundamental design ideas of Hadoop. Scale out, so deploy and run on a whole bunch of servers, and bring the processing to the data. So MapReduce let you plow through huge amounts of data by every server basically running out tiny little plow-through job on its own, and then you combine the results at the end.

Well, there are other processing engines available now, there is Apache Impala for high-performance distributed SQL analysis. There’s Apache Spark for stream processing, and for marshalling like model training in machine learning. There’s the SlrCloud Lucene search engine that does document search and so on.

So, a whole bunch of scale-out projects now can collaborate on the data on that cluster, on those servers. So you don’t need to make multiple copies of the day, you can do lots of different processing at massive scale by taking advantage of all of the CPUs that you have attached to the storage.

So, platform’s gotten a lot more interesting and handles way more analytic work less than ever before. We’ve built a collection of services that compliment that core open source offering.

Data governance, compliance, living up to regulatory regimes in these big industries like healthcare and financial services, we built tools on the platform that let administrators, and chief information officers, and the privacy team be sure that the rules are getting followed and policies were enforced.

We’ve got high performance security and encryption services, deploy, and manage this infrastructure at massive scale – if you’ve got a thousand computers running a mission-critical job how do you ensure that the jobs going to finish on time, and so on.

So we’ve built a collection of large Enterprise-focused software compliments to that open source platform. The data storage, the processing, and so on, all of that is in the open source and were substantial contributors to that ecosystem, and we benefit from the great workout that ecosystem.

And then we build a product that adds some proprietary IP. That is not, that is differentiated and not nearly as easy for a competitor to pick up and use against us, as the open source would otherwise be. So we maintain some differentiated IP and some reasons for customers to buy from us.

We chose those capabilities: Regulatory support, operations at massive scale, compliance, and so on, security, because we aim to sell to large Enterprises.

Banks and hospitals and insurance companies have lots of data, complex businesses with lots of opportunities to do analysis, so they’re good customers, and crassly they got a lot of money.

So we designed our product strategy, and we did a lot of really innovative stuff expressly to go after, kind of that same large Enterprise buyer that I had been servicing for my entire career as a relational database industry player.


Michael Schwartz: There must be a lot of competition in this market. How do you differentiate Cloudera from some of the other offerings that are out there?

Mike Olson: In 2008 when we started the company nobody had heard of Hadoop.

It was just, you know, it was some nerd technology, if you were an engineer at Yahoo you were up to date. But the industry at large hadn’t heard of it.

The meme of Big Data didn’t even exist yet, so those words weren’t being used to apply to any kind of business problem.

That changed in a hurry. So many competitors have entered the market, lots of folks have recognized the value of Big Data. A number of companies have even stepped in and joined us in delivering solutions that build on the Apache Hadoop ecosystem.

Look, I think there’s a bunch of reasons we’re good, we’re deeply involved in the open source community in order to take advantage of and help drive that benefit, we’ve got to do that. But our differentiation, how we set ourselves apart, is really based on how we been thinking about the customer.

So large Enterprises need the security governance compliance and regulatory support we’ve got. We genuinely believe that, given the decade that we’ve been building the product and the expertise we got, we’re differentiated there.

In addition however, our large Enterprise clients have data centers, and we think they’re going to have data center for a long time, so they want to be able to run stuff on premises.

They need to be able to take advantage of the public cloud, so spin jobs up on Google or on Amazon or on Microsoft Azure. And then, they’d like to be able to move those workloads around among those places – on prem, the various public cloud providers, as business requirements demand.

We support support this sort of, hybrid on-prem and cloud, and also multi-cloud, you can move among the cloud vendors capability, so that our customers get all that security, governance, compliance, regulatory support, and aren’t locked into a single cloud provider.

There are outstanding offerings that are single cloud only, so you know Amazon’s got a rich collection of great data services, and we integrate with and complement those.

But the promise we make our CIO customers is, you can deploy with confidence on any of those venues because if you decide later to move, your applications don’t change, you don’t, you haven’t coded to any sort of built-in proprietary, native cloud API’s. You’re building on the open source ecosystem of Hadoop, and your app will move easily.

Customer Interaction

Michael Schwartz: Are there any grades of interaction, maybe for smaller customers or the community?

Mike Olson: So of the 26 open source projects that we distribute, some were ingested from the open source community, created outside of Cloudera entirely – so Apache Spark’s a great example. Now we’re major contributors in the Spark ecosystem as well, but that was created at Berkeley and then released through the Apache Software Foundation.

One of the two original founders of the Hadoop project, Doug Cutting, actually works at Cloudera so you know, that predated the company, but obviously we were engaged in that from the very earliest days.

And we’ve created open source projects. So a great example is Apache Impala, our distributed query processing engine. Or Apache Kudu, an IoT-based storage engine that were conceived and originally developed here, and released through the Apache Software Foundation to the open source community, and we’ve built communities around that.

We benefit from the great work of the global open source development community. We earn our credibility by contributing to that community as well, so both of those are important.

We don’t really engage commercially with say, small companies with small data problems. Remember, we’re aimed at these large organizations and regulated industries with complex business.

So we really sell to very, very large Enterprises and we focus on those problems, and our interactions with those customers is aimed at basically that kind of buyer.

So we don’t really do much with open source consumption of the platform, although a great deal of it goes on.

We’re concentrating on monetizing and easing the adoption of the open source tech by those big guys.

What Goes In Open Source?

Michael Schwartz: How do you decide how much to invest in the open source projects versus your commercial project?

Mike Olson: This is going to sound glib, actually a whole bunch of thought has gone into it. But very briefly if it’s about data storage, data analysis, data processing – CIO’s don’t want to be locked in.

They don’t want a single vendor proprietary solution.

I mean, I spent a bunch of my career working for great big database vendors and we taught CIO’s that single vendor proprietary lock-in was a mistake. So everybody’s learned, they don’t want me to be able to turn off their data access, they don’t want me to be able to shut down their analytic workload.

So if it’s data storage, data process, data analysis really it needs to be in the open source.

If it’s addressing the unique requirements of a large Enterprise, like if you need to be able to answer the demands of regulators, or if law enforcement shows up and you’ve got to do a data lineage work.

Well, look man, that’s fair game. Because first of all the open source community isn’t going to spend a lot of time on that kind of problem. And 2nd it’s expensive and difficult to develop those solutions, and so I should legitimately be able to be paid for those.

And so in general we’ve got a philosophy on needs to be open source and what can be closed source, proprietary IP.


Michael Schwartz: Have you developed channel partners, or do you rely on the open source to be a distribution Channel?

Mike Olson: We’ve got good channel relationships with some of the big systems vendors.

So you know Dell is a fantastic partner, HP’s a fantastic partner, even Oracle and Teradata offer appliances that bundle the Cloudera platform and they’ll sell through their sales force to their customer base our IP on those appliances.

The global systems integrators are likewise a really good channel for us they turn up a bunch of opportunity.

