open source software

Episode 63: EBPF Networking Isovalent with Liz Rice – Chief Open Source Officer

Intro

Mike: Hello and welcome to Open Source Underdogs! I’m your host, Mike Schwartz, and this is episode 63, with Liz Rice, Chief Open Source Officer at Isovalent, the software startup behind Cilium, an eBPF-based Networking, Security and Observability project. 

This episode was recorded in early February at the inaugural State of Open Source Conference or SoCon, which was held in London at the QEII Center in Parliament Square. The force of nature behind SoCon was Amanda Brock, CEO of Open UK and editor of the essential book Open Source Law, Policy and Practice, 2nd edition. Check it out on Amazon if you’re an open-source founder. Don’t miss SoCon next year in 2024, especially if you’re already in Europe for FOSDEM.


If you think eBPF or enhanced Berkeley Packet Filter sounds like a geeky low-level technology that you don’t need to know about – well, you’d probably be wrong. It enables developers to safely write code that runs in the Linux kernel. And safely is the key word here, because if you crash the Linux kernel, everything on the whole server goes down, all the containers, and everything else running on that server.


However, by exposing the power of the Linux kernel, developers can write code that runs faster and consumes less energy, and faster and cheaper has always been an attractive feature. Cilium combines three products into one. It’s like an old-fashioned firewall, an API Gateway and Wireshark, and it’s Kubernetes pod aware. It’s used by a number of successful products like Teleport for access management or Solo.io Service Mesh.
Simply said, eBPF is going to fundamentally change our infrastructure.


I met Liz at the SoCon conference, and after learning a little about Cilium, I was really impressed, and I asked her if she would come on the podcast, and luckily, she said yes. So, here we are with the interview.

Mike: Liz, thank you so much for joining me today.

Liz: Thanks for inviting me.

Tech Overview


Mike: As I understand it, Isovalent leverage’s a kernel technology to build a product called Cilium Enterprise. The upstream Cilium project on GitHub has over 22,000 commits and 14,000 stars – these are really impressive numbers for a project that started in 2016. How did this happen and how does this relate to the origin story of Isovalent?


Liz: Yeah. So, Cilium is built on a platform called eBPF, which is the kernel technology that you referred to. And eBPF allows us to run programs that are triggered by events that happen in the kernel, and those events could be Network packets, they could be a system call being made by user application – pretty much any sort of event in the kernel can be used to trigger an eBPF program.

Cilium was the first networking project to take advantage of eBPF. And it was always designed with the idea of container networking in mind. And the folks who started it are the founders of Isovalent, as well as being the originators of the Cilium project. So, Thomas Graf, Daniel Borkmann, who’s a kernel maintainer looking after eBPF, within the kernel.

And eBPF and Cilium, particularly eBPF in Networking and Cilium, kind of grew hand in hand since 2016 thereabouts, as we – the many, many contributors to the Cilium project – as it grew and as it gained functionality, sometimes that’s required additional capabilities in eBPF.

So, it’s been really almost like a long game. I think when Daniel and Thomas and Dan, the CEO, when they were first thinking about using eBPF, it was such a cutting-edge kernel technology – nobody was using it in production.

You know, when we add something to the kernel today, people won’t be using it in production for probably three, four, five years to come, so really, anticipating what the future was going to be.

I first saw Thomas presenting Cilium and the underlying eBPF technology back in 2017, and at the time I thought, “Well, this is revolutionary, this can change so many things.” Because not only can we see Network packets being manipulated by eBPF programs, we’ve also got this incredibly performant way of observing those Network packets and reporting on them that we can use for observability tooling. And like you mentioned network policy – we can implement network policy in eBPF.
Just making policy decisions about whether an individual Network packet is permitted or denied by policy, based on Kubernetes identities – this is the other real strength of Cilium.


It knows the Kubernetes identities, the labels of every pod. And so, you’re no longer just looking at network flows in terms of IP addresses and the port numbers you’re actually looking at them in terms of “this is a flow between service X and service Y.” It is so much more meaningful for a Kubernetes’ user.

Why the name Cilium

Mike: Just out of curiosity, do you know what Cilium means?

Liz: I think they’re little hairs in the inner ear – I’m not entirely sure why that was used as the name for the project.

Origin


Mike: I understand the eBPF technology is mind-blowing – Cilium is quite a project as I said. I mean, you’re not one of the co-founders, but do you know anything about how did it become actually a business?


Liz: I think pretty early on, as Cilium, the project, was getting established, and this sort of understanding that eBPF was going to be a really great foundation for efficient networking. That idea of building a company around this technology was probably in Thomas’s mind right from the get-go – I don’t know that for sure, but I imagine it was. And he and Dan Wendlandt, who I mentioned earlier – this is Thomas Graf and Dan Wendlandt – Dan had the background in software-defined networking, he’d worked at Nicira.


And I think they really saw the future of container networking being built on eBPF, so it was kind of natural to build a company. But, for the first few years, really the focus was on building the Cilium open-source projects, getting that really well-established and really well-known in the Kubernetes community.

It’s now been adopted by the CNCF, so we’ve actually contributed the project to CNCF, we’ve recently applied for graduation status there. It’s probably the most widely adopted in production networking plugin for Kubernetes now.

That kind of path from open-source projects, we really need to see this widely adopted, and then, a business that can provide, not just support, but also some Enterprise features that really large adopter is going to need. And just makes a lot of sense.

What does a Chief Open Source Officer do?


Mike: Your title is Chief Open Source Officer, and that’s a title I’ve never actually heard before. How is that role defined at Isovalent and why were you so excited to take on this mission?

Liz: It’s a particularly interesting title in a company where the vast majority of the engineering is open-source engineering, but I don’t run the engineering teams. My role is much more about how do we continue adoption of the open-source project, and how do we interface with the foundations, the community – I do a lot of work with the CNCF as well. How do we both act as good citizens towards that community and do the right thing in the open-source world. But also make sure that we’re taking advantage of everything we can.

You know, foundations like this offer us a lot of roots to speak to people who might become users and how we can do that in a way that is beneficial for people who want to learn about Cilium, or who want to learn about eBPF. So, that kind of educational role also falls within my team.

Open source v. Enterprise

Mike: This may sound like a silly question because Cilium was so powerful, but from a business perspective, what would you say are the main value propositions of the software?


Liz: So, from the open-source perspective, it’s a highly performant networking solution with built-in observability and security features. And we could dive into more details on what those are. From our perspective, it’s fantastic. If people are satisfied using the open-source version of the code – that’s great – we never want to make it such that — we don’t want to curtail the functionality, so that it always wants to be useful to open-source users.

That said, there are some features that particularly larger Enterprises are particularly interested in that you won’t need if you’re not a big Enterprise. So, for example, integrating with Legacy workloads. Some high availability features that you don’t really need unless you’re at a certain scale – those are the kind of features that we provide in the Enterprise distribution at Cilium.

Isovalent v. Sysdig?


Mike: Do you see yourselves competing with a company like Sysdig?

Liz: On the security front – yes. There is an element of competition there. I think we’re sort of speaking with slightly different customers there. Because, to my understanding, Sysdig is very much a security focused solution, whereas Cilium really applies more to a platform team who’s establishing, I would say Networking first, with this incredible set of security capabilities that you can then show to the security team, these amazing capabilities that they’ll get all that they already have by using Cilium.

I think we’re probably talking to different people within our respective customer organizations, but there is a certain amount of overlap around particularly the kind of runtime security, which we have a sub-project of Cilium called Cilium Tetragon. And there’s the ability to create profiles for the kind of things like accessing sensitive files or running certain executables, privilege escalation, suspicious network activity – these are the kind of things that we can detect at runtime using eBPF.

Why contribute project to the CNCF?

Mike: You mentioned that Cilium was contributed to the CNCF. What was the reason you brought the project to the CNCF? Also, what does that mean for the governance of the project?

Liz: It’s a big step to contribute a project. Because we hand over the intellectual property to the CNCF. That is something that Isovalent used to own and no longer owns. And the governance of the project really needs to be in the hands of the community. So, Isovalent remains the most prolific contributor, but – and this is again part of my role – encouraging more people and more organizations to get involved in not just code contributions and not just documentation contributions, but also the kind of broader evangelism of what Cilium is and the advantages of Cilium.

So, yeah, we’ve really embraced that community. And I think the phrase that we’ve used internally is “paved the world with Cilium”.

And the best way to pave the world with Cilium is to give it to as many people as possible, and the CNCF gives us a really great route to reaching all those people who are using Kubernetes. It gives those people confidence that it doesn’t matter what happens to Isovalent, the Cilium project is in the hands of a much, much bigger organization at this point.

And then, you know, that subset of people who are using Cilium, but then, find themselves needing Enterprise features. We won’t necessarily be the only Enterprise distribution, but there’s no doubt in my mind that we have the greatest expertise. So, hopefully, we will be the obvious choice for someone looking for Enterprise features or Enterprise support agreements around Cilium.

Trademark


Mike: This actually leads into my next question, which is that CNCF actually owns the trademark for Cilium, but your product, the Isovalent product is called Cilium Enterprise. And so, hypothetically, another company could make a product called Cilium Pro. I mean, I looked at the contributors and I went down eight contributors, they all work for Isovalent, I didn’t have time to go any further, but, obviously, your company has a lot of expertise, but still, the prospect that company spent a lot of money defending their trademarks, I almost never heard of anything like that – is it sort of terrifying, though?

Liz: I mean, at one level, yes, it is kind of terrifying. And Cilium is a brand name that is better recognized today than Isovalent is. And that’s a challenge that we have to embrace. And there are rules around what you can and can’t use – I think that there are probably still a few instances of documentation and use of the word Cilium, which we’re not really allowed to do any more, that we haven’t managed to tidy up everything.

There’s limitations on what you can and can’t use around a name based on what is now a Linux Foundation trademark. But everybody understands there’s a transition between us having a trademark and then giving it to the foundation. It obviously takes a little while to tidy up all that options around that, yeah. So, Isovalent Cilium Enterprise is the Isovalent distribution of what is a CNCF-owned community project.

Outside Contributors


Mike: I mentioned that there’s a lot of Isovalent engineers who are contributing code, but are there other engineers who are also contributing?

Liz: Absolutely! Google is quite a prolific contributor, Cilium is actually used in Google’s Dataplane V2, we have maintainers from Datadog, again a huge adopter who has been using it. Enormous scale – there’s some really good talks from Datadog talking about the scale of which they’ve deployed Cilium, we have contributors from Palantir.
Yeah, there’s several what we call committees, so maintainers of the project, who come from lots of different organizations. And then we have – I think it’s around 700 contributors in total. Isovalent today is just over a hundred people. The contributor base is much, much wider than just Isovalent. That said, we probably have the largest group of people working full-time at Cilium.

Market Segmentation?


Mike: On the commercial side, for infrastructure, the marketing is very horizontal, but have some natural segments worked out in terms of the customers who convert from open source to a commercial relationship with Isovalent? And are you figuring out that there’s any ways to segment the market here or the messaging?


Liz: I think that’s something we’re learning – I have just mentioned that we’re about a hundred people now, so we’re growing in our capabilities for how we target different customers and different verticals. We’ve had a lot of success in financial verticals media, quite a few transport, strangely enough. Yeah, so there’s a pretty wide breadth of Enterprises who have adopted this. I guess, the prerequisite for nearly all cases is that there are Cloud Native Kubernetes users, or that we do have some users who are using Cilium in a standalone load balancer scenario.

Have we figured out how to market to all of these different types of businesses? We’re absolutely still evolving and learning. But I think the fact that we’ve for many years had this very community-based focus, a very community-based approach, means that we can establish relationships and have trusted sharing expertise on a technical level that then encourages those engineering teams to recommend us internally.

And when it comes to making a choice about an Enterprise product or whether they need commercial support, those engineering teams already know who the experts are, and have potentially already had help from our team through the open-source community.

Team Location


Mike: Is there an Isovalent headquarters office where engineers go in, or is everyone like spread around the world?

Riz: We are fully distributed. We do have offices in Zurich, where Thomas is based, and in the Bay Area, where Dan is based. And I think that the timing, you know, really around the pandemic, just at the point as Isovalent was growing was sort of around the same time as the pandemic hit. So, inevitable that we were going to be remote based.

And as people have joined, they joined from countries all around the world. We have people from as far as long as Japan, or Alaska, Australia, throughout Europe and across the U.S. So, our team is really now fully distributed, and the culture has to embrace that. So, we’re very much focused on being remote first.

We do get the team together, and we try to get the whole company together, at least once a year. And we have a lot of encouragement around getting teams together in what we call hive time. Because we’re all about kind of bee-related metaphors.

Monetization: What features are enterprise?

Mike: I’m curious about monetization. It sounds like it’s open core, and what are the extra bits that you’re offering, I guess, in the Enterprise? And how do you decide what to make open source and what to add as an extra feature in the Enterprise distribution?

Riz: I see that the term open-core can sometimes come with a bit of a negative connotation. Sometimes people think of it as an open-source software that’s got some kind of, you know, been cut off at the knees, and that’s absolutely not what we believe in.

We absolutely believe in the open-source product being genuinely usable, and there are some pretty large organizations who continue to use just the open-source version. The kind of things that people will come to us for will be — there are some high availability features, there are things like BGP support for connecting into your legacy data center workloads, some Telco specific protocols that we’ve worked on – we very much don’t want people to feel that there’s something that’s core to their basic use case that they can’t do with Cilium.

Unless they are big enough that they’re the kind of organization that wants to pay anyway. You get to a certain size of organization, where you really don’t want to be just relying on open source with no sense of who’s going to support it when anything goes wrong. And they may come to us for features, they may come to us because they just want to know that somebody will be there to help them, you know, with a contract in place, should anything be needed.

Features for Growth


Mike: We mentioned that Cilium is a really broad product. Is there one particular product feature that you see driving the most growth, going forward in the next couple of years?

Liz: That’s a really great question, because we do have you know really, really powerful features in a number of different axes. So, for example, we just did a partnership with Griffon, where we’re building some really great dashboards, again a big part of this is available, completely open source.

There are also going to be some additional Enterprise features here. Perhaps the thing that strikes people is that they get this amazing visibility. And you know, that could be the moment when they realize, “Huh, look at the power of Cilium!” And the fact that we can see all these latency metrics or security information being shown in a visual way. So, that could be one thing that really drives growth.

It could be Service Mesh. We have a very efficient approach to doing sidecars Service Mesh in Kubernetes. Service mesh is one of those features that when it first started being talked about in probably 2018 – huge hype, huge excitement – the reality of people adopting Service Mesh, they found that it’s actually quite resource-heavy, there are issues, instrumenting all your workloads with these Service Mesh sidecars.

I think some of the realities of deploying Service Mesh had not quite lived up to the initial expectations. And then, last year, we announced the sidecarless approach that Cilium can bring. And mostly through the power of eBPF, it’s incredibly efficient. We can shortcut a lot of the path that a network packet has to take through the Service Mesh.

So, I think that’s another area that can be a real driver for growth, as people realize they can get all the benefits of Service Mesh, but without the overhead that they’ve come to associate with it.

And then, finally – security. I think I mentioned earlier the runtime security tooling that we’re able to provide through eBPF and through the Tetragon project, combining in a really performant, efficient security tooling. At the moment, everybody’s focus in security seems to be on supply chain, but they also still have firewalls. I’m quite a big believer that we have runtime security, everybody has runtime security in the form of firewalls.