The bulk of our revenue is from direct sales.

So we’ve got a substantial global sales force with concentrations in AMEA, in Asia-Pacific, and then the Americas and leaders identified there. And we have a bunch of direct sellers and technical folks in the field that engage with our large Enterprise customers.

Initial Sales Strategy

Michael Schwartz: When you were first getting started was it really hard to figure out how to manage the long sales cycle of a large Enterprise? How did it go in the early days?

Mike Olson: Bear in mind that had been the market that I sold two for my entire career, so I knew what to expect in terms of sale cycle. And I was an engineer to begin with right, but in middle-late 90s I stopped being an engineer and became or more and more field-focused.

Anyway, I was used to the buying cycle of that community. I’ll say that we got lucky in a weird way.

So you remember 2008 was the Global Financial Market meltdown. It had a really important knock-on effect, it was everybody was really afraid of what was going to happen further in the economy.

So large Enterprises were looking for ways to shed expense, and if they had to do innovative stuff to do it in novel and much less expensive ways.

So you know, it used to be that you could legitimately go charge somebody $40,000 to manage a terabyte of data. You know there’s a lot of terabytes of data in the world these days, and at 40,000 bucks a terabyte, there’s a huge penalty for having data.

Well this platform was designed to make lots of data cheap, to a cheap to accumulate, and then operate on. So the market crashed, a bunch of CIOs got very cost-conscious, and here we were with this open source foundation and a new way of building scale-out, distributed systems that was vastly cheaper than what came before.

Look I mean, the market crash was a disaster for a bunch of reasons but it was a little bit lucky for us. We tried to stay rigorously focused on what we thought customers needed and that varies by time.

You know the needs of customers today are very different from what they were a decade ago, because everybody gets open source now, right. Everybody gets big data.

We’ve evolved our product strategy along with the maturing market. And I’d, maybe it’s vain, I’d claim we helped to mature the market as we went.

Red Hat IoT Partnership

Michael Schwartz: One of the new trends is IoT. To expand a little bit on the partnership angle, we were reading about a partnership with Red Hat.

Do you see that as the new direction, that better solutions are needed?

Mike Olson: I actually do and unsurprisingly that’s why we got involved in, that’s why I’m so excited about the work we’re doing with Red Hat.

I’d take a step back, IoT as a broad secular trend, is a huge boon to those of us in the big data industry. Right, I mean that data got to come from somewhere.

It’s nice if we just put sensors all over the place, if we were able to ingest you know, stock trader market data at very fine grain, and then we can store huge amounts of it. So the more things there are on the internet making data, the better off that the big data platform is going to be. So, very excited about it on that basis.

If you know much about the Hadoop architecture, it’s kind of this big back-end, where data lands and then you analyze it. What we hadn’t done, what we don’t build, is the end-to-end architecture.

So how do you rely on to get data off of the sensor, or off of the device? What happens to it as it runs the network? Is their analysis and aggregation of data in flight?

Well it turns out the folks at Red Hat and a number of other industry partners, were thinking about those capabilities and taking advantage of their infrastructure software, to deliver some interesting services there.

If we can make our analytic platform a good destination for that data, and then train models using machine learning techniques to spot anomalous activity in those sensors in real-time – well that’s awesome, right?

So the combination of these technologies, really the partnership around IoT data, enables applications that we couldn’t have enabled on our own.

And then obviously, you know Red Hat’s been a fantastic partner in Enterprise software for for open source, forever and ever.

Other Partnerships

Michael Schwartz: Are there other partners that you think have been helpful?

Mike Olson: So in the IoT space in particular, Eurotech and the Eurotech Everyware family, is an important part of that partnership. Looking more broadly than just at that IoT activity though, like any platform software company we rely on a rich ecosystem of other companies in order to succeed.

So you squint your eyes, you’re allowed to think of a Cloudera Enterprise as a database. It’s just not a 1980s database it’s a 2018 database; lots more data with lots more powerful analytic capabilities. But you need the application that runs on that database.

I want to predict which customers will churn out of my mobile service. I want to spot fraudulent transactions in data flows. I want to guess which patient at my hospital is likeliest to be readmitted based on past behavior.

We don’t build that app but we have a collection of systems integrator partners, and independent software vendors that do build those applications. And they’re absolutely essential to our success, right – nobody buys the platform, everybody buys the application, but the platform has to be there to build the application on.

License Strategy

Michael Schwartz: One of the popular licensing strategies in open source is open core. Do you have some thoughts on that strategy, or maybe licensing in general?

Mike Olson: Couple things. So first of all – this is just a super fraught emotional area. People have very strongly held views. I’m pretty pragmatic. I deeply believe in the strategic value of open source.

You get this global community of really smart folks, anyone who cares enough about a problem can join the community and concentrate on solving that problem; and because they care a lot about it, they’re probably going to be better at it then someone you choose randomly.

So open source innovates in ways that proprietary software can’t because you can harness the whole planet, and you get to take advantage of distributed expertise. I love it.

The challenges of purely open source products is able to be picked up, and given away by any vendor who wants to do that.

So you can think of a mega vendor grabbing a collection of open source IP, pricing it at zero and then monetizing that by selling proprietary database that connects to it, or a whole bunch of expensive services or… if you invest a lot an open source development you run the risk of being commoditized when someone else takes that IP. And drives its cost way down, so you wind up competing with them.

Our decision to complement our open source platform with proprietary IP is not intended to lock customers in, its intended to lock competitors out.

I want to have some reason that customers will come to talk to me and not go talk to one of those big bad commoditizing vendors. And that’s why we build our product, that’s why we have the IP strategy that we do.

We’ll always have proprietary IP that complements the open core, the open source.

What that is will evolve over time as our business involves. And the open source ecosystem will also evolve over time.

People are going to innovate a new ways, maybe some stuff that used to only be able to get one way you’ll be able to get four or five different ways. But I believe it’s a good sustainable long-term model. Certainly it’s served as well in the decade since we started the business.


Michael Schwartz: Would it be oversimplifying to say that the strategy is to build proprietary tools around the open source?

Mike Olson: It’s a fair view. I mean if, if I use those terms in front of my marketing guys, they’d say but we build way more than tools, we build a platform. Fair enough, right.

But complementary code aimed at the specific requirements of large Enterprises, that compliments all the power, flexibility, scale of the open source ecosystem.

Closing Advice

Michael Schwartz: So if you are an entrepreneur who wanted to use open source as part of your business?

Mike Olson: I’d say first of all, you know, 20 years ago… Oh heck, man. Yeah 20 years ago, 30 years ago, when I was working on Postgres, when I was working on Berkeley DB, there was this question you know, what is the open source business model?

I think that question is poorly formed. A business model is actually complex construct. Open source is a really important component of strategic thinking.

It’s a great distributed development model, it’s a genius low-cost distribution model – anybody can download your software at very low cost on very low friction.