We just were on the cusp of people understanding how powerful this new generation of runtime security tools can be to essentially firewall, not just Network packets, but things like bad executables or unexpected privilege escalations, that kind of thing.

Mike: Does the breadth of the product ever feel like a curse? Wouldn’t it be so much easier if there was just one application, and we can focus the marketing message and the sales, and all is just this one thing?

Liz: I’m sure the marketing team tasked with coming up with a tagline would find it a curse, yes.

Lessons for Open Source Startups?

Mike: So you’ve been in the techs business for a long time, taking off your Isovalent hat for a second and just as an observer of the startup scene, and other than the open-source scene in, do you have any advice for particularly entrepreneurs? Because this podcast is really designed first for founders, any advice for founders?

Liz: Yeah. This is actually something I’m getting increasingly interested in and I’m working with the CNCF on how we can encourage businesses on how to operate and be successful with open-source based businesses. There’s two sets of vendors who I would say have quite a lot to learn, particularly if they come into like a Cloud Native community audience.

There’s one class of vendor who is open-source based, they have an open-source project that they’re building their business around. The second class is people who are not open-source, but they have a product that they want to sell into the primarily open-source based Cloud Native community.

I think for both those sets of people, really understanding how powerful community is, Cloud Native community is kind of where I’ve lived for the last, I don’t know, half a dozen years. And it’s incredibly powerful, the relationships that you can build up – not just between individuals, between organizations, can be a really solid foundation for the business relationships that you then build on top of that.

And I think the real lesson for a lot of vendors is: don’t just expect to turn up at an event, pay for a booth or a table, and expect people to come and buy your software. Invest in time as well, invest in contributing, get involved in our project, get involved in the cigs and tags.

Don’t just expect people to immediately think that your open-source project is the one true amazing solution. Take the time to learn what other people are doing around that, and then, have those conversations about why your solution is great and what its strengths and potentially weaknesses might be. Learning to get involved in a community is really, really important.

Closing Notes


Mike: Well, I think that brings us to a close. Liz, thank you so much for sharing and best of luck with Isovalent and Cilium.

Liz: Thank you so much.

Mike: Again, special thank you to Amanda Brock and the whole open UK team for launching the State of Open Conference, where we recorded this episode. Cool graphics from Kamal Bhattacharjee, music from Broke For Free, Chris Zabriskie and Lee Rosevere.

Remember how Liz said that eBPF and Cilium are really good for Service Mesh? Well, remember that, because next week’s guest is Idit Levine the founder of Solo.io.

Until next time, this is Mike Schwartz, and thanks for listening to Open Source Underdogs.

Episode 55 – Miguel Valdés Faura, CEO and Co-Founder of Bonitasoft

Intro



Mike Schwartz: Hello and welcome to Open Source Underdogs. I’m your host, Mike Schwartz, and this is Episode 55, with Miguel Valdés Faura, CEO and Co-Founder of Bonitasoft.

Not every tech company follows the same trajectory to success. Hypergrowth is great if your market supports it, but the world of infrastructure software is diverse, and hypergrowth can subject your business to unreasonable risk.

To me, Bonitasoft was a reminder that a CEO’s responsibility can transcend shareholder value. While the primacy of shareholder value seems axiomatic in Silicon Valley, it’s worthwhile for entrepreneurs to weigh that risk. Miguel and his team did just that, and their success validates the idea that business models are not a one-size-fits-all proposition.

As a side note, as I was doing my research, I noticed that Miguel has interviews in Spanish, English and French. American CEOs are lucky to speak two languages, but three is pretty exceptional. Anyway, I hope you enjoy the interview. This was the last of 2020. So, without further ado, here we go.

Miguel, thank you so much for joining the podcast today.

BPM Market Overview

Miguel Valdés Faura: Thank you, Mike, for having me.

Mike Schwartz: So, although this is a business podcast, you’re a technical founder, and sometimes, it helps to have a high level of understanding of the market. Business Process Management, or BPM, it’s still an important way to think about how to apply technology, but the technology landscape has changed so much since 2001, I guess when you started the project, and even since 2011, when you started Bonitasoft. Why is BPM still a good way for companies to think about how to build applications?

Miguel Valdés Faura: Good question. So, it’s because companies – I like to say that it is all about processes, a ton of processes that are required to run a company, some that are more critical than others, but BPM technology has been here for a while to help companies, to rethink, re-invent and automate their processes, whatever, they are critical or not. Also, I think it is something that is here for a wider dimension, and of course, the market is evolving because also the needs of those processes are changing in organizations.

Project History

Mike Schwartz: So, the Bonita project itself started at the French National Institute for Research in Computer Science. The project was transferred to the Bull Group, and then, in 2009, you started BonitaSoft with Charles Souillard and Rodrigue Le Gall?

Miguel Valdés-Faura: Exactly.


Mike Schwartz: And also, over the years, how is the community grown? Is the Bull Group still involved, and are there other important contributors in the ecosystem?


Miguel Valdés Faura: BullGroup, which is now part of Atos, at the origin, is involved, but as a partner. It is one of those hundred employees, partners that we have – I’m talking about Consulting and System Integrators Partners that helps customers worldwide with the Bonita implementation, but nothing more, meaning that over the years, Bonita self has grown into an international community that goes beyond specific companies, but, also, having individuals working sometimes as freelance models, as part of the bigger companies.

And I think that’s one of the main achievements now. We have now a community of around 150,000 individuals working with Bonita, not all of them of course are contributing, it is only a small portion of this contributing code, but there is people participating in answering questions in the forum, or translating the products – there is a lot of activity in the Bonita community that is not relied only on one company.

Why No-Code Is No-Go?

Mike Schwartz: In an interview a few years back, you said that the no-code approach does not open the possibility for developers to write code that meets business needs. Can you expand on that? Don’t business people love drag-and-drop GUIs, to build BPM workflows?

Miguel Valdés-Faura: Yeah, a good one. So, probably, it was referring that with this new trend of local done, this new kind of developers, the thing some analysts were calling business developers, at some point, we were facing with people that are not skilled in development to build some complex applications, and at some point, they’re going to face some limitations. Of course, a lot of people like to build on applications, using drag-and-drop, as I mentioned, or visual tools, but when the application gets more complex, or when you need to customize a little bit more the application, at some point, developers need to be part of the game as well.

So, I’m not saying that it’s not useful to have business people participating in the development projects. I’m not saying that the local movement is not something that is real, I’m just saying that we need to find a balance between things that can be done graphically, and first that require code, and it’s about how those two different skill sets can collaborate, how business people or people without development skills, can also work on the same project with developers.

Probably, those two personas are not going to use the same thing.

Customer Profile

Mike Schwartz: Thousands of organizations use Bonitasoft, but switching to the business side a little bit, from a revenue perspective do you see the 80/20 rule, where 20% of your customers make up 80% of your revenues? And if so, what does that 20% segment look like, with regard to use cases or industry verticals?

Miguel Valdés-Faura: In terms of the verticals, of course, I think it’s not only something  -particularly Bonitasoft, all BPM vendors, you know, have a lot of traction in market that are highly competitive. So, for example, insurance, banking, telecommunications, because there is a lot of pressure to do better than the competition, because there is a lot of processes that are related about how you provide better services to your customers, and how are you going to retain those customers by providing good services.

So, those will be probably the main four sectors in which Bonitasoft is evolving and getting customers, and also, potentially the ones, in which other vendors are also evolving. In terms of the split or the size of the customers that we have, we have this idea from the very beginning to focus on medium and large organizations.

So, there are some BPM vendors that are focusing on smaller implementations, we are really focusing on complex implementations and meet large organizations. So, the majority of our customers, like 75% of our customers, will match that criteria. And the majority of the project implementation inside those projects are either core or critical to their business. We usually don’t start working with a customer in less critical business process, but this is part of our strategy. And, of course, our product is better suited for those complex implementation.

Value Proposition

Mike Schwartz: Kind of a basic question, but what would you say are the most important value propositions for your customers?


Miguel Valdés-Faura: First of all, we are selling a platform, not a product, so, what we want is like to bring together those two personas that I was referring in a previous question, so business people or less skilled people, in terms of technical skills, and how developers can work together. So, we have a platform, in which you have clearly separated the visual programming capabilities versus the coding capabilities. So, in a sense, we are taking the benefits of the majority of things that we see in an open-source project. So, extensibility, open architecture, which APIs, compatibility with other open-source technologies that are things that appeal to developers. And at the same time, we have an integrated platform, a unified platform, that is also providing visual capabilities to less technical people. And, also, this clear separation in which, depending on the skills that you have, you can use some of the capabilities of the platform, and depending of your skills, you can use some others – these are the things that make us different, and that people like about our solution.

Monetization

Mike Schwartz: Bonita project is open source, and Bonitasoft has a platform built around that – how exactly do you monetize?

Miguel Valdés Faura: So, we sell subscriptions – package additional capabilities to the open-source version, and also, some professional services. And those subscriptions, minimum is an annual subscription, are sold either for people that are deploying the Bonita platform on premise, or people that are using our cloud offering now. But, in two situations, we are basically adding capabilities on top of the open-source solution, like for example, monitoring capabilities and scalability. And we package that together with a professional support, SLAs, contractor warranties, as part of this subscription. Also, it’s a 100% of our probably related revenue is a recurring revenue.

Cloud Strategy

Mike Schwartz: Cloud hosting is really a great business model, and I heard you mention that you have a hosted offering. How has the hosted offering evolved over the years, and do you see that becoming sort of the most important way that you deliver the software? Would you say self-hosted is still going to be more important from a revenue standpoint?


Miguel Valdés Faura: Yeah, a good question. I think in our space, the BPM space, and particularly because of the nature of the projects that we target in our customers, as I was referring as core or critical, we still have a lot of people using the on-premise version, especially in banking insurance that are sectors that are still using a lot of on premise, or they are starting their cloud movement, using public clouds, but not really externalizing everything to SaaS solutions. So, on-premise is still really a big majority, but we have released our cloud service 18 months ago, and we already see a traction. So, there is more and more customers also embracing that new offering – I will say today is more like 80/20. We expect that this is going to change.

It took us a while to offer a Bonita Cloud version because we didn’t show a lot of demand previously. We, as I mentioned, we started seeing some companies that are more and more interested. We really believe that it’s going to be maximizing in the next years, but again, the on-premise is still the number one option today for our customers.

Prioritization Of R&D

Mike Schwartz: So, how do you prioritize your R&D effort, because you’re still contributing to the open-source project, but you are also building your commercial like extra features. And how do you prioritize R&D?

Miguel Valdés Faura: That’s a tricky one for every open-source company. Because you need to make also clear rules about what are the developments that are going to go open source versus the ones that are going to go commercial, and the same applies to the teams – do you have the same organization working on the two kind of features, do decide to have different organizations?

So, we have evolved over the years, but one thing hasn’t changed is that we have defined from the very beginning clear rules about what is open source and what is not. For example, we didn’t want our open-source version to be something that cannot be put into production, because that was not the essence for us, the essence for us as open source.

So, the open-source solution at Bonitasoft you can develop, and you can put it into production, however, for example, as soon as you’re talking about scaling – if you need to CCP, if you want to do clustering, those are the kind of things that, from the very beginning, have only been available in the commercial version.

Also, first of all, is about defining the rules, so, your development team knows what goes into one edition versus the other. Not only your development team, but also of course the community, the community using the open-source version and also your customers – it needs to be really clear. Secondly, over the years, we have evolved, also, in terms of how the development team is a structure, to be more focused on one product, one edition, meaning, one set of people for developers working, one part of the product that is either open source, or is commercial, which, of course, is a way simpler to manage from a management point of view.

Cloud Native Opportunity

Mike Schwartz: In the Cloud Native world, scaling is sort of table stakes, like Kubernetes out of the box is clustered, and my company Gluu, we’ve decided that we’re going to make scaling sort of part of the open-source, just because it seemed like it’s hard to get adoption in the Cloud Native world unless you support Kubernetes, and Kubernetes has clustering.

Do you see a similar trend in the BPM market? And are any challenges or opportunities around Kubernetes and the move to Cloud Native?


Miguel Valdés Faura: Even before Kubernetes, the move that we saw was the adoption of Docker. So, four years ago, we started to demand Docker super, as a way to use and deploy Bonita. So, that’s one of the first that we did. So, to certify a Docker image for people wanted to start their projects, it took us depending of the geography some time, we got that traction from the US, a little bit less in Europe in terms of adoption of the Docker image. Now, it’s a reality – there are more and more people using that. And, of course, those people are also asking now, “Okay, let’s combine that with Kubernetes.”

We have decided that Bonitasoft, that this is part of the kind of the capabilities that we can provide as part of our Cloud Edition. So, the elasticity capabilities that are offered to our Cloud customers is based on Kubernetes. And I think that the value to the customer is that we are able to manage that automatically for them.

This is something that we are at Bonitasoft proposing in our Cloud offering. But if someone wants to do it on premise, and they want integrate, the current Bonita on-premise version without the Kubernetes and manage Elasticity, they can do it.

But at Bonitasoft, we have a package to make it really simple for people who want to use the Cloud service.

Growth While Pivoting

Mike Schwartz: As you know, investors are super-focused on top-line growth. They want growth, growth, growth, but when there are major technology shifts, like from 2011 to today, seems like a different world. It’s hard enough to survive, let alone to grow a 100% per year. Can you talk about some of the challenges of achieving this high level of growth, especially if you have to pivot at the same time, like you probably did over the last couple of years?


Miguel Valdés Faura: A really good question. I mean, you know, it looks like hopefully things are changing, but when we started Bonitasoft off in 2009, and especially in the years that follows, looks like everyone needs to become a hyper-growth company. And of course, I really was trying to raise a lot of money, and we did it as well as Bonitasoft. And, of course, raising a lot of money means also at some point delivering really high growth. But things are changing, and I think that that’s okay, and that’s possible in some situations, it’s something you need to also be willing to do.

We wanted, at some point, growing the company that way at Bonitasoft, especially at the beginning, we decided to change. We decide to change because we wanted to build a more sustainable business, and of course, the level of research you take, if you are always following the hype- growth is a big risk. Because, of course, you are depending a lot of on money from investors, usually high-growth means high losses. So, you need to raise money. Of course, missing some of your targets can put the company at risk.

So, we decided five years ago to change, and embrace what we call a sustainable growth business model, in which profitability scheme for us, in which we try to grow as much as we can, if the company is profitable, and learn in environment in which people are enjoying their day-to-day work.

Now, we have to switch from one to the other, and I think that the pandemic that we are living these days is also reminding us that potentially that’s also a model that some other companies should consider..

Transition From Growth To Profitability

Mike Schwartz: That’s very interesting that you’re saying, “switch to high-growth as long as its profitable”, but how did you manage a relationship with your investors? Were they on board with that, or was there some friction around, saying, “We don’t want to accept this high level of risk?”


Miguel Valdés Faura: You mean, at the beginning, or when we decided to change to a more sustainable growth model?

Mike Schwartz: When you decided to change.