And those have a bunch of advantages, right. You need to think about how you’re going to get paid. So what is it that people will give you money for, and it can’t just be because you’re good at what you do, because sooner or later somebody else is going to get good at that too, and competition is going to be tough to maintain attractive margins.

So you need to be thoughtful about the unique value that you’re adding. You need to think about who the customer is, and what they require, and why they will uniquely buy from you.

The particulars of the license that you choose matter a lot.

The GPL is coercive in a way that a lot of people like but that freaks out, for example, a lot of cloud vendors. They won’t pick up GPL’d code because they’re concerned about getting infected with the GPL requirements on code that they developed. The Apache license I think is actually a great license and has some good IP protection around patents, but is much more permissive.

So you want to think about what the license requires relative to what you’re going to deliver to your customers, and why they’re going to buy, and how that’s going to stay defensible. I think there’s a lot of really good thinking on this.

Clearly Red Hat is world-class at building an open source business, but it’s much more than – what should I do with open source? You want to think about who you’re going to sell to, why they’re going to buy, and why you’ll be able to preserve differentiation, and your advantage long-term in that market.

Michael Schwartz: Wise words from Mike Olson. Thank you so much for sharing your thoughts with us.

Mike Olson: Thank you Michael, I really enjoyed it. Thank you for coming by.

Michael Schwartz: That’s it for episode five. Transcription and episode audio can be found on

Special thanks to the Linux Journal for co-sponsoring this podcast to the All Things Open conference for helping us publicize the launch.

Music from Broke for Free, by Chris Zabriskie and Lee Rosevere.

Production assistance from Natalie Lowe. Operational support from William Lowe. Thanks for the staff of Cloudera for schedule juggling.

Next week we’re leaving the Bay Area and we’re off to the Big Apple, where we’ll visit with Eliot Horowitz, one of the founders of MongoDB.

Thanks for tuning in.

Episode 3: MariaDB – Open Source RDBMS with Michael Howard

Michael Howard is the CEO of MariaDB, one of the fastest growing open source database platforms in the world. MariaDB powers applications at companies like Google, Wikipedia, Verizon, Deutsche Bank, Telefónica and more. In this episode, Michael describes how the “Business Source License” enables MariaDB to monetize software and reap the benefits of an open source community and development methodology.



Michael Schwartz: Welcome to Open Source Underdogs, the podcast where we bring you the wisdom of open source business leaders.

Today my guest is Michael Howard, the CEO of MariaDB Corporation, the company behind the fastest-growing open source database in the world.

MariaDB is used by more than 12 million developers worldwide and is the database of choice to power applications at companies like HP, ServiceNow, and Wikipedia.

Michael, thank you for taking the time to join us today.

Michael Howard: You’re welcome.

Michael Schwartz: Why don’t we start the podcast with just a brief introduction of how you happen to join MariaDB and maybe a little history about MariaDB.

MariaDB History

Michael Howard: So MySQL was named after Monty Widenius’s daughter.

Her name was My, something like that in Finnish or Swedish. And Maria is his second daughter. So that’s the naming convention here, it is through Monty’s daughters. And as a result of course, the group of engineers that build MySQL and MariaDB are very attached to their family.

And when MySQL was initially bought by Sun, and then ultimately segwayed through to Oracle, there was a rift in the family. And in about 2009 there was a fork of the MySQL project and that fork became MariaDB.

And then some years later in 2013 MariaDB amalgamated, or put together, all the different aspects of the programming group the foundation, a support organization called SkySQL and in late 2013 that’s the MariaDB Corporation as you know it now.

Michael Schwartz: How did Michael Howard end up joining MariaDB?

Michael Howard: Michael Howard in the late, all through the 90s and late 90s was a disbeliever of MySQL and anything open source.

So that’s the origin of my story, in that, I could never imagine a group of programmers building a general-purpose database that would be able to tolerate an accommodate and support the primary functions of a business.

And I truly believed that the only way that that could be done is assembling very straightforward proprietary approach and let’s say it, my PhD thesis of that came when I joined Oracle in the 90s, and that’s what I believed.

But then as the world changed, and this is after 2000, you could see that the world was dividing. There were a couple of important signs of that and that was the Hadoop or HTFS world coming to play. It was the NoSQL databases coming into play starting with the caching layer.

And my view changed along with that new ark of software. So I knew the guys at MySQL and MariaDB for many years, didn’t think that they could bring themselves forward into true OLTP enterprise fortitude workloads.

But the world has changed. And I changed with it.

Michael Schwartz: OLTP – Online Transaction Processing?

Michael Howard: Yeah, you got it. Should have said that, but yes.


Michael Schwartz: So tell me a little bit about today. Who are the customers of MariaDB?

Michael Howard: Almost every company in the world now is touching MariaDB in some kind of way, in that we have displaced MySQL as the viable default relational database in all the Linux distributions. So even mom-and-pop shops that use Linux automatically have access to MariaDB, we have an addition that goes in those Linux distributions.

Somewhere between 12 and 60 million customers are touching MariaDB today through this unique distribution. And this is by the way one of the unique things about open source, that your ability to propagate and touch people across the world is enormous.

But that’s how it’s happening with the Linux distributions, and so to with the clouds in that, since it’s a default mechanism in Linux suddenly becomes a default mechanism in many clouds.

So we span from small shops that you’ve never heard of to the Fortune 10. You could look at things like AT&T, Verizon, Barclays, New York Mellon Bank, Development Bank of Singapore, Alibaba, ServiceNow, I mean it just goes from the most consequential companies in the world, even running airports. It’s quite remarkable.

80/20 Rule For Customers

Michael Schwartz: Just to drill down a little bit. Is there an 80/20 rule? Who are the most important customers in terms of Revenue?

Michael Howard: That’s a matter of opinion, how you do the 80/20 on that.

Because one of the problems that, let’s say the Hadoop family has via Cloudera or Hortonworks, is that Hadoop has become kind of part of the 1%, not big part of the 99%. And for me coming from proprietary areas you don’t want to relegate a company like MariaDB to the top 1% or 10%.

Therefore saying that your top 10% or biggest customers are the most important because here we want, and I’m going to use the word extremely, an extremely well-rounded business model.

So for example, in our world about 40% of our transactions on a quarterly basis comes from mom-and-pop shops. They don’t really think too hard about databases, but they kind of go with what’s easy for them to include as part of their environment. Then there’s another 40 odd percent where they’re making more strategic decisions but it’s still appended to a mentality of, for example replacing MySQL.

And then if we use those percentages there, there’s another 10 to 15% which is big time, and literally replacing out the likes of DB2, SQL server or Oracle itself.

And so I guess you could apply the 80/20 rule in each of those categories, or sale segmentations. But you couldn’t come up with an 80/20 rule across the board.

So there is sale segmentation, if you look at our documentation for example, it’s free. So anybody who doesn’t have a support contract can use a magnificent amount of content. But if someone has a production application and they need some sort of identification that’s a different level of interaction with the company.