Miguel Valdés Faura: I think they were happy to see that after seven years of existence, we wanted to start looking to profitability. I think at some point that’s important for a company. And so, they were okay with that. And, then, of course we think that we have another kind of discussion with them because we are not asking any more money, the company is profitable for the last four years. So, then, do we need to deal with all the things like, okay, are we looking for an exit, are we looking to grow and do some acquisitions that we want to continue to grow the business organically – but, in any case, you are not forced to raise money which I think is good for us, and in some situations also good for investors.

Building The Sales Team

Mike Schwartz: So, it’s the technical founder one who’s been on the business side for a long time. Building a sales organization is really challenging – is there anything you’ve learned about building the sales team that you’d like to share with startup founders?


Miguel Valdés-Faura: Yes. It’s maybe because I’m also an engineer by training, but, of course, we did a lot of adjustments in the sales organizations over the years, and we’ve made a lot of mistakes and we’ve learned a couple of things. We made some great success, but you know, for the last four years, we are operating with sales methodology that probably you know this, it’s called Customer Centric Selling methodology, which is really focus on the value that you can bring to the customer, that is more focused on quality versus quantity, in which you do, not a lot of prospection, but you are really trying from a marketing perspective to have people really interested in having a discussion with you, and spending a little bit more time and trying to provide a solution that is, as I mentioned, to the problem.

So, then, you can surely acquire a new customer, but also make sure you can renew over the years. And this is one of the big things that we did. And we did it by having a mix in the sales team, people that are coming from different backgrounds, including engineering.

And I think that’s one of my first learning is that you can’t have people that have an engineering background that are doing exceptionally with that, and I think we’re seeing that with more and more companies.

Second, you need a methodology that is really focusing on providing value and delivering value to the customers. And this methodology needs to also be shared with marketing, and needs to be shared with the rest of the organization, including product teams know. And that has been a big change for us. Of course, we didn’t need that from one day to the other, but that move to this new methodology, having the right mix of people and focusing more on content and maturity of our leads than on quantity and prospection, has made a big difference for us.

Partner Strategy

Mike Schwartz: You mentioned that Atos was still a partner, and perhaps, there are other partners who are either bringing you business or you see as critical. But can you talk about like the role of like how the partner strategy has evolved over the years?


Miguel Valdés Faura: Today, we have three different kind of partners – we were talking about Atos, we have a category that we call Consultants and Systems Integrators Partners. As I mentioned, we have something like a hundred and plus of those partners, so, including CGI, including Atos, including Sopra, and then, other things that you in the U.S., you call it more boutique-like partners, or people that are more specialized in one particular sector. So, implementing projects in insurance or in banking. For example, in the U.S. people like Evoke, in Latin America people like Indra – this is one category. Those kind of partners are helping us either to identify new opportunities and also to do the implementation.

By the way, 62% of our new business is influenced by those consulting partners. Second category will be the technology partners. So, there’s no surprise here, this is about integration of our product with other products in a similar market. So, for example, we have those kind of partnerships with the UAiPath in the RPA space. We have this kind of partnership with a DocuSign. So, basically that means bi-directional integration between the two products. And I joined go-to-market, in which we think that the two products combined can bring more value to the customer.

And the third type of partners that we have are OEM Partners. So, it’s people or companies that are embedding our technology and reselling as part of their product. So, to name one that is more representative. Talend is doing that, Talend is that integration leader that is embedding Bonita as one of their offerings. So, those are the three kind of partners. And of course, this thing has been evolved, and has been over the years. So, we started with putting a lot of effort on Consulting and System Integrators Partners, and then we started to focus, in a second step, on more of the technology side of the story.

OEM Patnerships?

Mike Schwartz: You mentioned OEM partnership, which is interesting for open source, because I think that companies who want OEM can use the open source and become part of the ecosystem. What is the driver for a company to OEM in open-source product?

Miguel Valdés Faura: A good question. I think is that the nature of the technology that you are embedding, if you are embedding just Log4j for logging – that was, at least, used 15 years ago, – or Hibernate for persistence. Potentially, it’s the same done embedding, BPM engine or Workflow engine.

So, if you are embedding a solution, that is more like a project or a platform, that is in some way critical to the other solution that is embedding, potentially you’re going to look for, not only can I do it from a license perspective, but also, potentially, you are going to contact the other company to do a partnership. So, that’s what’s happening a lot in our ecosystem – embedding a VPN engine or embedding the whole platform, embedding a workflow solution is something that’s potentially going to be used for mission-critical things.

So, if that is the case, even if the license allows you to do it, potentially, you are going to also look for some help from the company that is building that. And of course, then, it could be also an issue with the license. You know, some of the licenses, for example, the GPL license are not allowed to embed directly without having an OEM equipment in place or changing the license. So, it could be either a license issue, or it could be that you need some helping if something goes wrong.

Licensing

Mike Schwartz: I normally don’t ask about license because I’ve actually been thinking about doing a whole another podcast, or maybe in a season or something, just on licensing, because it’s a complex topic.

Miguel Valdés Faura: Yeah.

Mike Schwartz: And, of course, Bonitasoft’s project’s been around for a long time, but is it GPL license – can you just talk for a second about the open-source license that you’re using, and maybe why?

Miguel Valdés Faura: The open-source project is really under the GPL license, and it’s more historical reasons, this is how we started the project. You know, at that time, it was the time when MySQL was – those kind of projects were appearing, it was the time of Enterprise middleware – so, we kept that license because that was also all discussions around open-core business model. And we didn’t change the scene that, for example, we are now also launching new ones, new products in which, we are also moving to some other license like Apache or MIT. But we kept, for the Bonita project, the GPL license because this is the one that get everything started.

Mike Schwartz: It sounds like the less permissive license actually has benefited you. But I think there’s sort of a knee-jerk reaction or policy among entrepreneurs these days to use permissive license, like MIT or patchy, but it sounds like GPL actually helped you in this case.

Miguel Valdés-Faura: Yeah, it kind of helped, for example, we’re talking about the OEM, it can help the OEM space, some of the people are going to see that there are some restrictions, and then, of course, there is this debate about, okay, but if I’m burying a GPL library, it’s going to be contaminating my project, but usually when you have that issue is because the project that you are building is usually something that you want to follow the open source, you want to commercialize something, just by liberating all those people work in open source, so, yeah, as you mentioned it, it’s always a complex discussion.

But, yeah, I think there are some benefits of using GPL, there are potentially some drawbacks depending of what do you want to build with that license – I think it depends. So, it is not magical rollover for what is the best license to use in your next project.

Keys To Growth In 2021

Mike Schwartz: So, there’s a lot going on today. We have the pandemic, moved to Cloud Native, changes in paradigms, like continuous delivery. What do you think are the keys to growth in the next few years?

Miguel Valdés Faura: I think nobody knows. I think we need to be humble, especially with everything and all those things that are going on, that are going on these days. But you know what, I will be back to my – what I was talking about the sustainable growth. I think that more than ever, being in a business, running a business in which you know that you are profitable, that you are of course trying to maximize, and you are ambitious to maximize the growth, if you are still profitable, having a strong customer base that this renewing year after year is what makes a big difference, especially when there are some situations that they want to do, are facing now.

Because, of course, if you don’t have that, and for some reason, you just stop signing new customers, or signing the new customer database that you were signing before. If you have a strong customer base, you’re going to suffer more than others. So, I will be back to that concept of sustainable growth because I think it’s what makes the company less risky, more sustainable in the long run.

Advice For Entrepreneurs

Mike Schwartz: You know, startups are roller-coasters. I personally don’t recommend starting a company, especially a tech company, to anyone who’d asked me, but for those people crazy enough to dive into entrepreneurship – do you have any advice for new entrepreneurs who are launching a business around open-source product?

Miguel Valdés Faura: I will have one. It’s obvious that I think it is good that we remember that from time to time, which is, there are no two companies that are alike, so, the same applies to founders. Don’t pretend to be somebody else. Of course, listen and learn from others in your ecosystem, but be yourself. And if you create a company, as you mentioned, if you are crazy enough to create the company, try to be surrounded by people that share the culture that you have in mind, the strategy that you have in mind. Don’t pretend to be a CEO that you are not. And that’s – I go back to – not all the companies need to be the same, not all the companies need to be unicorn, not all the companies need to follow the same business model, but you need to be really comfortable about the choices that you make, otherwise, it is going to be even harder than you know it simple journey.

Closing

Mike Schwartz: It’s 55 podcast. I always ask that question at the end – no one’s actually given that answer yet, but I have to say I agree with that a100%. So, thank you for being the 55th guest, and best of luck this year. And thank you so much for being on the podcast, Miguel.

Miguel Valdés Faura: Thank you very much, Mike, for inviting me. It was a real pleasure.

Mike Schwartz: Special thanks to the Bonitsoft team for helping us to schedule the interview. Editing by Ines Cetenji. Transcription by Marina Andjelkovic. Cool graphics from Kemal Bhattacharjee. Music from Broke For Free, Chris Zabriskie and Lee Rosevere.

This is the last episode of 2020. Next year, I’ll keep going, although probably at a somewhat slower rate. If you have any ideas for the direction the podcast should go in 2021, I’d love to hear your feedback. You can contact me on the website opensourceunderdogs.com. Happy holidays, founders! Hang in there, and keep an eye out for new Season 4 episodes after the New Year.


Episode 54: Justin Borgman, CEO of Starburst, the Company Behind the Presto Project

Intro

Mike: Hello, and welcome to Open Source Underdogs. I’m your host Mike Schwartz, and this is the episode 54, with Justin Borgman, Chairman, CEO, and Co-Founder of Starburst, the company behind the Presto Data Access Project.

Before we get started, I have a quick request – we all want to help open-source founders and startups. I make the podcast, but I need your help to get the word out, so tell your friends, post on LinkedIn, tweet out a link, post on Hacker News, or follow me and share one of my posts on LinkedIn, whatever you think makes sense, go for it.

One of the themes of Machiavelli’s the Prince is Virtu e Fortunavirtu meaning excellence in your domain, and fortuna meaning luck, whether good or bad. I really like how the story of Starburst exemplifies this 500-year-old insight.


Justin has a ton of domain virtu. He has deep technical knowledge, but he’s also on the lookout to harness fortuna. He’s one of the few podcast guests to acknowledge it. And Starburst earns its name because it’s one of the most stellar open-source business success stories I’ve heard in the last few years.
There’s so many great insights in this episode, a lot to think about. So, without further ado, let’s get on with the interview.

What Is Presto?

Mike: Justin, thanks for joining the podcast today.

Justin: Hey, Mike, super glad to be with you.

Mike: Before we dive into the business stuff, I find it’s helpful to talk a little bit about the technology. Can you start by giving a brief history of the Presto project? What it’s good at, and how the community coalesced around it?

Justin: It was really back in 2012 for developers at Facebook, Martin, Dain, David, and Eric came together to create a new infrastructure project that would be a faster way of querying data at Facebook. Facebook, of course, collects massive amounts of data, hundreds of petabytes worth of data , and needed a faster alternative to a prior project that they also developed and they called Hive.

Hive was a SQL engine for Hadoop, and it just wasn’t fast enough. So, Presto was created to be a faster means of accessing that data. But it has one really important differentiation in addition to the speed, which is the ability to access data anywhere. So, it’s like a database without storage – that’s kind of one way to think about it.

So, it looks at storage in other systems, which could be Hadoop, it could be S3 and AWS, it could be a traditional database, like Oracle, or Teradata, or Snowflake. And regardless of where that data lives, Presto can reach it, query it, and deliver SQL-based analytics.

So, that’s kind of what makes it special, is the ability to access the data everywhere. And that’s gained particular momentum, I would say more recently, as many large enterprises have data silo problems, where they have data in a bunch of different databases, and are now perhaps moving to the Cloud in some fashion.

Mike: And if I’m not mistaken, high concurrency is one of the areas that make sort of this data access plain different?

Justin: Yes, exactly, it’s very fast, and can support high concurrency. And in a lot of ways, this technology was sort of, I like to say built in reverse, in the sense that it was tested at ridiculous scale from day one. You know, very often, when you start something new, you don’t really know how it’ll work at scale until you get people using it. But because it was really born out of the internet companies, Facebook, and Uber, Airbnb, and Netflix were all early adopters to use the technology, it was really tested, and at scale, and as a result delivers great performance and concurrency.

Origin Story

Mike: Starburst is not your first company, you are part of a team at the company called Hadapt that’s sold to Teradata in about three and a half years, I think.

Justin: Yep.

Mike: How did that experience lead you to Presto?

Justin: In a lot of ways, this is really a continuation of that journey that began 10 years ago. So, that was 2010 that I started Hadapt. Hadapt was a spin-out actually from Yale University and the computer science department – there’s some research called HadoopDB, which was pretty pioneering research at the time, in terms of thinking about Hadoop as a data warehousing solution, and being able to deliver fast SQL analytics on top of Hadoop.

So, we spun that out, raised Venture Capital, built that business over nearly four years, as you mentioned, and then sold it to Teradata. We had ups and downs, definitely lessons learned through that experience. And I think, really, my discovery of Presto after arriving at Teradata in 2014 was kind of an exciting opportunity to reimagine the strategy that we had with Hadapt.

So, Hadapt was the SQL engine for Hadoop, Presto is a SQL engine for anything essentially, allows you to access data anywhere.it was an opportunity to basically take all the lessons learned from the first experience and start to apply them over again.

It was actually my team from Hadapt that ended up contributing a tremendous amount of software to Presto, and working with the guys at Facebook, who created it to really make it an enterprise-grade piece of technology. And I think, as we started to see Presto get more and more capable, and see more and more people use it, that was what created the idea in our head that maybe there was a business to be formed around this.

Community Engagement

Mike: It’s a really interesting opportunity, and I can’t actually think of another example like it, but when I’m talking about open source, I sometimes talk about three types of open-source companies. One would be volunteer, where a bunch of guys or girls get together and write some piece of software that they love, but not necessarily for a business.

And then, I talk about corporate open source, where there’s some piece of software, where a company funds it, but it’s not their core business, but then, they realize that makes sense for them to collaborate like Kubernetes, let’s say ,and Google, and these pure-play, open-source companies, where the company behind it is developing it, and they’re the main contributors.


And so, lots of great open-source projects come out of this corporate open-source area, the podcast that is mostly focused on pure-play because they were trying to help entrepreneurs and founders start open source, use open source as part of their business model. But you’ve sort of, like, created a very interesting situation, where you have a mix of corporate and pure-play because you’re benefiting from, not just the community, but, really, Facebook is a big contributor to the project to — I heard almost 50/50. So, how’s that really evolved, and how do you continue to encourage this very symbiotic relationship?


Justin: You’re right. Preston has a very interesting history to it, an interesting journey. It started as a small project at Facebook. When we got involved at Teradata, we were able to apply a few million dollars a year of R&D budget into advancing that as well. And then, of course, you’ve got a few other companies contributing also along the way.

And, as a result, all of that kind of accelerates the development of the project. And I think that maybe what’s most unique here is not only that Facebook created great infrastructure software as a byproduct of their business – they’ve certainly done that before – but rather that there was kind of a commercial partner very early on, and myself, and my team at Teradata thinking about the commercial applications of this.

So, you know, back in 2014, Presto was still in its early days, Facebook wasn’t trying to monetize it obviously, that’s not their business, but we were already thinking about how this could be used by Fortune 500 customers, and what difference this could make to their business. And I think that led to its very enterprise-applicable evolution, and set us up really well to eventually commercialize this in 2017, when we left Teradata, the creators of Presto joined us from Facebook. And we went off on our way to build this business.