We can’t talk to all customers, it’s impossible. It’s a challenge that cannot be overcome by people. If you look at it from let’s say, a business perspective like margins and productivity per person, there has to be more automation.

There has to be more automation in terms of buying contracts or buying things through eCommerce.

We even have to have easier ways where people can instantiate and test out new features instead of going it on their own, so we’ll do some things in the cloud to facilitate that.

So there’s many levels of interaction that must take place. But I think what we need to do to improve, really big time, I mean we have some major steps to make to be able to handle the numbers that we’re talking about, and we’re not doing that right now.

You know you look at some of the big players like Amazon or Netflix or whatever, they are doing it. So that’s the funny thing we’re a small company, under 200 people but we have the same level of interactions as the cloud platforms do.

Because, and sometimes even more, because MariaDB is on all those clouds. It’s a fixture there, so it kind of gets multiplied many times.


Michael Schwartz: What are the most important revenue streams? Is it license? Is it support?

Michael Howard: Well for me coming from the proprietary world and the SaaS cloud, I’m very formalistic about this.

So the most important from a just formalistic point of view is ARR, Annual Recurring Revenue, on a quarterly basis the amount of new annual contract revenue.

Things like TCV which is equivalent to bookings are less important to me, more important for let’s say my CFO who wants to make sure we have a certain amount of cash in our bank accounts.

So the most important thing is ARR, that’s the first level. Second level is what does that ARR constitute.

And again coming from where I came from, where the multipliers on services and manpower support is not as powerful, not as valuable to, let’s say listing the product at NASDAQ or having some big liquidity event in the future, the most potent value is product; license on product.

And that becomes a very interesting and almost somewhat contradictory or paradoxical conversation when it regards open source. So our subscriptions are the most important part, and those subscriptions come with many facets.

It comes with technology that cannot be procured or accessed in a general sense by just the Community Edition.

We save some stuff that’s private. It may or may not be licensed under something that we came up with which we believe in, very much not only for MariaDB, but for open source entrepreneurs world over, and that’s something called the business source license, which we should probably talk about.

So you have technology. You have things that are not necessarily available through the Community Edition. You have legal protections, I named one, in some cases limited indemnification issues come up in especially regulated industries for production applications.

Then of course you have the typical element which is, a typical element of open source which is support.

So that’s how we make money. Our revenue come solely from our subscriptions which has a spectrum of things in it to make it valuable.

Open Source Dilemma

Michael Schwartz: There’s a saying called the open source dilemma where customers only renew support contracts when they need help, when they have problems. How do you get customers to renew and retain them to get that revenue to be actually recurring?

Michael Howard: Right, there’s a… It’s an interesting topic because the good and the bad of open source is that it compels the engineer or the firm to build new things. So for example, in our latest release we have temporal processing, inversion tables, very sophisticated ways of supporting governance applications.

This is a very very, it’s a multi-dimensional data object, being able to be joined with a million other multidimensional data objects, the math is extraordinary; be able to do that in an optimized way.

When you put out features like that and you continually do so, you will compel, behoove, motivate very easily customers to continue with their contracts. So the virtuous cycle is inherent in your ability to innovate.


Michael Schwartz: Changing topics a little bit. Are there Partners who help you get MariaDB out there, or that you rely on for success? What is the channel?

Michael Howard: We do have channel partners but it’s not as mature as, let’s say older firms.

I think we’re just at the very beginning of it. And channel partners can come from an enormous number of different areas, for example it could be a cloud vendor that is actually a channel partner, right. Being able to serve a certain constituency, as you put it, through their Cloud. It could be your typical channel partner that has some kind of ecosystem, could be that.

The one that comes to mind, just kind of new, both I think for the world and for us is you take something like ServiceNow, where they’re serving 40% of the Fortune 2000. And many of those companies don’t even know that MariaDB is the engine behind every single workflow that is going on in those companies, which is quite extraordinary.

But in some cases they need to have on-prem support from us and so suddenly you have the world of cloud interacting with the world of on-premise and that becomes a channel play that you would have never envisioned before.

Value Prop

Michael Schwartz: Why do people use MariaDB?

Michael Howard: I’ll give you an example.

Let’s say you’re a big company and have a huge server farm, and you want to start looking into ARM as your chip bases. You’re not going to be able to use a process space database on an ARM chip, it just won’t be economical.

Maria happens to be thread-based and the pooling resources for threads on ARM is as good as typical non-ARM chips.

So it could be that you are trying to have more compact space for your server farms, less real estate, less use of electricity, less heat. It could be that you realize after 20 years that you’re paying 60 times more than you should for basic SQL standards.

It could be that the basic philosophy of the company that you’re using is so out of touch with what a modern system is that you want to move forward with your own stack.

There’s an extraordinary number of reasons.

I mean the the primary one is that when you go into MariaDB you’re not only partnering with one of the best engineering firms in the world. You’re partnering with other great engineering firms in the world that are contributing to the MariaDB kernel. And you know that MariaDB will never be out of touch because of the extraordinary open source community that is contributing to it and there is no equivalent.

At Oracle everything goes through Larry; he is the Editor in Chief of Oracle.

Here you have a much more diverse set of curators.

MariaDB Foundation

Michael Schwartz: One of the things I wanted to ask you about was the MariaDB Foundation. It’s the ideal of a lot of Open Source projects.

Maybe you could talk a little bit about how that came about and what their role is.

Michael Howard: So the way I look at the foundation is they are the steward of the project’s repository. And they are the ones that teach people how to contribute to that repository.

Allowing freedom and equality for creativity, innovation through code, persisted in repository that is formalized under the foundation. And they’re advocacy to developers to help with that, their outreach to Linux distros. That’s the kernel of what they do.

Michael Schwartz: Where’s the line between the company and the foundation in terms of a decisions?

Michael Howard: Well I mean, there are simple lines, I’ll start with the simple ones.

They don’t do any support, you can’t go to the foundation and say I have a problem with something or bug, they won’t, they don’t have anything to do with that. That’s where the corporation comes in.

If there is a hot patch that needs to be applied because of a security issue, they’re not, they don’t act in that manner, they don’t respond that way; the corporation can.

Obviously you can’t get any legal privileges through the foundation. Let’s say you have a big idea that you want to put into the project, but it’s maybe a little bit over your head to really do it in the right way. You know just because there’s an open repository doesn’t mean that you can willy-nilly put something in there that’s mediocre.

But there are certain projects, I’ll give you an example: The Development Bank of Singapore wanted MariaDB to have a PL/SQL Oracle compatibility layer. That’s an extraordinary difficult project and could never be done themselves. And that’s when you enlist, for example, our engineers in the corporation.

Foundation Feelings

Michael Schwartz: So not to put you on the spot..

Michael Howard: You have so many times already!

Michael Schwartz: But nonprofits always involve politics and so how do you feel about how has it gone?

Michael Howard: I think it has pros and cons. I don’t think it’s a clean deal by any means.

I think that when you have independent entities they each have their own egos and they each have their own aspirations to spread their own wings. You know it’s just like when two people are discussing a subject, each one of them kind of wants to have their opinion supersede the other.

So it’s part of humanity to have that innate conflict but also innate need to work together.

Business Source License

Michael Schwartz: You mentioned license before, and I didn’t want to make this podcast a deep dive on license because you could probably do a podcast by itself just on the licensing part. But you did mention the business source license.

Maybe you could talk a little bit about what is the business source license and how does it relate to the other licenses perhaps at some of the other products or offerings come under?

Michael Howard: I’m going to start in a strange fashion on this narrative and that is: When I announced business source license I should’ve had a set of security guards from the open source community. I wasn’t sure what might happen to me.

Because it was disagreeable to them in some emotional ways in that, there are a lot of people out there that are pure open source zealots, and it’s an ideology like any political or kind of religion that can get the best of certain people.

But I felt that the company needed to be able to have as much financial resources as possible to make our products great.

And since we were stepping into the enterprise zone, which meant that we had to simulate or actually replicate many things that SQL Server via Microsoft or Oracle through Oracle does for their customers. And financial resources are extremely important to do that. And database features as you know, it’s not like a SaaS application.

Sometimes it takes many years to build one feature and those people are dedicated, like the version tables in the temporal processing that I mentioned, that was a very difficult feature, it took us years.

So how do you reconcile the world of free and the world of financial resources? How does an entrepreneur like yourself go to a VC and expect any funding if there is no business model. And at the same time if your whole company pivots off open source, again how do you do this?

After some deep thought the business source license seemed to be the best balance that I could find.

And what it is, is essentially very simply postponed open source. You get one of our products that uses the business source license, and for a certain set of time that particular version you pay for.

But at a certain point in time let’s say 36 months later it becomes open source. You can self support, you can do anything you want to it, and you’re not dependent on the corporation.

So it’s just trying to bootstrap product so it can meet the expectations, especially when these expectations have been built over 20 years with many billions of dollars.

Michael Schwartz: Sort of like a patent that expires, maybe.

Michael Howard: Yeah. That expires, that’s a good one.

Except I guess the deviation would be that even though the patent in this case is on for that amount of time, you can look at the code, it’s completely transparent just like open source.

Go to repository, our repository, it’s on GitHub, look at branch, you see it, you can contribute to it, you can do all those things. There’s even certain times when the license says you can use it for free, you know that kind of thing.

But, if you going to into like a production mode, and this is the case with a MaxScale, our database proxy. If you have many nodes that you’re serving with this proxy – you got to pay for it at some point. But that version will under the file name go GPL at a specific date.

License Enforcement

Michael Schwartz: What are your thoughts on enforcement? Is it on the honor system?

Michael Howard: So, right now it’s honor system. I think we’ll have to do some kind of home calls at some point and identifiers.

So there are times when certain customers try to take advantage. Where they’ll buy let’s say one or two copies of the paid version, but really the problem is emanating from thousands of free things that they’re using.

So right now it’s the honor system. There’s been some transgressions that I’ve seen. And of course the bigger the company you go to the less transgressions there happens to be. It’s more in the lower end where I see abuse.

Advice To Startups

Michael Schwartz: Any advice for entrepreneurs who are starting, who want to use open source as part of their business?

Michael Howard: So my advice is: It depends on what part of the stack you are.

So if you are in infrastructure you have no choice but to be somewhat commodity based or open source based. I don’t really believe that security for example has to be open source.

I see, you know I have a little security background. So listening to you, there was no reason to make, let’s say FireEye, open source. Just no reason, no one would expect it.

I think it’s interesting that you guys have gone in that area a little bit but the key management systems that I work with I never expect them to be open source.

On the SaaS level, you know you have one interesting juxtaposition between SugarCRM in Salesforce right. Has Sugar really gotten major benefit from its open source disposition?

You know I think what’s happened is the proprietary vendors have milked the industry so badly, that the time came when that practice had to stop. And MariaDB is sort of a symbol of that arrest.

Michael Schwartz: If you’re an entrepreneur, you’re saying if it’s infrastructure you should go open source.

Infrastructure & Open Source

Michael Howard: You don’t have a choice anymore.

Michael Schwartz: You have to, okay, that’s interesting.

Michael Howard: You really don’t. I mean you know, you have Intel maybe coming up with a chipset that’s not open source or their 3D XPoint, you know, that’s not open source.

But if you look at, you know let’s say a no more commodity-based analogs to that; they’re going to end up winning. I mean Intel will lose again because they’re charging too much.

So infrastructure I don’t think there’s a choice.


Michael Schwartz: Any thoughts about how do you stay true to the open source mission that maybe has helped build the culture around the company, and still fund the company, or build a business?

Michael Howard: Well, I think you see with very few exceptions VC’s funding open source companies. I think the market has already made that decision.

I mean there’s just no comparison between the funding percentages for open source versus lets say closed. There’s just no comparison. So I think the decision has already been made.

So then the question is if you have an idea at store at a storage software level, let’s say, or a container, you have no choice to be open source.

So then there are two things that come to mind. One is, you have to employ something like business source license and that’s the only way you’re going to get funded when you are presenting to a venture capitalist.

You have to have some way of bootstrapping your company with some revenue, a support meal ticket just does not make sense from a margin perspective, or the multipliers that VC’s are expecting in a liquidity event. So it’s dead on arrival if you go that way.

So it’s very simple you can’t just go open source, you have to have a business model behind it that makes sense. There’s only a couple ways you can do that.

Michael Schwartz: Thank you so much Michael for sharing your wisdom and best of luck to MariaDB.

Michael Howard: And to you too at Gluu.

Michael Schwartz: Thank you.

Michael Howard: Alright, bye.

Michael Schwartz: That’s it for episode 3. Transcription and episode audio can be found on

Special thanks to the Linux Journal for co-sponsoring this podcast, to The All Things Open Conference for helping us publicize the launch.

Music from Broke for Free, by Chris Zabriskie and Lee Rosevere.

Production assistance from Natalie Lowe. operational support from William Lowe. Thanks for the Staff of MariaDB for logistical support.

Next week we’ll talk to one of the youngest startups in our series – Ian Tien, CEO and Founder of Mattermost, one of the leading chat and communication platforms.

Until then, thanks for listening.

Episode 2: Netgate – Secure Networking Software with Jamie Thompson

Jamie Thompson is the President of Netgate, the company behind the popular open source firewall project, pfSense. Both Jamie and her husband Jim, who is also featured on this episode, have spent the last 15+ years making secure, high-performance network connectivity tools available to the masses. In this episode, Jamie and Jim discuss bootstrapping their company and Netgate’s unique business model that involves monetizing hardware that implements their open source software.


Michael Schwartz: Welcome back to open source underdogs, the podcast where we interview leaders from successful open source software companies and bring their stories to you.

Today my guests are Jamie and Jim Thompson, founders of Netgate, the company behind the popular open source firewall project pfSense which is over 1 million installations.