Idea Incubation

Mike: So, you were working on Presto while you’re at Teradata. And did Teradata ask for any equity, or how did that work when you told Teradata, “We want to start this company basically working at Teradata? Like, what was that like?

Justin: Yeah, well, what was interesting about that – and I guess just to set the context, I think Teradata, from 2014, when they acquired my company through to probably today, has gone through various iterations of kind of rethinking their overall strategy, in terms of how they evolved into this next generation of sort of Big Data platforms. Because they had great success in the ‘80s, ‘90s, and early 2000s, as this kind of monolithic data warehouse, where you would ingest everything and store it in one place.

But obviously that became very expensive over time. And the appliance model, hardware and software combined, wasn’t necessarily set up for this future as people move to the cloud. So, they’ve gone through a lot of iterations. And it was really in that iterative process, where they weren’t really clear where they wanted to go, that they actually felt like Presto is maybe a distraction for them.

So, that actually created the opportunity, I think, for us, to say, well, we think it’s a little more than a distraction. And, you know, we’d be happy to sort of take that off your hands and work on this together.

So, it was a very amicable split – we remain partners, we’re still partners today, where we work together on some customer accounts, the technologies work together, we can access data in Teradata, for example, from Presto. So, that partnership remains. But it was one that I think for them, they viewed us as sort of taking Presto off their hands because there were maybe close to a dozen companies within their customer base that were using Presto. So, we were able to deliver really first-class support to those customers, you know, not provide any interruption there, even as we left and formed this new business. So, they don’t own equity, it’s purely a partnership.

Identifying Opportunity

Mike: It’s just amazing like how you deal your business, is you got a huge company Facebook to help you grade and test this infrastructure. You got to do R&D in Teradata, and then you started the business with customers – it doesn’t get any better than that really.

Justin: Now, you’re absolutely right. And believe me, the good fortune is certainly not lost on me. You know, advice I give to entrepreneurs of any type, not just open-source entrepreneurs, is to just have your eyes open to opportunity. I think it passes us all by all the time, and very often we miss it. And I think seeing it, and then, you know, running and jumping on it, it certainly has been beneficial in my career. I’m even going back to my first company and spinning out technology from Yale, which you could argue was the great benefit of various government research grants, funding that research in the first place. So, keeping the eyes open and seeing an application for where it could become a business.

When To Raise Money

Mike: So, initially, you didn’t have to raise money because you had some customers that came that provided some runway, but you did raise a series A, and I guess, October 2018, so, pretty recently. So, what was in the decision process to say, “Okay, now capital is going to help us.”, like what were some of the benchmarks that you reached, that helped you say, “Now is the time we should do that.”?

Justin: So, that’s exactly right. We started without raising any capital. That allowed us to build a profitable cash-flow positive business over those first two years of operating, which I think, by the way, as an aside, gave us a lot of opportunity to be patient and sort of think through exactly what we wanted our go-to-market strategy to be, what kind of strategy we wanted to take around monetization.

And we didn’t have the pressure of investors necessarily breathing down our neck, which I think many, many entrepreneurs have in those early days. So, I think it was a great way to start a business, what forced us to change and actually consider taking capital was really a realization that the market opportunity was bigger than we felt like we could actually satisfy growing at purely an organic rate.

So, we took that series A really as a growth round, you know, even though it’s called the series A, I think it’s a little bit misleading, because it’s probably more like a series B for most companies in that. Not only was it a large amount of money 22 million in that first round, but it was really deployed towards expansion and rapidly growing the business. Less so about proving product/market fit, which is more typical in a series A.

As you said, we did a series B shortly thereafter, which was probably more like a series C, adding another 42 million. So, we’ve gone from raising nothing to now 64 million. And really I think that was all made possible by really building the fundamentals first. Making sure you have that product/market fit sorted out, and then, you know, applying fuel to the fire to expand.

Revenues Pre-Investment

Mike: What was the revenues when you raised the series A?

Justin: Yeah, well, if it was 12 months looking forward, I would say it was already looking north of $10M at that point. So, that allowed us to really take the funding and apply it to, again, expansion rather than kind of sorting out the basic product details.

Mike: And what year did you actually start the company?

Justin: 2017.

Mike: That’s pretty amazing – two years to go to $10M. It’s pretty stellar.

Justin: Thank you. I mean, again, I think a big advantage here was that, in some ways, this was like building the same company over again – I mean, there are a lot of differences between this and my first, but they’re also enough similarities, just in terms of the types of customers that we sell to, the types of use cases, the types of problems that they’re trying to solve. So, I think that historical knowledge was advantageous for us to just move a little bit faster this time around than we did that the first time.

Balancing R&D Investment

Mike: Okay, switching gears a little bit into more basic business stuff. You mentioned in one of your previous interviews that I listened to, that Starburst is basically pursuing an open-core strategy. So, performance, robustness, security patches that goes into open source, things like connectors, security, ease of use, I guess GUI deployment stuff, goes into the core. One of the questions that I’ve sort of wonder about is, how do you decide how to prioritize R&D in open source versus the enterprise features when you go the open-core route?

Justin: Yeah, I mean, I think that’s the key question. So, it makes sense why you’re asking it, and I think it has to be on the mind of every open-source entrepreneur. And it’s a delicate balance because, on the one hand, you want to make the open-source project as useful as possible to get widespread adoption. Because really that’s your lead generation vehicle – I think that’s the way to think about it.

A lot of people say open source is really just another form of a freemium business model. There’s a free component, and that just happens to be open source in an open-source model. And then, how do you kind of upsell to the Enterprise version. So, for us, I think the logic was, what are the reasons why people use Presto anyways in the first place.

And we think performance is a core element to that. So, we wanted to make sure that performance is always great, right out of the box, with the first experience of it, including the open-source version. So, that’s why a ton of work goes into open-source around performance enhancement, scalability enhancements, those kinds of things.

And then, we think about, well, what do people in enterprises, who are willing to pay for this stuff, what do they want. And that’s where it is, things like security features, which are just essential for any large, mature enterprise things, like role-based access control, data masking, if you’ve got social security numbers or credit card numbers, being able to mask digits appropriately, having audit logs for querying.

And then, because Presto access is all these different types of data sources, it also made logical sense that if you’re going to access a database like Oracle, or Teradata, or IBM, all of which are very expensive in their own right, well then, a customer, probably, is willing to pay for enhanced connectors to get faster throughput to those systems.

So, that was kind of the logic was trying to like think through what are the enterprise features that someone is willing to pay a premium for, versus what just produces an out-of-the-box great experience. Because I think so much about open source is really people doing their own self-evaluations of the technology. So, self POCs, if you will, so, you want to make sure that’s great, because you can’t control that. You may not even know who downloaded it in the first place. So, that’s where you really want to put I think a lot of energy into the open-source project. And then, it’s as more of those production features that are important to the larger enterprises, where those I think you can hold back.

Why Not 100% Open Source?

Mike: I interviewed Mike Olson from Cloudera, you might know him.

Justin: I do, oh, yeah.

Mike: He was one of my first guest, and he gave a very similar comment to what you were just saying. And he was quite emphatic about it. And yet, Cloudera recently switched to a 100% open-source strategy. And other open-source companies have also, for example, Chef, and of course some of the older, Linux distributions are, RedHat and SUSE are all open source.

And so, one of the things I’ve been wondering myself is, you can use the open-core strategy. It makes perfect sense I think to business people, but I also wonder, this license is paying for the right to use the software. Do you think that customers are actually paying for the right to use, or they’re paying for the engagement with your organization? And do you think, if you made it all open source, it would actually negatively affect your revenues, or customers would still want to engage with Starburst a company?


Justin: I think I can speak from experience here, because part of what’s interesting about our history is that we’ve kind of evolved through the various open-source business models in our brief history. So, when we first started the company, we didn’t have any proprietary IP, so we naturally just sold support contract. So, the early customers that we started with were just support contracts.

I think the challenge that we quickly identified is that support alone is not the most compelling value proposition. It is to some, I’m not saying it’s not, but it’s not a sufficiently compelling I think to win over a broad set of customers.

I think that’s where the open-core model, at least for us, really created an inflection in the business, where, you know, now we had a real tangible reason. And, by the way, for what it’s worth, I think we learn this actually from our own prospects, that those who are actually huge fans of Presto, who are huge fans of us even, who were champions of what we’re doing, but couldn’t quite get the purchase across the line in those early days and that first year of our operation, because they couldn’t justify or explain to their boss why one would have to pay for something that was free essentially. And that was the tricky conversation was like, “Well, you get this for free, why would you pay for it?” Like, “We don’t need support, you guys are smart, you can support this, right?” And those are the kinds of conversations that can take place. So, I think that’s where the open-core model is really helpful to the business.

Monetization Strategy

Mike: You’re selling a product that’s almost like a data access product, like I call the Presto Interface, and it connects two back-end databases. How do you price an interface, like what are the buckets – I don’t need to know the price but I’m just wondering like, how do you land and expand, and how do you set up the model, so that it’s easy enough for customers to understand, and you can charge enterprise software rates for it?

Justin: The way that we monetize this is based on CPU consumption. Technically, we actually anchor on Virtual CPU consumption because so many of our customers deploy in Cloud environments. So, that’s the underlying metric, and the reason that’s a good proxy for us is because basically Presto is a technology that scales out super effectively, and is leveraging compute-intensively to execute the query.

So, it’s basically, like, the more queries you have, the more data you’re accessing, the more complexity of the workload, and the more users who are hitting the system you talked about, the strong concurrency that Presto provides. Those are kind of the dimensions that drive CPU consumption up, and we just monetize with that. It’s a straightforward metric I think that customers easily understand, and seems to work for us.

Optionality

Mike: In one of your previous talks I listened to, you talked about optionality, and how you recommended basically that optionality essentially drives freedom – how does Presto help you get that optionality?

Justin: Presto creates optionality by virtue of being disconnected from storage, is essentially not having its own storage layer. I used the analogy in the beginning that we’re like a database without storage. The other way I put it for people who are familiar with data warehousing is, we provide data warehousing analytics without the data warehouse. That’s another way to think about it.

So, because of that, it basically allows you to think about Presto as an abstraction layer, above all the data sources that you already have. And you can kind of skip the complex and time-consuming task of having to move data around, create copies of data, ETL it, extract it, transform it, and load it into another system, instead you can just do that at query time, and access that data, and get your results.

So, that gives you a lot of flexibility, and I think one of the ways we’ve seen that play out is, we have a lot of customers that have a classic data warehouse, maybe it’s Teradata or Oracle. And then, they’ve got some kind of a data-lake strategy, and maybe that’s either Hadoop on-prem, or maybe it’s S3, or some Cloud-object storage.

And the first step might be to use Presto to just join tables between these two systems. You’ve got some kind of user behavior logs in your data lake, and you’ve got billing data in your classic data warehouse, and you want to be able to correlate the behavior with the billing, let’s say. That would be a very common use case for us. You can do that with a simple query and Presto.

Now, what that allows you to do then, as a second step, is, essentially, hide from your own end-users, be them internal analyst, data scientist, or even customers. Where the data actually lives, they don’t need to know that they need to go to the data warehouse to get the billing data, and they need to go to the data lake to get the user behavior – they’re just submitting a query, and they don’t know where the data lives anymore.

And by doing that, you’re able to actually decouple your end-user from where the data is stored and give the architects in the organization the ability to now decide, based on cost or performance, where that data should actually live. So, you don’t need to pay Oracle or Teradata tremendous amounts of money to store your data anymore. That is, of course, the most expensive storage you’re going to find.

You could instead choose object storage, like Ceph from RedHat, or there’s a company on the West Coast called MinIO, which creates S3-compatible object storage. And that’s very inexpensive, relatively speaking. And you can deploy all of your data, or start to migrate your data into this lower-cost storage, and still be able to access it, while your end-users are none the wiser to where the data lives – they’re just getting their results. So, I think that’s where you kind of get to create this optionality and be flexible about where you put your data over time.

Mike: In addition to the technical level, I always think about optionality as, does the open-source license itself also lead, or open-source infrastructure in general, also lead to more optionality and freedom?

Justin: For sure. I mean, I think the notion of not having vendor lock-in is really important to customers. Increasingly so, I think they’ve been burned over decades of very expensive technology that becomes legacy technology, and then, their stock and the pricing goes up. And they don’t feel like they have much ability to resolve that. And I think the open-source license in and of itself gives customers a lot of comfort, in knowing that, you know, a worst-case scenario, they can always roll this themselves, with the open source. But also, Presto is able to read open data formats, which is also great. Because I think data lock-in is probably the worst kind of vendor lock-in.

And in a traditional database system, once the data is loaded into the database, it’s kind of not easy to get access to or get the data out, without continuing to pay for that database system. But if you’re using open data formats, which we’d really pioneered during the Hadoop era, these are like ORC or Parquet, if you’re familiar with those file formats, you can store them anywhere and query them with a multitude of tools. You could use Spark to train machine-learning models, working off the same Parquet files that you’re querying via SQL for Presto. And I think that gives customers a lot of flexibility as well.

Open Source V. Commercial Market Size

Mike: I read a lot of articles about how enterprises are really moving towards open source, certainly when you look at the large consumer-facing services, like you mentioned, Netflix, Facebook, etc., they’re building a lot on open source. Then, you look at the size of the market, and you see that, actually, from a market percentage of open-source software is still only a tiny amount – is the move to open source really real, or is it more hype than reality?

Justin: When you say the market is small, do you mean measured in dollars, or what’s the metric there?

Mike: Dollar, yes.

Justin: Yep, makes sense. And that’s the key piece. I think it’s probably super widely used, but the percentage of open source that actually gets monetized is relatively small. And I think that’s what’s translating to the overall dollar amount, seeming small, relative, to the proprietary solution. I think if you measured in terms of impact to businesses and organizations, I think it’s actually probably the reverse actually, where you might have more open-source software having bigger impact than the proprietary.

But, of course, the challenge – and I suppose this is the purpose of your podcast – is figuring out how to monetize that effectively, so that you can build a successful business, while having that broad impact that open source provides. And I do think that, as vendors, we’ve gotten smarter over the years about how to do that.

I mean, the way I think about open-source business models over history is that it started with the sort of pure-play support model, just offering support, nothing proprietary. I think kind of Generation 2 was the open-core model that we’ve spent time talking about. You know, Cloudera popularized that, as did many other companies. And I think Generation 3, which is actually where we’re moving as well as a company, is cloud-hosted, SaaS offerings.

And, basically, being able to make part of the value proposition, the simplicity of the solution that you can deliver as a SaaS, and I think data bricks is a great example of that. So, I think that’s kind of the next frontier. And I think, as more and more open-source companies move in that direction, I think they’ll probably have better success in monetizing that background usage of the open-source. Because, there’s so much you can control now from a SaaS perspective to really enhance the experience, that is just easier for customers to use your SaaS solution, rather than having to maintain it themselves.

Starburst Cloud Strategy

Mike: I normally ask companies if they’re developing a SaaS offering. And I think that there are some companies where it’s been really successful like MongoDB, Eli Horowitz from MongoDB is emphatic that cloud is the best business model and everyone should be doing cloud. In doing the 50+ podcast, I found that the results have been mixed, where sometimes companies find that it’s a good way to reduce the try by fly time, where the cloud offering is a good introduction, but then the revenues are mostly derived from the enterprise, like self-hosted version.

And it takes a lot of effort to actually — it’s almost like a whole new product, like you’re building a software platform, a great software platform, and then, building the SaaS is almost like a totally new product in different business endeavor. What’s Presto done in this area? Are you working on it? And do you have any thoughts about how that experience is going, sort of making a cloud offering out of the software?

Justin: We definitely are working on it, and we have been actually for quite some time. And it is hard work. I think there’s no doubt about it, but I do think that some recent innovations around Kubernetes actually make this easier than it maybe was a few years ago. Because Kubernetes can kind of create a uniform, almost like operating system, if you will, that you can deploy your software within, and therefore, sort of create the software once, rather than having to have all these different kind of custom versions for different types of deployments.

I think that’s a game-changer. It’s certainly something we’re betting heavily on, as we approached that by trying to create the same experience, regardless of where customers deploy.

Single-Tenant V. Multi-Tenant SaaS

Mike: Most of the old cloud services were multi-tenant, but, are you thinking, like with Kubernetes, we could maybe build a single-tenant and deliver sort of like, “We’ll host it for you, you’ll host it.”, but it’s going to be sort of the same thing?

Justin: That’s exactly right, yeah. You know, I don’t want to give away too much of our strategy just yet because we haven’t released the cloud product yet. But I think those are really important concepts that you highlighted there, that we’re very interested in.

Building A Sales Team

Mike: So, something you must have done a really good job at is building the sales organization, because $10M in sales hasn’t happened by accident. And I think sometimes founders underestimate how difficult it is to build a sales and marketing organization – did you have any thoughts or advice you could share on, like how that went for you, like, how you pulled it off, like how do you do it?

Justin: Yeah. I think the first step I would say is trying to understand yourself as the entrepreneur – what the sales process looks like, like, what are customers buying, how do they understand the value proposition. And I’m a big believer in entrepreneurs selling the first few customers themselves. I think you learn so much, even from a product management perspective of what you need. You get to experience what your sales reps will experience when you start to scale up. So, I’m a huge advocate of that.

The second thing I would say is find a great sales leader. Because you know there are folks out there who have done this many times before, and know what it takes to sort of scale up a sales organization. And, certainly, that was impactful for us in finding our VP of sales, who’s done a great job of really scaling up that organization quickly.

Team

Mike: One question I had was, the pandemic has changed things were much more remote –  were you remote before the pandemic, and what’s your plan for growing the team in the next couple of years?

Justin: We were not entirely remote, but we did have some level of distributed nature to our team. Before the pandemic, we had major teams in Boston, the Bay Area, and then, actually Warsaw Poland as well, as an important development center for us. So, we kind of had to work across these three geographies, which are obviously spread out by 9 hours of time zones. And I think that gave us maybe a head start on the pandemic. But to be perfectly frank, I mean, I would much rather go back to actually having an office, and being able to interact on a one-on-one basis personally, with so many of these people.

Because I think what’s been weird for us is, we have scaled so quickly this year that I have not met probably half of our employees at this point, which is just a weird thing, to have grown the company so much. And the only interactions I’ve had have been over a Zoom call. So, that part I miss. I do think we’re all trying to make the best out of it, of course. And I think good best practices are sort of documenting everything, having frequent all-hands meetings, where you get everybody together, but there’s still no real substitute I think for one-on-one interaction.

Founder Advice

Mike: The last question, any advice for new entrepreneurs who are launching a business, and they want to use open-source software development as part of their business strategy?

Justin: My advice would be to think early about that key question that you asked earlier in the podcast about what your monetization strategy is going to be, and on along what metrics are you going to, or what criteria I should say, are you going to be separating the enterprise value proposition from what you give for free, and I think kind of have a strategy early on and stick to it. Because I think that will just make the decision-making process so much easier for you as you go along. You won’t have to debate each and every feature that you come up with – you’ll just sort of know because it will fall into a framework. That would be my piece of advice.

Close

Mike: Justin, thank you so much for sharing all this knowledge and experience with us.

Justin: Thank you, Mike. This was fun, and it was great meeting you.

Mike: Thanks to the Starburst team for reaching out and coordinating the podcast. Audio editing by Ines Cetenji, transcription and episode website by Marina Andjelkovic. Cool graphics by Kemal Bhattacharjee. Music from Broke For Free, Chris Zabriskie and Lee Rosevere.

Next time, we’re joined by Miguel Valdes Faura, CEO and Co-Founder of Bonitasoft, a global provider of BPM, low-code, and digital transformation solutions.

Until next time, stay safe, and thanks for listening.

Episode 53: Rajoshi Ghosh, Co-Founder of Hasura, Controlling Access to Data with GraphQL

Intro

Mike: Hello and welcome to Open Source Underdogs. I’m your host, Mike Schwartz, and this is episode 53, with Rajoshi Ghosh, co-founder of Hasura, a relatively young startup, using GraphQL to connect Enterprise data. I’m happy to report that Rajoshi is the first Indian national we’ve had as a guest on the podcast, a trend which I hope continues. Although she’s normally based in the Bay Area, Rajoshi was in Bangalore in late July when we recorded this.

Before we get started, I have a quick request – we all want to help open-source founders and startups. I make the podcast, but I need your help to get the word out, so tell your friends, post on LinkedIn, tweet out a link, post on Hacker News, or follow me and share one of my posts on LinkedIn, whatever you think makes sense, go for it.

As I mentioned, Hasura is a young startup, but given their success in momentum, I thought it’d be interesting to hear their stories sooner than normal. If you’re interested in GraphQL you might also want to listen to episode 41, with Geoff Schmidt, the founder and CEO of Apollo.

So, without further ado, here is Rajoshi Ghosh, co-founder of Hasura. Welcome to the podcast. Thank you for joining us today.

Rajoshi: Thank you so much for having me, Mike. I’m really happy to be here.

Origin

Mike: What’s the origin story of Hasura?

Rajoshi: At that time, Michael, we started working together really long time back, and I think at that point, we really wanted to work on something that would make application development easier, but we did not know what shape or form this would take,  and so, what we started doing was, we started building products for — started off with friends, and then, moved on to like local startups and then started working with one of the largest banks out there, help consulting with them.

We realized that if we were building enough products across different types of companies and different industries, then we would learn a lot about the different businesses, and also, it gives us an opportunity to try and build tooling that can work across companies of different sizes and different industries and verticals.

So,we got into this consulting business that we did, but the entire time we had a small team that was continuously building different products that could be used across different clients that we were working with. So, we did that for about three and a half years, and then, it came to a point, where we built a bunch of these tools, and you know, we were faced with the decision of signing like a multi-year contract for a consulting gig with a really large bank or actually going back to saying, “Okay, let’s take these products to market and build a business out of it.

So, we decided to start Hasura, wind down the consulting practice. So, that’s kind of how we set up the tools, that, like, parts of Hasura were built. So, what we did after that was, we spent a few months taking these different pieces that we built to market, trying to open-source a bunch of them, saw how folks were reacting, trying to understand the business implications of these products being used.

And that’s kind of how the Hasura GraphQL engine, which is our open-source product sort of came about. You know, we spoke to a bunch of people, realized that data access was a big problem that people seem to be struggling with across all kinds of companies, and again, different sizes of businesses. So, that was the piece that when we open-sourced and we wrote about it, and we put it out, and I think the first blog post that we had about our product resulted in our Fortune 500 health care company, reaching out to us and saying, “Hey, we really want this.” So, we knew we were onto something. So, it started out with this consulting practice, building pieces of this data access problem, from there, and then kind of polishing it up and launching it as the Hasura GraphqQL Engine in 2018.

How Is Hasura Different From Apollo?

Mike: A few episodes back, we had Geoff Schmidt, one of the founders of Apollo GraphQL, and although this is a business podcast, not a tech podcast, we have a lot of tech listeners out there. So, maybe you could just give a quick overview. I know that Apollo is part of the community, you’re part of the community, and the products are different, but maybe you could just give a quick overview of like how the products fit in the market?

Rajoshi: Absolutely. At Hasura, we kind of came at this problem, from the data access angle, we were trying to solve the data access problem, and back in our consulting days, we have actually built our own version of GraphQL called Urql, and we had that whole thing going. And every time we would talk to people about what we were building – and this was around the time GraphQL was getting popular, people would tell us, “Hey, this sounds an awful like GraphQL, why don’t you add support for GraphQL?”

So, that’s how we sort of braided into the GraphQL space, but we sort of came at it from the data access piece, so, what Hasura as a product does today is the service that you connect to your database and other data sources, and it kind of instantly gives you GraphQL APIs. So, it’s sort of short-circuits, the path, like you don’t really need to build a GraphQL server, Hasura kind of becomes that piece in the middle that connects to your database and other services, and gives you these APIs. And Hasura gives you a metadata engine, where you can specify the relationships between your different pieces of data – you can add authorization, logic, we have a very granular authorization system built in. And then, you can start accessing these APIs directly from your front-end clients.

That’s how we fit into the GraphQL ecosystem. And now, we have our – Hasura is available as a cloud product, and what you also have is, you have a lot of features that help you kind of run Hasura production. And there’s a little bit of overlap with some of the things that Apollo engine does, which is basically, like monitoring and analytics, and sort of add that API layer. So, these are the features that we have in common, but the problems that we’re solving are very different.

I think Apollo is coming at it from the side of being, like a GraphQL Gateway, where every different service speaks GraphQL, and they’re kind of the GraphQL Gateway. And they are building tooling at that GraphQL Gateway sort of layer, where, we are sort of more on the infrastructure layer, where we are solving the data access problem. And we give you GraphQL APIs.

Lessons Learned

Mike: If you could go back to that day when you said, “Okay, we don’t want to take this contract, we want to move forward with a software company.” That must have been a little while back, but if you could go back to that day, would you do anything differently in terms of how you executed after that?

Rajoshi: That’s a very interesting question. I would say not. Because what happened, like, the steps that sort of followed from there, we took the product, we had built some great text, so, we raised some seed money based on some of the tech built, we took that to market.

And once we put out the GraphQL engine on like, we did a show and launch like a Hacker News launch. And that was a pretty good launch that a lot of people found out about the product, and usually what happens is with Hacker News launches, they are very transient. Somebody finds out about it on one day, sometimes it goes great, but sometimes, there are new products being launched that every single day.

But I think what helped us sort of stick around after that initial launch was the fact that when people started trying it out and looking at our documentation, there were two things that I think really helped us over there. One was that either documentation was very complete. This was also because this was a problem that we’ve been at for a while.

And the second thing was that getting started experience was magical, like it was 30 seconds to your first GraphQL API. You would connect it to an existing database, existing Postgres database. And you would instantly get APIs. So, that sort of helped us get the word around, got people excited. And they spoke about it to each other, and that started off our sort of developer adoption journey.

So, we were still tagged Alpha back then, and we already saw all kinds of companies starting to use Hasura, and putting it in a very critical part of their stack. So, what happened is, we hadn’t actually started building a commercial product just then, we just put this out and we were still trying it out. But because of the kinds of companies who’ve started using us, they started calling us inside, saying, “Hey, you know what, we’re using this — if this goes down like who are we going to talk to, like, can we sign a contract with you. And then, he started getting these calls from companies, and that also helped us sort of like inform our kind of roadmap of how we were going to build into our Enterprise product. And then, we launched that earlier this year.

I think the journey has been one of learning, and on all sides of things, like growing an open-source community, growing the usage of an open-source software, and then building a commercial product around it – that’s been a really good journey. And I think the fact that people really, like, the commercial versions of the product as well is something that comes from having been through the journey with our users, listening to our customers and working alongside them over the last two years.

Monetization Strategy

Mike: So, that pivot that you’re describing is really difficult to make from open-source project to commercial product, and you’re probably still making that pivot as we talk, but can you talk about what are your thoughts about the strategy for whether – I heard you mention that you launched a cloud service – that’s certainly a fantastic business model. There’s also a lot of innovation around open core, making certain parts of your product, commercial vs. open source. So, how have you figured out how to monetize some of the open source to fund the company?

Rajoshi: I think the way we’ve been thinking about what comes apart of sort of our commercial offerings is, things that companies using GraphQL engine in production will start needing, you know, when they are in production. Things like monitoring and analytics, stuff like query capture, so that you’re able to create allow lists when you’re in production, prevent breaking changes with regression testing, great limiting of your queries – these are kinds of features that people need when they’re in production. So, these are the kinds of things that we put in our commercial versions.

And the core GraphQL engine, which sort of gets you building and then, you need to self-manage, and you need to build all of these toolings yourself, but the call that sort of gives you the APIs and helps you connect to data systems – that’s in the open-source part. Because that’s part of your critical infrastructure, and you know, being an open-source product, if you’re in the infrastructure I think is almost given these days.

Cloud Positioning

Mike: What’s the positioning of the cloud product? I understand you just launched that, but what is your vision for? Is that going to be a major part of the revenue streams, or is it just from so people can get started and kick the tires quickly – where do you think that fits?

Rajoshi: It’s very new. We just actually announced a general availability, we launched it about 4 weeks ago. So, it’s very, very new, but we do foresee it being a critical part of our like revenue stream going forward. So, what we did is, we actually re-engineered a sort of open-source engine for it to be like a true cloud SaaS product. Both of the things you mentioned are important in the sense that getting started with Hasura on cloud is something that we absolutely care about, that being the best experience for you to get started on Hasura, so that’s extremely critical to us that anybody who wants to try Hasura, the experience of getting started on cloud should be magical.

So, that’s very important, but it’s also something that we’re building for, you know, companies running Hasura at significant amounts of traffic and scale introduction. We have interesting sort of things that we’ve built into the cloud, and one of those is sort of like dynamic data caching. And that’s something that we’ve — I know that the podcast is going to be out about three weeks after we speak, but actually in just about an hour, my co-founder’s going to be speaking about server-side caching and dynamic data caching as part of the GraphQL summit, where he’s going to talk about how we’ve built it, and what is our sort of vision of the cloud, which is something like CDN for data. So, that’s kind of where we see it going, where you build, you connect your data sources.

Data is being fragmented, and data is everywhere – it’s in your databases, it’s a multiple data sources, and you have this managed infrastructure piece in the middle that just has to connect to all of these data sources, magically get this API. And it’s fully managed, it scales, it’s super fast. And so, yeah, that’s kind of the way we look at the cloud product.

Value Prop

Mike: You mentioned that Hasura is almost like a data connection layer. One of the main value propositions must be getting access to your data, but what are some of the other reasons that driving Enterprise customers in particular.

Rajoshi: I think for Enterprises specifically, since that was your question, I think one of the things that we’re seeing and that our Enterprise customers are seeing is that time to value and time to market. So, as people like building with Hasura, and we recently had our user conference, where, Philips healthcare, one of the Solutions architect there, who’s been a Solutions architect for 26 years, spoke about how something that they were building with Hasura would have typically taken them two to four years, but build and ship this product in under a year.

So, companies and Enterprises are saving like quarters and like years of work by using Hasura, because Hasura is just – you get these APIs with access control out of the box. This could be anywhere from like 40 to 90% of the backend logic that you need to write. So, that’s a huge benefit. And that’s kind of what is also helping Hasura spread by word of mouth within the Enterprise. Once one team starts using it, other teams sort of see the pace at which people are building, and that’s helping the word spread within Enterprise for us.