Jamie could you start by telling us a little about Netgate and your journey founding it?

Founder Story

Jaimie Thompson: Sure. Netgate is a open source network security company, both contribute to and utilize open source software and create products from those projects.

About me personally, I’m too old. I’m from Oklahoma originally. I was peak woman, there was a peak year for women in computer science and that was the year I graduated with a degree in computer science. And that was 1984, a long time ago. And I have a master’s degree in applied cognition and neuroscience which is essentially experimental psychology.

Worked as a software engineer. Early my career switched over to doing more of the sales engineering, worked for Sun Microsystems. I’ve worked for here in Austin a company called Tivoli Systems, which was ultimately went public in the 90s and got bought by IBM.

And I guess we started Netgate in about 2002 and I’ve been doing it ever since.

Jim Thompson: So Netgate was originally the name of a firewall that we’d done.

The first time we had an open source company called SmallWorks here in Austin that started with open-source I think my first open-source contribution was a port of new E-Maxx to a convex supercomputer in like 1987.

And there I went to Sun and that’s where I and Jamie met. Building out their worldwide network and got pretty involved in network security, that point I download the first set of proxies. Around 1989 or so I did that, because we had a need internally.

Once we started hooking up all the sales offices and remote facilities to this internal WAN and everybody wanted access to what we now know as the internet. It was really more ARPANET then. So I built a proxy so that people could get out and go fetch the latest version of the X11 system or something like that.

And that sort of, I saw that and saw people use it and sort of identified a need for actually agreeing to build a packet filter for the Sun Systems that was sort of the origination of the original Netgate packet filter or firewall.

Jamie Thompson: So when we started, Jim came up with this packet filtering firewall back in the early 1990s. And it was also open source but in kind of a different way – when you bought it from us, we gave you the source code so that you could analyze it and make sure that there weren’t any backdoors and you couldn’t sell it further on.

But you could certainly take it and analyze it internally, and in fact one of our early customers was Wells Fargo Bank. So we’ve kind of been dealing with network security and firewalls and took a detour through wireless for a decade. And have always been interested in and involved in network security and how do you create both privacy and security, both for companies and for individuals.


Michael Schwartz: Who are the customers of Netgate today?

Jamie Thompson: Well it’s really interesting, the software is very lightweight on providing any sort of feedback for us. It is open source, you can download it off the internet and run it.

You don’t have to sign up for anything, we don’t create any not paywall, but there’s no registration wall, to get the software. So we don’t always know who it is unless they are either asking us questions, either on the forum or in support or if they need some professional services or they want a private port or something like that.

So we’re we actually are learning more and more about who the customer base is at this time, but we have everything from individuals who are running it in their home labs, and then those people sometimes will take it into their companies.

And we also have a lot of government entities who run it. And then there’s actually in entire governments that run it, not the United States government but portions of it actually do, yeah. So it is used both inside the US and then other government entities around the world. Lots of individual, yeah, lots of S&B. There are some service providers who also use it.

It’s also integrated into some other products, so you’ll see people who’re providing some sort of service and they use our software either for the transport or for a firewalling, that sort of thing.


Michael Schwartz: Is there software that people can buy? Or do individuals just download the open source?

Jamie Thompson: Well both. They actually can download it for free or we also take that software and we package it onto hardware.

So Netgate utilizes the project and creates a product from it. And then the product is packaged either with hardware or in the cloud and we sell support and services around that. So really how we’re…

Jim Thompson: Some part of that is system integration. You know, product test and release testing. that kind of thing. We test primarily on the things we sell.

So there is a lot of system integration or ports to get on new hardware, so we expend the effort to get on some of them and make that experience. You know really clean and easy. But then we have to maintain that going forward.

So we test and release in part just on what we sell, we make a generic version available to anyone. But the actual, if you will, hard work of making sure that things really work has to be done on some hardware platform.

This we have to focus on, we sell or cloud platforms, virtualization, that kind of thing.

Support Services

Michael Schwartz: Do you sell support services?

Jamie Thompson: Not everyone who purchases hardware from us gets a support contract or needs professional services, a lot of people already know how to use the software. It’s straightforward enough that they don’t need any extra work.

So like a lot of other companies out there, we can’t sustain the project on just support and services.

Jim Thompson: There are both large and small customers on the forum. US Army Cyber School we discovered on Reddit. Literally, one day. They were already a customer and they are user of pfSense. We didn’t know it because we have no way of testing them.

So again, it’s sort of across the entire range of customer types or segments of the market, if you will. We only know and work with people who have approached us.

Now, we know the approximate attach rate for people that we sell to versus how many instances of pfSense are turning up in the world. We can’t measure on a very granular, non-granular or scale that we see, more and more IP addresses if you will, looking for updates, or downloading additional functionality via packages, that kind of thing.

So we can see in approximation of the size of the installed base on any given month, and we know who we sold. And you know that ratio is about 1 and 20.


Michael Schwartz: Are there some companies who are OEMing the product?

Jamie Thompson: Well, there are companies that have taken it – it is open source, and so they can integrate that into their own product or in the cloud.

We have versions of the software available on the public Cloud so they can utilize it and in their businesses or integrated as part of their own software as a service product offering.


Michael Schwartz: How about channels? Do you mostly sell direct, or do you have any integration partners who help you reach customers?

Jamie Thompson: We have both a set of hardware resellers. So there are people who wanted to be involved with pfSense and especially in other countries, or in other languages we don’t have the ability to speak with them directly, we have ported the, it’s not call port it’s a…

Jim Thompson: Endemic translations.

Jamie Thompson: Yeah we’ve done a bunch of language translations, do you remember how many?

Jim Thompson: It’s approximately 30.

Jamie Thompson: Yeah I was thinking 30 as well. So the software runs in these other languages and obviously we can’t speak all those languages, no one here is that good.

So we have in-country partners who can either sell support service, and we have both people who are doing straight reselling, we have people who are MSP’s or MSSP’s. We have people who are buying it direct and then daily lease it. So there’s all kinds of different models.

We also, in terms of channels on the cloud, we do support some of the cloud service providers. People who do the integrations to basically create an entire stack. So if you wanted to move your application or the set of applications to have as a company into the cloud you could do that and the cloud service providers, their partners would help you migrate all of your data and put together your infrastructure and help you monitor and manage it.

And our best partners right now are in Europe. Some of them again are MSP’s or MSSP’s and some of them are just selling direct or helping people integrate.

Value Prop

Michael Schwartz: What’s the value proposition of Netgate?

Jim Thompson: We are the developers of pfSense primarily. There are community contributions that you can actually go out and look at like the list of Git commits. And you filter out the ones that you know staff here have done. It’s you know 90% plus Netgate.

And so since we’re the developer a lot of people feel safer when they’re dealing with the people who actually make software, you know, why wouldn’t we give the best possible experience on things we sell.