So, that’s one. The second – there’s two other things that, again, we’ve heard our users talk about. One is having better domain understanding. There is this layer that connects to all of your different data sources. You sort of have a better understanding of your domains. And that helps architects and that helps team lead sort of build faster, because as things are very fragmented, Hasura kind of brings that unified view of your different access control rules across different data sources. That also adds to the speed aspect that I spoke about, but that’s also in itself with huge benefit that enterprises are seeing today with Hasura.

And the third one is enhanced security, and again, each of these points of sort of building on the previous thing that I spoke about, which is, we have the Hasura console, which is this UI, where you can see all of these different access control rules. And so, you’re able to see very granular access control rules are set up for, again, all of the kinds of data access that you need to do. So, having that visibility in one UI makes it very easy for again Enterprises to handle the security aspect of data access. These are things that we’ve heard time and again from our Enterprise users as benefits that they see building with Hasura.

And on top of this is the entire GraphQL piece, which is all of the benefits of GraphQL that is making people move towards GraphqQL, the amazing developer ecosystem around the tooling, the developer experience for front-end developers to get started and build products fast. So, the front-end experience with GraphQL along with the themes experience with Hasura to handle all of the different data sources in the access control kind of makes that package really valuable for our users, especially in Enterprise.

Community

Mike: You mentioned the user conference, and I’m wondering what is the current community like for Hasura, and how do you see developing the community, and giving the community enough value going forward?

Rajoshi: We have a really, really engaged community around Hasura, and it’s something that we’re all very, very excited about. And it really makes us very happy, and we deeply care about the community around Hasura. So, more than half of our engineering team is working on our open-source product. There’s continuous development, and we’re listening to our users in the community very closely and sort of acting on things that they are talking about. So, there’s that aspect to it.

And there’s also the aspect of like really helping the learning process. So, we have a very extensive set of tutorials on GraphQL on Hasura, on authorization that we’ve built on hasura.io/learn, which basically the GraphQL tutorials over there are like vendor agnostic tutorials, which are just about getting started with Hasura, whatever sort of stack your come from, especially for front-end developer. So, I think we have almost more than 10 tutorials for different stacks for you to get started with GraphQL.

And overall, the site has I think almost like 15 to 17 tutorials on like full stack, front-end, back-end authorization data modeling. So, these are things that we put out continuously for the open-source community. We have a very vibrant discord community, and we have community champions, who are folks, who are helping out each other and helping out other users who are coming into the Hasura, new folks who are coming into the Hasura community, so that’s where the community hangs out.

And yeah, I think bringing all of these aspects together at the user conference was truly amazing for us two years into launching Hasura that we put out this user conference, it had about 33 talks of which three were from Hasura folks, and the other 30 were from the community, just talking about different ways, in which they are using Hasura different pieces of tooling that they’ve built. So, it was really, really good to hear and good to see the community coming together, giving back, and by talking about how they’ve learned and build things with Hasura.

Community Code Contribution?

Mike: Does the community actually commit any code?

Rajoshi: We do have community contribution that’s happening on console code based, on documentation, on sort of lots of tooling, but yes that is community contribution going into the code records.

Pricing

Mike: Pricing is one of the hardest exercises, not only for open-source startups, but I think for every company. What are some of the gates that you’re thinking about for pricing, and how do you get, for example, intrinsic value based pricing for the customer?

Rajoshi: Yeah, this is something that we’re thinking deeply about and also evolving. We are very, very early in the stage, in this journey. I’m sure, down the line, that we add a lot more color that I can add to this conversation to this topic, but right now, we’re thinking about it as basically pricing on the cloud product, consumption-based pricing, which is basically on data pass-through.

We have a starting tier with certain amount of data pass-through, and then, we’re basically charging on data pass-through. And we have a few more things on, the number of collaborators and the limits we apply on some of the features that you get. But the primary way that we’re thinking about pricing is on the data pass-through.

So, that’s currently how we price on the cloud product, and for Enterprises, which either on the cloud or on, a self-hosted model currently, its feature bundles and pricing per project, which is unlimited usage but pricing for project – that’s how we roll pricing on the Enterprise, but on Cloud, it’s with these usage limits. And that scales as your usage of the product scales, and each of these is for personal project.

Serving SMB?

Mike: So, a lot of software startups, some in your area, are making most of their money in the Enterprise space. I bet you think that you’ll find a way to also offer products and services to smaller organizations.

Rajoshi: I think. I mean, today our users do span the spectrum from the hobby developers to folks in the enterprise, we definitely – our Cloud product is meant to be something that caters to smaller products that are just kind of getting started in introduction. And there’s always open source that you can sort of sell, post and run across any kind of hosting service that is – yes, but the cloud is something that we have envisioned to be anyone running GraphQL introduction should be able to start a pricing would make sense for them economically. And that’s sort of how we’re thinking about it. And like I said, it’s very early days for us. And so, we’re going to sort of observe and see how it scales for us over the next few months and keep tweaking this.

Team

Mike: Right now, you’re sitting in Bangalore, one of the urban hubs of technology, what are your thoughts about growing the team, and how you’ll have to adjust the plan for the pandemic?

Rajoshi: We started, becoming a distributed company early in 2019, I think 2019 was when we brought our first remote colleague on board. And since then, we’ve been hiring across the globe remotely.So, that was very helpful to US during Covid, like all of our communication and all of our working in a distributed manner across different time zones. So, that really helped us when we all went with Covid-19.

So, in terms of growing the team, I think we will continue to hire across the globe in different cities and different countries –  that’s how we’re thinking of growing the team. We do have a base in Bangalore, and we have a base in San Francisco, so, we will look at hiring across these two cities. But we, also, currently, we have people in, I think, over 20 cities outside of these two, the side of Bangalore and San Francisco, maybe even more – I haven’t actually done a proper count, but we have everybody from, like LA to Melbourne, and like everything in middle.

So, we can’t actually do an all-hand’s call, where we have everybody in the same call, because we have like the West Coast, we have Europe, we have India, southeast Asia, and Australia. So, we kind of do this call in the morning, you know, morning time SS. And then, we record that, and we do one in the evening, like late evening, which works for like Australia, Asia and Europe. And this kind of play the recording, and then do another second half, and then, record that, and play that in the next thing. So, we figured this out, and it’s working pretty well.

But we’re already across time zones, where we can’t fit everybody into one call that is not a crazy hour. So, I expect us to kind of keep trucking along that way. And it’s fun! I mean, it’s great to have colleagues from like all over the globe, and we try to bring everybody together twice a year. That’s surprisingly enough. We actually had one of those this year, which sounds magical and unbelievable almost, that we actually had a team off site in 2020. But we did that just before Covid struck, and now, we’re all waiting for that to happen again.

Advice For Open Source Software Startups

Mike: It’s really hard to start any kind of business, but open-sourcing your software adds a little extra challenge I think. Do you have any advice for founders on how to find the right balance to make open source an advantage in their business model?

Rajoshi: Yeah. I think open source is a very important question to ask, if you are sort of just starting off and the decision is between, like, should I open source or not. I think why is open source important, it’s that specific kind of business is for important question to ask. I mean, there are every kind of products that are open-source and closed-source alternatives.

In the infrastructure space, open source has pretty much become table stakes for people, for how software is being adopted, but I think thinking through the business model from the beginning, and not making that an afterthought is going to be very important. That would be my only piece of advice to sort of think about it from day one, at least as much as you possibly can.

Because there are two ways – either you start a business intentionally, saying this is going to be an open-source business. And then, I’m going to start clearing on commercial features. Or you build something open source as a side project, and that kind of takes off, and then, you try to figure out, “Oh, wow, everyone’s using this – how can I make a business out of it?” I guess if that’s the way you’re going about it, then, you will have to figure it out as it happens. But if you’re intentionally doing it, I think thinking through, really thinking through how will you start monetizing, right from day one, is going to be very important. Because, often times, if the differentiation factor between what is open source and what you plan to make a part of the commercial feature, if it’s not very well-thought out, then, that can lead to all kinds of problems, both from the community, as well as just generally as to become a viable business.

Did Hasura Plan The Business Model Early On?

Mike: Did you follow your own advice there?

Rajoshi: Yes, we did, we did. I think we did. Partially we did, definitely, we know that we didn’t want to make our commercial offering. Their support base model wasn’t what we were going for – that’s not the kind of open source company we were building out to be. And we also did not want to have our Cloud version to be just like a hosted offering. Because the problem, the way we see it, if it’s a hosted offering of your open-source software, then, everyone’s bound to compare it to here. But I can host it on so-and-so provider for like this much cheaper.

We did not want to go down that path, we wanted to really offer teachers, which were part of our commercial offering that would really, again, make sense for the stage of the company you were. And, it would economically and ergonomically make sense.

So, it was always about that – what are the things that you will need once you’re in production, you know, you birth the product, you trust the product, and now, you want to go ahead in production. And what are the things you don’t want to worry about when you are in production. And that’s kind of what we look. The jury is still out – I mean, well, we’re going to see how this works out, but so far, the signs are good. I think people are really liking our commercial features and the product, but it’s early days – we will see how things evolve.

Role Models For Rajoshi?

Mike: You’re the first Indian female founder we’ve had on the podcast, and we hope you won’t be the last. I’d like to end with this different question than I normally ask. Who are some of the leaders and role models that influence your decision to co-found Hasura?

Rajoshi: Wow…that influence my decision to co-found Hasura? That is a very difficult question to answer because I used to be in genomics and research – I’m a bioinformatics person by sort of education, in the first few years of my career. And if somebody had asked me then, “Are you going to be the co-founder?” Like, whatever, start a company – I think it would have not crossed my mind. I was deep in the academic world, and it was so far away from anything that I thought about that, I don’t think I would have had an answer.

When I started working at this Incubator is when I saw how startups work. You know, I found about startups, this incubator that I work. I used tohave a lot of folks who worked at successful companies, who would come and speak to the students, though I was a mentor there, I was also a student, because I was teaching them programming and learning about all of these different amazing business things from folks that had successful startups. And that was the first time that thought crossed my mind.

I think my journey – once I did that, that was an 11-month thing, where I thought – I think for me after that, it just seemed like the next step that I have today. And that’s kind of how I got into it. It wasn’t again like an extremely like, “Okay. I am going to start a company.” sort of thing, it’s sort of just like my life experience has led me to this. So, I guess I don’t know how I can sort of talk about role models and who kind of influenced my decision – I think that experience that I had teaching at this Incubator – which is actually based in West Africa in Ghana, and it’s done by a Silicon Valley company called Meltwater. It’s an amazing program, and they bring students or fresh graduates from university, who want to start companies, and train them. And just being part of that ecosystem, I think that was my inspiration, that entire experience was my inspiration to sort of stop something and not get bogged down by, you know, it’s just going to be really impossible to do.

Closing

Mike: Oh, congratulations. I think you’re going to be the role model for the next generation of entrepreneurs going forward. So, best of luck with Hasura and everything else you do. And thank you so much for being on the podcast.

Rajoshi: Thank you so much, Mike. Thank you so much for having me.

Mike: Thanks to the Hasura team for help coordinating the podcast. Audio editing by Ines Cetenji, transcription and episode website by Marina Andjelkovic, cool graphics from Kemal Bhattacharjee. Music from Broke for Free, Chris Zabriskie and Lee Rosevere.

Next time, we have Justin Borgman, CEO of Starburst. If you don’t know Starburst, I highly recommend listening because it’s an amazing story of a perfectly executed startup – Justin was great.

Until next time, stay safe, and thanks for listening.



Episode 49: Open Source API Management with Martin Buhr, Founder / CEO of Tyk

Intro


Mike Schwartz: Hello and welcome to Open Source Underdogs. I’m your host, Mike Schwartz, and this is episode 49 with Martin Buhr, CEO of Tyk. API Management is a hyper-competitive market–there are commercial, open-source and SaaS products from which to choose. This makes Tyk’s success even more impressive. I think they’ve done a lot of basic things right: keep it simple, provide great support, make sure customers are happy. That’s enabled Tyk to grow organically, with a relatively small amount of outside investment.

This interview, it’s a little bit on a long side, so, let’s just get on with it. Here we go!

Mike Schwartz: Martin, thank you so much for joining today.

Martin Buhr: Hi, yeah, Mike, thanks for having me.

Origin

Mike Schwartz: In 2016, the API Gateway and Management market was already pretty well-saturated, you could say, with existing well-funded competitors. Why were you crazy enough to jump into this shark tank?

Martin Buhr: Well, the origin story, it’s a bit of a Cinderella story actually. I needed to make a gateway for the platform I was running as a side business, besides my regular job. And the existing solutions that were around were either large enterprise monoliths, SaaS platforms or open-source platforms – there was one or two – but they were getting really, really big. There wasn’t anything small and tactical to just use — I mean, I could use like NginX or something as a proxy, but I needed more than that.

I had just rebuilt my existing services with API first, and the platform itself, I didn’t want to write my own authentication code and I thought, “Well, that’s what API gateway’s for.” And I couldn’t find one, and I thought, “Well, what the heck, why don’t I just build one?”, which is probably a stupid thing to do, but it turned out okay.

So, that’s why I ended up with the Gateway. It was really small tactical at first. Work with my platform was really meant to sort of easy to inject into other ecosystems, without having too much deep integration. And I kind of built on it, to get more metrics out of it and understand how people were using my service. Until eventually, I realized that the side business I was running was awful. It was just costing me more money than it was fun to run.


So, I closed that down and open-sourced the Gateway because I thought why not, it is a pretty decent piece of software. And that’s how I ended up in a market, it was almost accidental. And at the start, I had this dashboard which was the UI for the system, and also gave me some analytics. And I thought, “Okay, I will close-source that and I’ll sell it.” The Gateway itself will be open-source, and I’ll sell them, the dashboard.

I sold the initial version of the dashboard for something like 400£ for a lifetime license because I wanted to take my wife to – I was living in London at the time – I wanted to take my wife to Gordon Ramsey in London, which is this super restaurant.

And their average meal per head is 400£, that’s how the meal cost, which is a stupid amount of money, but it’s a very good food, and anyway. So, I wouldn’t say that I started with a great business model – I just wanted to take my wife to lunch.

Origins Continued

Mike Schwartz: The open-source project started before the company. At what point did you say, well, I think we can really scale this, and what was your plan for sort of scaling the business?

Martin Buhr: After that initial sort of launch phase and sticking up the project on Hacker News with the small website, it got a lot of attraction, lots of people were interested, and loads and loads of different companies came along and emailed me, amongst which some of them were — we had Home Depot, Viacom, and a couple others. Some Fortune 500 sort of emailed me saying, “Oh, hi, yeah. We’d love to try your platform out, can you tell me more, can we get a call?”

But I was having those conversations at six o’clock in the morning because I was in the UK and they were in the US. And there I was in my pajamas, trying to convince them to spend some money with me, and they would tell me, “Well, how does your support work, and how are you going to scale this business, and how is this going to work long-term, why should we onboard this?”

It was the first spur to say, “Well maybe there’s a bit of a traction in this, and maybe I need some help. You know, I’m quite technical, but I’ve not run a business successfully, and marketed it and sold it properly, you know.”
Once we got the initial traction, and I saw a lot of interest, I managed to talk to an old friend of mine, I used to work with, into joining. And he came on – his name’s James – he came on as a CEO, commercial guy, and sort of helped me shape the whole thing. He shaped the business, he shaped the product offering and the marketing, and I shaped the product.


And that was a good team, because we used to work together at the agency, and we were project managers together, so he was very much on the commercial side of things and the operation side, and I was very much on the technical side of things, but we pitched together a lot.

So, we kind of knew each other’s flow, so when it came to — I think one of the first people we had to pitch to was Eurostar in London, which is the link between Britain and France, the train that goes up through the channel tunnel. And when we went there, it was our first real pitch as a company. And that’s sort of how it moved from being an open-source project that had some interest to being something viable. I think one of the things I’d really came back that they sort of told me that we were annoying people or, you know, poking them in the eye with this project was when one of our competitors, and they are not the only ones actually, three of our competitors offered to buy us or acquire us.

And this happened early on, when they came along and said, “Oh, don’t you want to work in Silicon Valley? Don’t you want to do this, don’t you want to do that?” And that kind of thing tells you quite a lot about the business having viability. So, at that point, we thought, “You know, let’s do this.”

Our first real sort of tangible money spending client wasn’t even a client, it was a company in the US in Texas that wanted to try us out, and James sort of talked them into doing an onboarding and training session with, so that we could try it out, and so we could do the integration for them.

So, they paid for the tickets in the per diem for us to go visit Dallas, spent a week there, I learned how to two-step. It was pretty cool, a far too much Tex-Mex food. And we actually never got the client, they changed teams halfway through, so we never actually got the deal, but we did get this real validation. And it was on that trip, where James turned around to me, and he said, “When I get home, I’m going to quit my job.”, because we both had day jobs at the time. And that was it. He was employee zero.

So, that’s kind of the way that panned out. We kind of stumbled into it, and then went into it full-on once we felt we had real traction. It was something there that showed growth. We had people who were actually willing to spend money on the product and spend money on us, so, yes. Does that answer your question?

Mike Schwartz: Yeah, definitely.

Value Prop / Open-Source Strategy

Mike Schwartz: So, today, what would you say is the most important value proposition for your customers?

Martin Buhr: When people come to us for API Management, there’s multiple outcomes they come to us for. They might be breaking down a monolith into a microservice architecture, they might be adopting Kubernetes, they might be looking at functions as a service, or they might be looking at the old-school API economy stuff. So, you know when you said earlier how the market was saturated with solutions, those solutions are built on the premise that users wanted to sell their back office.

So, they had existing service that they wanted to monetize them. That was the API economy. And all those business premises were on that, where it’s actually — I feel like API management now is much, much more than that. It is all about managing internal services usage, external service usage, integration – it goes all over the place in terms of the actual market. You know, sometimes we have customers going to us for integration problems, which aren’t API Management problems.

We also get a lot of folks that are just moving vendors, but the main value proposition for us is, Tyk is small, lean, really efficient. I mean, we get benchmarked against NginX and OpenResty all the time. So, you know, latency matters a lot when it comes to high-volume APIs. So, all of those boxes are ticked. Being an open-source product, we’re not open core, we’re open source. It’s just a big distinction between those two things.


So, we spent a lot of time, effort and money on engineering team working on the open-source project, to make sure that it has all the features you need to get the job done. Most open-core products will just give you an empty shell and then sell you the bits you need. We don’t do that, we don’t hide the ball. That’s a big change for us, and I think one of the largest pieces for us is that when folks come to us we have a really unique way of engaging with customers. You know, James and I are from the agency world, and it’s slightly different in terms of how you handle your customers to have a normal B2B sales works.


And I think our customers see that, and it’s created this — we have this amazing reputation for customer support. We’re always rated best of the best in Forrester and Gartner every single time. Our customers are extremely satisfied with dealing with us as a company. We are extremely good handling our customers and handling our relationship. And that’s a great value proposition, because it means, once they meet us, they go, “Oh, this is a bit different.” And then they look at the product, and they go, “Oh, this product actually says what it does on the tin.” And that’s a big differentiator for us.

We were also – and this is slightly different aspect, but when we entered this market, one of the main things we did was say, when somebody wants to install a critical infrastructure, like an API Gateway, they do not want to worry about security concerns, that software phoning home, worrying about external access to it, or external access to those laws.


So, right from the back, our software does not phone home, our licensing system doesn’t check on whether your license is valid – it’s all cryptographically done. And that puts us at a bit of a risk. It puts us at risk to make sure that we are selling something that will not bring us any income revenue, but at the same time, it gives our customers that satisfaction that they can actually create their infrastructure behind the firewall, lock it in the cave somewhere, and it will still keep ticking over. And that’s really important, especially when you go into heavily-regulated markets like healthcare, banking, insurance, and things like that.

Because these organizations, they need to be able to file out their solutions, and make sure that they have full control. So, we kind of revived this on-premise business model, where everybody’s moving to SaaS, we said, “No, no, go on-prem.”, because a lot of organizations need this, especially B2Bs.

You know, for the smaller stuff, we see a lot of companies coming to us for our SaaS, and we were one of the first companies to offer a hybrid SaaS solution, so you could go into our cloud, you could run your traffic via our cloud or, you could run your gateway locally and localize your traffic, but have all of the management infrastructure, which is the more expensive part of the infrastructure sitting in our cloud. And that was a bit of a big deal at the time.

And we took that capability, and we made that into a product, and now that became our Enterprise product. We called it rather imaginatively multi-data center bridge. It doesn’t really roll out of the tongue, but that piece of software is our big, big ticket item. And it’s closed-source. But all it really does is it enables the user to manage their API ecosystem and their gateway fleets across multiple data centers, firewalls, regions, without having to worry about latency uptime of connectivity, they can fail independently, and they scale it independently, and that’s all built into a base platform.

So, it’s quite powerful. When you get out of the box, it’s super powerful. And then, if you add all value-add that we have, that’s closed-source on top of it, it’s worth the money.  So, when it comes to open source, a lot of people try to monetize open source through support, and that’s when it’s hard to scale. You know, when you scale support, you’re scaling the margin you have and your time.

So, your customer base gets bigger, and you’ll look at your own, let’s say, your customer base comes in, they join in, the organization, they’re trying to integrate your number of support calls and the usage of SLA peaks over let’s say maybe six weeks. So, they’re getting their money’s worth on what they pay for support.

But then, once everything’s working, and they got the hang of the product, that tails off again. And that’s great because, obviously, it frees you up to do more support work, but it also means that the value they’re getting out of it, goes down. And then, it becomes more of an insurance policy, and expensive insurance policy, which means, it’s one of the first things that gets caught, especially when your software works really well. You know, as you grow, you then hire more support engineers to help you make sure you can manage SLA.

But as that support tails off, where your business stops growing so quickly, those margins you’re making on someone’s time, just aren’t sustainable, and they scale really badly. Whereas selling a product, so selling a physical thing, you know, the old school put it in a box and sell it to the end-user – that has a huge margin, because you sell a thing, you’re dealing with unit economics. And that’s much, much easier business to run.


So, when we came to the open-source conclusion, we said, “Okay, so we’re going to hamstring ourselves by giving away a free product that’s incredibly powerful. And then, we’re going to have all these value-add products that sit on top of it that are geared towards the enterprise. But those will be closed-source. And that is what we will sell. But it’s worked for us, because the thing is the value-add stuff that large organizations want to pay for is the kind of stuff that gives them those insurance policies.

Most engineers don’t want user interfaces, they don’t want human intervention, but their managers do. That VP of marketing wants to be able to go in and look at a chart. And they need that full back control, where they can manually intervene, without having to worry about a DevOps pipeline, or something like that.

And then, there’s that piece, obviously analytics is a very big piece. And then, last but not least is simple things that all businesses want, single sign-on, role-based access control multi-tenancy. Those are the kind of things that large enterprises just salivate over. And if you can take that, bundle that into your enterprise value-proposition, that’s the bit you sell. And you’ll see actually, if you look at most open-source solutions these days, you’ll see that there’s an open-source product. And then all of those businessy things are the bits they sell for an extortion amount of money.

Is Tyk Open Core?

Mike Schwartz: Actually, I wanted to roll back a little bit to something that you said. You mentioned that you’re open source, you’re not open core, would you say that there’s a core product, or let’s say, that’s open source, and then, there are additional components which are commercially licensed – how does it work?

Martin Buhr: The bit that does all the heavy lifting is the gateway. It’s a proxy, traffic goes in, gets managed, traffic goes out the back end. And that’s where all the hard work happens. So, not only does it move the traffic, but also it applies things like rate limits, quotas, it gathers analytics, it might transform the request in some way, it might run some plug-in middleware – all kinds of transformational or validation elements that you need to do to your traffic. That’s where your authentication lives, where your authorization layers live.

That component is sort of the key bit, that’s what you want. That’s the thing that you want to put in front of you, into your DMZ, in front of your traffic to secure your services. That part is completely open source, and all of the components you need, all the features you need, to manage your traffic, is part of that component.

If I went out and I said, “Okay, I am large business A, and I want to spend no money on my traffic management, my API gateway and my API management.” I could do all of that, with our gateway. The only difference is, there’s no UI, you have to do it all programmatically, with our API, and with files, and all that kind of good standard, you know, unixy way. So, that’s fully functional. We don’t hobble our product at all. But then, we have the components that go on top of that that are the value-adds. So, there’s a separate service called our Tyk dashboard. That’s the management UI. It’s also the management API.

So, the dashboard is a single-page web app. It consumes the dashboard API, the dashboard API is much larger and granular, it’s multi-tenanted, you can have users, RBAC, and all of that good stuff. It also has a developer portal, which you can expose to let your developers that self-serve access to various services in the organization or even externally.

And so, that part, that whole application is closed-source, and that takes a license key. And that license key is essentially a cryptographically signed object, we use a private key to sign it, the public key is embedded in the binary, so all we need to do is validate the signature. If the signature is valid, we can trust the claims inside it, and that then says what you’re allowed to do with the dashboard.

And it has an expiry set, so we know that, let’s say, it’s a one-year license, and then the software will lock you out after one year because that’s expired.

Good thing about that is, it doesn’t need to call home, we don’t need to actually validate the license because all that stuff happens in the software in quite a safe way. It’s hard to break unless we lose our private key obviously. So, that’s one component, and then the second component that I talked about, this multi-data center bridge, also has a license with a separate key because it’s an add-on. So, you can kind of build out your ecosystem with Tyk. You can start with the gateway, which is open source. “Okay, this is great. I like this, but I actually want a UI, and I want all this cool RBAC functionality.”


So, you buy the dashboard, and you just tell the gateway to be managed by the dashboard. So, now, you extended out your installation. And now, I actually need gateways in six different locations or six different networks. Okay, I can’t do that with one dashboard because of latency problems, database problems and things like that, so I’ll buy the multi-data center bridge. It’s an add-on, you point the bridge at your dashboard, and you point your gateways at the bridge. And it then takes care of handling your fleet.

So, we basically license those components, and within the dashboard, there are feature flags, you know, for role-based access control, multi-tenancy, things like that, single sign-on. Those are feature flags we can switch on and off in the license, so we can start with a base license, and then build up on the pricing tiers from there. And we leave that up to – it’s not a software decision, that usually goes to the commercial team. They’ll sort of know what levers they see coming out of the interactions with potential customers and saying, “Okay, well, these are the things that people want. Let’s figure out how we can price those.”

So, there’s always this evolution in how we price our software, but that’s essentially how we manage it. It basically means that somebody could go along, they go to our dashboard installation, they run that for a year, and they’re like, “Okay, we can’t afford this anymore.” They don’t actually have to take away this out – they just simply have to take the configurations out, put them into the open-source system and take away the dashboard, and they can keep running. That’s the important bit.

Whereas with an open-core system, the core thing, doing all the work is hobbled. Because, if you no longer own the components that are doing the work, like your rate limiting, or managing open ID connect, or something like that, then actually, the whole thing is broken. So, you can’t continue, you have to shift.

Products

Mike Schwartz: So, of the pre-products that you mentioned, there’s the self-managed, the enterprise, and the SaaS. From a revenue perspective, which of those is the most important today?

Martin Buhr: At the moment, on-prem, the self-managed is the one with the best margin, because we don’t take on any of the costs of running the software. SaaS is a tricky business, you have to run it, you have to put a margin on top, and you scale accordingly. So, there’s quite a lot of cost of just getting everything running.

We’re about to launch the brand new version of our SaaS, which basically takes all of the stuff you get with the on-prem version, all the good stuff, like our plug-in capability and things like that, and makes it into a multi-region SaaS, so you can say, “Oh, I want to have my dashboards in…”, but that’s mainly on data sovereignty because we operate in Europe, and we operate in Australia and Singapore. You find these data sovereignty levels get more and more and more strict. And that’s why on-prem is really popular.

But the first thing that gets cut during recession is your DevOps team. So, the last thing you really want to do is manage people that manage software, so they all go for SaaS. But then, if your SaaS offering is enough to scratch, you lose them at that point. So, we’re building our SaaS to basically be just as competitive as our on-prem solution, and just as capable in terms of where you locate it, where you run it, and doing it all by a managed controller, to make that work. But essentially, to answer the question, yeah, the wholly-owned system is the one with the biggest margin, and the one we currently see the most interesting.

Sales Motion

Michael Schwartz: So, on your website, I didn’t see any particular vertical, marketing focus. Are the sales opportunities primarily inbound, like i.e people find the open source and then, they reach out to Tyk?

Martin Buhr: It’s a bit of a mix, mostly inbound, yes. People do reach out to us, we don’t necessarily have to go banging on doors, which is good. The way people find us are a few. Yeah, there’s google looking for the open-source software, trying that out. But actually, interesting, a lot of stuff that drives us is, whenever there is a comparison, we’re always in the mix these days with our largest competitors.

And Gartner and Forrester run reports on full lifecycle API management. And we were lucky enough, six months into launch of the company, to be featured in both. I think we were an honorary mention in the first Forrester because we didn’t quite have the revenue they needed for open source, but we did manage to get in there.

So, we’ve been on the radar for a while. Nowadays, it’s more about when people look for, you know, they’re looking to do a proof of concept or some kind of RFP that will hit us off just by default. And then, they reach out to us and say, “Tell us more about your software.”

You know, the other sort of big inbound market is – especially in Asia actually – is partner marketing. So, we have a whole bunch of integration partners out there since our business is mainly the use case for an API Management solution is ultimately an integration problem.

So, we have all these systems integrators that will look to us to provide a solution. And they might be more vertical focused. So, you’ll have NSI that’s healthcare, or you know, government, or things like that. And they’ll specialize in that sector for us. They’ll build on top of our platform.

Partner Development

Mike Schwartz: Did you actively recruit and identify the system integration partners, or did they find you?


Martin Buhr: We hired a really, really good sales guy in Singapore, and he knew how that market worked out there. So, he courted them initially, it was a bit of a mix of inbound and courtship, and usually what happens is, it’s a bit more opportunistic. The problem with legacy providers at the moment is they already have all these partner relationships set up, but they’re also extremely expensive. So, when it comes down to trying to cut costs or trying to streamline things like government spending, looking at the value, those solutions add, becomes problematic for most, especially if they’re closed-source. The open-source model always feels cheaper, so that tends to be a big driver as well.