Jamie Thompson: We employ a lot of engineers, we have people who have commitments for FreeBSD. We have people who are just fantastically gifted both in hardware and software. We couldn’t do it without the engineering team, they’re just fantastic.

And it’s, you know the kind of thing you can’t get from a community because it’s hard to prioritize that open source development over what you’re doing in order to be able to be paid so that you can eat, and have a house, and all those good things.

So we actually do employ a huge team of Engineers to work on this open source product. And do the testing and the architecture and we run the infrastructure and…

Jim Thompson: You’d be amazed at how low-level we have to go to fix some issues. You’re talking about, you know, peak of second timing on NMMC bus, or we run into in situations where Ethernet PHYs don’t have the right choke on them, and so you can see more power in the PHY than you otherwise would. And we’ve had to actually go back and debug designs we didn’t do.

So there are there literally three people on staff who are EE’s, know them and engaged with EE on a day-to-day basis. The 4th who knows enough about it he could, he used to design medical devices. So we have a depth here, the technical depth that some people would find astonishing.

Use Of Open Source

Michael Schwartz: Has open source served as the main distribution channel for Netgate?

Jim Thompson: Well principally it’s a licensing structure. It’s almost all open source licenses are based on copyright, the original, the ability of the original author for assigning to control that copyright or leverage it.

The original, if you will, of the GPL turned copyright on its head that’s why some people call it copyleft. They use copyright to enforce the fact that you can control the copying. It’s an interesting hack if you own the legal system.

We have benefited enormously as has, you know, RedHat and a slew of other companies you can name from, if you will, marketing via these you know user groups. They’re in control of their own conversation, there’s no marketing conversation in the room. There’s all this experimentation if you will, 10000 flowers.

Try the successful ones are successful, and the unsuccessful ones you never heard about. So yeah we’ve engaged that too, and the fact that the the software is open source and free has been quite a bit of the actual marketing.

People discovered it and use for their own purposes and introduce to people who we were never gonna here from unless they approach us directly. It spread largely through that if you will, word of mouth or word of forum, association of use pfSense, it’s great.

You can still see that going on today. There are hundreds and thousands of people I will never meet who are using software we create.


Michael Schwartz: What is the primary activity of Netgate?

Jamie Thompson: Software development is the primary activity. If you say what are you as a company? We would say that we’re a software company.

But in order to leverage that software, in order to be able to actually continue to develop that software we do need an income stream, we need a revenue stream. And since we are self-funded, we don’t have VC, we’ve had to do that by selling hardware and services and renting it in the cloud.

So just like any any other company would do, I’d say that our number 2 activity actually is probably hardware development, which is kind of weird.

We have hardware, we work with some of the ODM’s and OEM’s on hardware designs and so we’ll go to them and say well we need, an Intel box that has 4+ next, you know i350 and two i210’s, don’t want those i211’s.

So like Jim said earlier, we have a lot of hardware depth that you wouldn’t expect for a software company. And that really isn’t normal, I think that, you know, if you look back we’re kind of more of a throwback to the kinds of companies that you had in the 80s where you would, you would develop both the hardware and software together and sell tell the system.

So that’s what we’re doing, we’re selling appliances and we’re providing both the software and the hardware that it runs the best on.

Jim Thompson: Vertically integrated.

Jamie Thompson: Yes, oh there you go.

How Did You Figure Out How To Vertically Integrate And Self-Fund?

Michael Schwartz: Normally I would think a hardware company needs a lot of capital. How did you figure out how to vertically integrate and self-fund?

Jim Thompson: A lot of credit card debt.

Jamie Thompson: Yes there’s been a lot of credit card debt, that’s true. When we started down this path with the hardware we were taking components that were available, and we were basically integrating those components and we were doing it on a pretty small scale.

And as we were able to convince people that we knew what we were doing in terms of both the software and the hardware and the integration. And we just had some really good solid products out there. That, actually, stuff that we sold 8 years ago is still on the field running today. And we basically just slowly grew and slowly grew.

Then we would reach kind of the limit of that hardware or of the supplier. We had one supplier, so we were doing 500 a month and we’re like okay we need to go 600 a month. Well we can’t do that, we can’t manufacture that much.

Okay we have to go off and find a different manufacturing and we’ve slowly gotten to the point where it’s just been a pretty much continuous ramp to the point now where we can go to some of the larger people in China or Taiwan or wherever they happen to be. And say, okay we will sign up to this many systems over this period of time and …

Jim Thompson: We can write large PO’s and back them with financial strength of what we built together over the past decade.

But has taken reinvesting almost everything we made to continue to make the business grow. So we live, sleep, and breathe Netgate… While raising a child!

What’s Next For Netgate?

Jamie Thompson: Kind of more interesting thing is that over time we’re looking at the software which actually started with Manual Casper, manu wall back in the day. And we’ve improved the software, we’ve ported it as FreeBSD has changed, we gone along with that.

One of the big things that we’ve just done is we’ve all ported to PHP 7.2. So we were running with the older version of PHP and the current person that’ll be coming out here shortly we’ve had to to update to 7.2 because of course you know software end-of-life’s, over period of time it goes to a no-support model.

One of the interesting things we did about three and a half years ago, four years ago, is we sat down, we said you know – if we were going to rewrite this what would we do? Because the questions that were being asked and the requests we were getting from the customer base who talk to us are like you know, it’s easy to do one firewall.

It’s easy for me to sit down in my home lab and control the firewall for my house. But at work I’ve got 50 of these things and I have to go control them individually just have a GUI, rather than a GUI, do you have an API? Can we use rest RESTCONF for NETCONF, or basically as architectures have changed and people’s thinking about management has changed.

We saw that there really wasn’t a way for us to change that software because of the way that was originally architected. If would be really difficult to put an API in. So while we’re also moving pfSense along we’re also thinking in the back of our heads what do we need to be doing differently.

We have actually some new software and it’s also based on open source, it’s Linux-based. It’s called TNSR.

And TNSR is really the result of a lot of architecture discussions within the engineering group and looking out to see what other people are doing now in terms of managing their networks and providing security for their networks.

So now you’re looking at orchestration and automation. A lot of people are are looking at well how does this run with Kubernetes how does this run with containers.

How I manage 50 of these things at once, and so not only are we working with pfSense but we’re also working with TNSR is really, well it’s available today in the cloud, but it’s really trying to kind of solve the next generation of problems around network security.

Why TNSR Was Needed

Jim Thompson: In those environments computers and the networks they run on have disappeared inside a machine, there is no box, there’s just one box, it’s the big box that you don’t even know it or see it.

It’s on a cloud provider somewhere, so on Amazon or Google cloud or Azure or something, and you never see it, and you never see the networks around. You just have the sort of remote ability to control via an API so there’s no there’s no blinking lights, there’s nothing left to touch.

And so that ends up being very different environment, these Kubernetes environments have messaging rates sometimes that are you know hundred thousand messages a second you have to be able to tell what’s happening.

So TNSR, which Jamie started talking about, is sort of an answer to what’s starting to occur in-network.
How Much Profit Gets Re-Invested In R&D?

Michael Schwartz: How much profit gets reinvested in R&D?

Jamie Thompson: All of it, basically. Yeah.

So, basically as we’ve grown the company and have been able to add more people, or we’re really lucky and in the respect that we took whatever we had, and said okay, what’s the next thing that we can do to make ourselves be more useful to our customer base or to be more useful to enterprise.

One year we added 24/7 support. And suddenly, oh okay, you guys are real because you do 24/7 support now.

But we’re no more real the next day then we were the day before. It’s just suddenly people felt more comfortable because they can get a hold of us and they can we can help him walk through their problems. And of course no firewall problem ever occurs at noon on Monday it’s always midnight on Friday.

So going to the 24/7 support model was huge for us, starting a partner program, a worldwide program, to help support people in-country and in-language with our partners was another huge bump for us because we’re now able to actually answer the questions that people had in a way that was more comfortable for them.

As things have changed out if to focus more on the cloud and to focus on this automation and orchestration.

Non-Integrator Partnerships

Michael Schwartz: What are some of the non-integrator partnerships?

Jamie Thompson: We didn’t see a way for us to take the software that we had and move it forward so we started looking around.

We have supported the BSD Foundation in the past. We’ve also now joined Linux Foundation and we’re big contributors with LFN, with Fido. We also support Clixon. So, not only we are supporting the software that we have written, we’re also supporting groups and other software projects where we’re either contributing with monetary contribution or code.

So you actually if you got look at at Fido, you’ll see that we are in the top five maybe even top three contributors for VPP which is the vector packet processing, that LFN is doing.

So we’re trying to help contribute to the ecosystem not only the code that we’re writing and that we’re putting forward, but helping, trying to help move networking and security long a little bit further in ways that we couldn’t do on our own.

But we can we can contribute to it, we can help.

Jim Thompson: In the same way that we have a community for pfSense were part of other communities around some of these constituent technologies. There’s even marketing on that side as well, the Linux Foundation markets LFN.

Fido’s BPP is a big part of that. So we know we show up at conferences and occasionally talk and participate in various mailing lists, you know online conference calls about where should we go next and that kind of thing. So all that tend to count for contribution.

Making the technology move along even though that technology ends up in potentially competitors product system.

Like I said, in the same way we have a community of people that we support. We’re also constituents in a community of some of these technologies that we take advantage of.

VC Money Risks

Michael Schwartz: You’ve avoided raising venture capital, why?

Jim Thompson: As with almost any decision there are pros and cons to that particular decision. The money is what people tend to focus on, how do I get this thing bootstrapped to get enough people working on it while I have something.

I’ve been the CTO of two companies, that combined I helped raise over a quarter billion dollars of venture capital, over seven or eight rounds. One of those companies was in product and one of those companies was in services.

My best advice is while things are going according to plan, the venture capitalist are here to help. They will open the Rolodex and they’ll introduce you to additional partners, give you some legitimacy into accounts that potentially you didn’t, you couldn’t enter.

If you can’t execute on the plan that you told him about, that’s when things can take a turn.

Jamie Thompson: That’s when they change the plan. Sometimes.

Jim Thompson: You know, VC’s are financial engineers. They’re there to optimize return for their fund.

And so the best advice I have for anyone who’s looking at this is to go out and really understand what VC is and how it can help. And what the VC’s goals are versus what your goals are. And if you can find a way to line those it can be great.

If those goals aren’t aligned then it’s just money and there are potential other places to make that happen.

Jamie Thompson: If it’s something you can articulate and something that is a physical product you can always go Kickstarter, or crowdfund, or there’s all kinds of other ways to do it.

But like Jim said I mean we’ve both been involved in companies that have been VC-backed and we’ve seen them sling the company around to try to meet whatever their goals are.

And so that’s actually one of the things that we’ve talked about occasionally, is okay are we at the point now where we can’t continue to bootstrap it ourselves, are we at the point where we should take some money and so we can do some additional marketing.

And we were real hesitant on that. Trying to decide.

How do we move forward and how do we maintain the spirit and the feeling of the company. How do we maintain our open source roots because we were all very focused on security and privacy and we believe that everybody should be able to have security and privacy if they want.

But if a VC makes it, if a VC says okay well now you have to get everybody to register, well you know we’ve got people who don’t want to do that.

Startup Advice

Michael Schwartz: Any advice for entrepreneurs starting an open source software business?

Jamie Thompson: It’s harder than it looks. It can be fun, it can be difficult.

But if you have what they call today grit, if you have that ability to stick with your idea and keep going but yet, if someone is able to influence you and you change your mind help steer you in a new direction, that’s great.

But it really, it’s on you and you find, they would say find your passion, but find a thing that’s really interesting to you and stick with it.

Jim Thompson: Businesses survive at the will of their customers. Solving customer problems and providing value to the customer is literally why you have a business. Because without that nobody is sending money your way unless they feel bad for you.

As an entrepreneur you have to be willing to engage with and talk to your customers and prospects. You have to be willing to take the call that says your code is broken, fix it now. You have to be able to hear rejection when somebody chooses another solution and get up the next morning and go back to work.

These things all sounds trite but a lot of people the computer field are into the computer field because they like working with computers, not other people. They have friends but population at large can be scary to approach because what if they say no.

The best thing you can do for yourself as a business or as an entrepreneur is to be willing to interact with the people who think your product is interesting. And they would like to find a way to use it and they have potentially other ideas about how it could be used and you have to be willing to listen.

If the number of bright people on a given body of people is, I think as Bill Joy famously said, is the log of the number of people in a group, so the number of smart people in a group is log of number of people in a group, and he didn’t say what the base was, but it’s this diminishing returns, a larger group you have the fewer smarter people you have per out of basis.

But these ideas occur everywhere. And open source is really one of the answers to the question of how do we adopt other people’s ideas. Somebody can have an idea and they can develop an open source project and it flourishes or it doesn’t. If it flourishes it was a great idea, incorporate that into their technology stack.

It’s the same thing with customers, some customers will help you focus your products in ways that you weren’t going to think of. And so that ability to be open to hear both positive and negative messages about the thing you’re doing with your life or that part of your life is really critical.

Michael Schwartz: Jamie and Jim, thank you so much for sharing your insights and best of luck with Netgate.

Jamie Thompson: Thanks for having us.

Jim Thompson: Thank you.


Michael Schwartz: That’s it for episode 2. Transcription and episode audio can be found on

Special thanks to the Linux kernel for co-sponsoring this podcast, to the all things open conference for helping us publicize the launch.

Music from Broke for Free, Chris Zabriskie and Lee Rosevere.

Production assistance from Natalie Lowe. Operational support from William Lowe. Thanks for the staff of Netgate for logistical support.

Next week we’ll talk to one of the superstars of open source business, Michael Howard CEO of Maria DB. Until then, thanks for listening.