I’m not saying that open source is cheaper, but open source is perceived as less costly because it doesn’t come with the overhead of training and a sales cycle that comes with it. Because you go and try and get a trial of a large enterprise piece of software, you have to go through three layers of account managers, sales peoples and technical representatives before you can get your hands on the software. And that’s bad accessibility can be a real problem, buying off the back of a data sheet.

Is It Worth It To Serve Smaller Customers?

Mike Schwartz: I’m gathering that enterprise customers are most important from a revenue standpoint, but have you found a way to serve small organizations, i.e through the SaaS? And is serving those smaller organizations actually like materials of the business? Is it worth the effort?


Martin Buhr: It’s definitely worth the effort. I mean, we started off as a community business, still are. The people that pay our bills are the large Enterprise customers. Those are the ones we really try and court, but those are six-month, twelve-month deals. You know, selling into the enterprise takes forever, not just from just getting in the door, but also just getting contract signed and making sure that the invoicing is correct, and going through all their procurement coops. So, that’s all well and good.

That’s the bit that sustains you, but at the end, it’s the smaller engineer, the side project, the hacker that drives interest, that pushes the platform a bit, that actually will probably contribute back. Especially in the open-source place world, and so we do. I mean, as our SaaS version is relatively less costly than the on-prem version, and we do obviously offer discounts for charities or small businesses and things like that.

So, we do have ways in to use the software without paying us a fortune. And we do sometimes say, “Here, you have the dashboard to be filtered free.” But most importantly, what I said is, “If you’re working with a smaller customer, is we can enable them through our community support or through discounting, to make sure that they get what they need.

We don’t actively go after those customers. Instead, actually, almost every single time, you engage in a sale, especially in our market, it’s an integration sale. There’s a lot of expertise required – they’ll have their own identity provider, they’ll have their own databases they want to use, they’ll have different service types that they want to use, they’ll have specific integration problems that they need to solve, and they need your help with.

You know, that’s the old fight of how good is your documentation versus how much help do you want to give on a personal level. In this case, that person’s time is really expensive, so we have to be very careful where we spend that time, but we do make sure that all of our engineers, for example, are on our community forum and are actively engaged in helping the community, make sure that they can do what they need to do and work with the software. We’re not exclusively focused on the enterprise, we just can’t spend a huge amount of time on customers that don’t sustain us.

We do ultimately have bills to pay, and developers got to eat. We have something like 74 people on staff now, in 22 different countries. And, well, it’s lovely to be able to offer an open-source piece of software to the community, and take the position that we will never hide the ball. And you know, it’ll be a fully functioning piece of software forever. The bits that are the value-add, we do need to charge for, and we just need to make sure we can keep the doors open.

One of the things I think that really puts a lot of people off of starting an open-source project is, there’s a lot of entitlement that comes with folks that use open-source software that they don’t quite understand. You know, the person building it is doing this out of love or, you know, because they enjoy it. It’s rare that an open-source project becomes a business. And once it becomes a business, your viewpoint has to change. So, it’s a sort of double-edged sword of how much do you put up with users that feel like you owe them something versus trying to run a business profitably.

Hybrid Cloud Pricing

Mike Schwartz: Hybrid cloud API proxies are hard to price. Some companies are pricing per transaction, but transaction value varies widely based on the line of business per server. And CPU models are tough because in the Cloud Native world with auto scaling, compute can be a moving target. I heard MuleSoft has a pricing model based on per container hour gig of RAM. So, I’m wondering, have you figured out what are the gates you’re using to figure out how do you price for this type of service in the enterprise space?

Martin Buhr: Hybrid’s tough because you’re not actually running the traffic either. So, if you’re telling a user, “Oh, no, you run all the infrastructure, and we’ll charge you for the traffic.” It’s problematic at best. So, what we do is, for us, when somebody comes along and says, “Okay, we want to use the hybrid.”, they are basically using — you have to remember that everybody that uses our software, no matter the large enterprise to the smallest user are all using the same open-source gateway.

So, if you use our hybrid offering, you’re actually using our open-source gateway in the configuration, so it works with our hybrid cloud. So, the nice thing is, we can basically say, “Look, here’s the container, it’s public, do what you want with it. Just make sure you configure it this way. And the way we price is pretty straightforward – you basically pay us for your account. It’s a monthly subscription, and that subscription comes with data retention limits. So, that’s the most expensive part.

We don’t run any of the traffic. The traffic is going through hybrid gateway, so we are just collecting and storing and processing analytics, and that IS expensive.

So, we say, okay, so per gig, per — we actually do it by number of days we store it for. You know, you get seven days, or 30 days, or 100 days, plus the additional features in the dashboard because all the value-add stuff, so single sign-on, role-based access control – all that stuff that lives in the cloud bit, whereas the hybrid gateway itself is fully featured, so they just simply need to configure it.

So, actually the way we offer is just a subscription model, where we don’t charge by scale. If they want to run 100 gateways, that’s absolutely fine. I mean, admittedly it’s a bit of a surprise to us when people do it, but we have had it before where we had one Malaysian customer who was — they were a huge ecommerce provider out there. So, big sort of eshop, mobile shop. And they were running millions of requests today, through our hybrid infrastructure. And they must have had 100 or 150 gateways spun up in their architecture. I think they were using mesosphere.

Yeah, it just sort of, it stood up, as long as we didn’t have to store it, it was okay. So, for our hybrid instead, we’ve actually parceled it as part of our overall SaaS solution. So, if you pay our cloud price, we throw hybrid in, just as part of it, because it’s meant to be a flexible proposition – it shouldn’t be either/or.

Self-Hosted Pricing

Mike Schwartz: I see, what about on the self-managed piece, how do you price that?

Martin Buhr: Well, if it scales according to how many gateways the dashboard has to manage. So, you could for example, have 10 gateways running open source – fine, no problem. But as soon as you introduce the dashboard, we limit that down to how many things can actually connect to it. So, customers come to us and say, “Okay, I have this much traffic, I have this kind of size of server, these are my requirements for a high availability and failover.” And we can then put a package together for them saying, “Okay, well, you need two gateways, or you need five gateways, or you need ten gateways to manage that.” And then the license is built accordingly.

So, they then install the license, and it allows ten gateways to connect. If you try to add an eleventh, the one that rejects the connection, that gateway doesn’t boot basically.

What Is Tyk Doing To Grow The Community?

Mike Schwartz: It sounded, like you were saying, that you actually had good community interactions on the support forums. Are you planning to foster growth of the open-source community and ecosystem, and how are you planning to do that?

Martin Buhr: Yeah, we just hired a full-blown community manager – I think he came to us from Mozilla to help us build out our open-source offering. So, it’s one of those things that gets neglected as you get bigger. You kind of go, “We’re making money, uuu, let’s focus on that.” And then, you sort of forget about all these free users that are sitting there, giving you all this free feedback on what your product needs.

So, we do a couple of things. One, we have an open-source community forum, and all of our engineers are on there, all of our consulting engineers, so these are kind of like post-sales technical architects are on there, plus our support managers are on there to make sure that there is coverage. So, you do actually get access to the staff, it’s not just the community helping itself. So, we do actively do that. It’s obviously a bit slower than our SLA approach, but, nonetheless, it is there.

And then, as a sort of a community manager is focusing quite heavily on what we can do better in Github, managing tickets, managing visibility of the roadmap, managing pull requests, and also in general, figuring out how we can shift from being an open-source project that we mainly drive to becoming more of a platform that people can build on top of.

We are currently investigating ways of doing that to make that really work, because as I said, you know, systems integrators and partners, they will have large companies like Accenture or Tata Consulting, or Capgemini, you know, they do have industry vertical professionals. And those guys will go in there with the product that they’ve got internally around HIPAA compliance or HR compliance, or open banking, or whatever. And they’ll want to build products around that.

So, the more customizable your solution is, to handle an industry, handle a vertical, the better, because they can build products out of your platform, and both people win. You win because you sell a license, they win because they’ve now cornered a vertical with this particular solution that happens to be based on yours. So, that’s sort of where I’d like to see it go.

And we’ve seen it here and there, you know, it’s hard to track them because as I said, we don’t call home, so we don’t actually know where any of these open-source gateways are running. But when they do pop up, you do find some really interesting stuff.


We had a customer in Thailand that said, “Okay.”, that the guys they brought it into the company, they eventually left, and they started their own thing. And they just recently shared with us like, “Oh, look, we’ve done all this extra work, and now it integrates with this, and we have all these plugins.” And they’re literally running a business off of that. And I love to see that, it’s amazing. They’re doing this all open-source work, and we’ve seen a couple of integrators, partners, individual open-source contributors, just taking the product a little bit further. And that’s wonderful to see. So, I actually like to see more of that and have more visibility of it.

As we said, we don’t at the moment, because we don’t really force it to call home, so we can’t really just sort of poke a user and say, “What are you doing?”

Open Source Ecosystem Duplicating Enterprise Features?

Mike Schwartz: How would you feel if somebody took the open source, or some company took the open source and built a sort of platform around it, and there was some overlap, maybe with some of the features that you were offering? Would you see that as a positive or negative for the company?


Martin Buhr: It depends. If they’re taking business away from us. It’s a positive most of the time because they’re doing something with it that we can’t do. If they’re doing full-blown overlap, like they’re taking our dashboard and copying it and adding services on top, and then saying, “Okay, this is a cheaper version of the version you can get from the vendor.” I would be a little bit irritated because it’d be reverse engineering, some APIs we’ve got. BUT, it is the price you pay for being an open-source market, for being an open-source product. It is part of the risk.

You see a lot of people moving into the business source license, and we considered that for a while to think, “Okay, well how do we stop people trying to edge into our market.” And at the moment, it’s not so serious. I mean, if you were a database, like Mongo or Redis, it’s a much bigger problem because your footprint is much bigger, in terms of usage. And it’s this whole thing, it’s sort of API theft, or Driver theft.

And you can see it in some businesses as well that they are API based, where, all of a sudden, they’ll go, “Oh, we support the Uber API for our car service.”, which means, you can just point at a different endpoint, and your SDKs will continue to work, or all your integrations will continue to work. Or, you can just drop in a new driver, you can use the same Redis driver to connect to ElasticCache as you can to run fast. That’s just mean.

It’s really taking advantage of interfaces, and I think it’s part of the open-source problem, it’s a real issue if you become very successful in open source. You know, you become a kind of standard, I mean, we don’t have that yet. I would love that, but we don’t have it yet. But, it’s like MySQL, or Redis is a great example, they have this wire protocol, if somebody wants to launch a competing product, they just need to implement this wire protocol because it’s open source. And all of a sudden, they can say, “Oh, no, we’re driver compatible.”

Cockroach Labs, for example, is driver compatible with Postgres, let’s interface that.” It’s just a way of acquiring users through somebody else’s hard work, which is — it’s a risk, it’s a real, real risk. And that’s why things like the business source license exist. But I think the only time you need to look at something like that is when you do actually have people building out large-scale, high-visibility platforms that are competing with yours.

Most of the time, there should be enough space in the market for you both to coexist, so it’s a bit tricky. There is no answer I think. I’m not sure if that answers your question.

Advice For Startups

Mike Schwartz: So, last question. Any advice for entrepreneurs who are launching a business around an open-source product?

Martin Buhr: The first thing is, try and figure out what are the bits that are valuable in your product, because that’s the thing you’re going to need to protect and monetize. A great example actually is the Caddy Project, a really, really good web server with some really strange monetization options. And they changed their tune several times, from enabling access to a built server, to removing headers, to doing all kinds of stuff with their proprietary version. And it’s because the entire product was open source.

What you need to kind of figure out, if you look at like Kibana or even NginX, you kind of want to say, “Well, if you’re going to try and monetize an open-source project, you can’t monetize the actual open-source piece because that’s always going to be free and open, and you don’t really want to be hobbling your own open-source software.

So, you have two choices: you have the choice of either forking and creating a second branch that has all the value-add stuff that you want to sell, or going open core, where you then sell the plugins and things like that. Or maybe go like us, where you say, “We have an open-source offering, we’re going to continue providing that, it’s fully functional.” But, if you’re a big business, you’re going to want all this extra stuff. That’s the stuff that’s instead of baking it into the core, we’ve created different separate services for it, and we charged for those. That makes it more sustainable.

The other thing is, I guess, if you’re starting an open-source business, you need to really figure out who you want to sell to, because mass market is hard. If you’re looking at investment, mass market is great. So, if you’ve got something that’s got really high penetration – a good example might be, like Postman or Visual Studio Code, that gets a lot of adoption, it gets a lot of adoptions. It means you have access to millions of users. And that’s really valuable because you can eventually monetize that and mine it for that 10-20% that’ll actually pay you some money.

When you’re going mass market, you have to go for as much penetration as possible. If you’re going B2B, and you want to go into the enterprise layer, and you want to start charging those big bucks, you need to really start thinking about your sales process. I think most startups, when they get into the B2B industry, even if it’s open source or not, selling to a business is hard, it takes forever. If you don’t have the experience of working in that environment and dealing with the red tape, the context, the process, and the flow, you’re going to have a really hard time to break it.

So, that’s the second thing, it’s probably easier for an open-source product to go from mass appeal rather than B2B, but B2B is where all the money is. With the mass appeal product, if you’re going to say, “Okay, I’ve got a new code editor, or a driver, or a really cool data stitching API or whatever, if you get a lot of users for that, that’s great, but you’ll need to monetize them down the line.

And one, that means you have to alienate your community, two, it means that actually your value will be in that network, which means you’re going to be trying to sell on that network. And open-source business is that we are relying on a network need funding. So, eventually, you’re going to have to get funding in order to monetize the network, in order to get to a point, where you’re profitable.

At Tyk, we were really, really lucky because we managed to build the business really organically from the start. We started with zero employees, then one, then two, then three, then seven, and that was off of the back of a little bit of Angel money and actual real deals. We were making cash, and we were in the black. And then we grew slowly.

We only took funding last year, but that was so that we could go aggressively into the American market and open an office there because that costs a fortune. You know, you can’t build that organically. So, you kind of need to really figure out where you want to go with your project if you’re going with open source. That’s a lot of weird advice, I guess.

Mike Schwartz: That’s great. Martin, thank you so much for spending all the time with us today, and congratulations, and best of luck.

Martin Buhr: Thanks, Mike.

Mike Schwartz: And thanks to the whole Tyk team for collaborating on this podcast. Editing by Ines Cetenji. Transcription by Marina Andjelkovic. Cool graphics from Kamal Bhattacharjee. Music from Broke For Free, Chris Zabriskie and Lee Rosevere.

Don’t forget to follow us on Twitter. The handle is @fosspodcast. You can also follow me personally on LinkedIn. I always post a link to the episodes, and you can share it from there too. Next episode we have Kathryn Erickson from DataStax, one of the leaders in the Cassandra ecosystem. Hope you enjoyed this episode. Until next time, thanks for listening.

Episode 48: Zero Trust Security and Packaging with Ev Kontsevoy, CEO of Gravitational

Intro


Michael Schwartz: Hello and welcome to Open Source Underdogs. I’m your host Mike Schwartz, and this is episode 48 with Ev Kontsevoy, CEO of Gravitational.
This episode, it’s a little longer than most, clocking in closer to 45 minutes. That’s definitely because Ev has such a broad breadth of technical and business experience, we probably could have gone on another hour.
If you want to hear a little bit more about the tech stack, watch The FLOSS Weekly, episode 529. I’ll put in a link on the episode website.
Gravitational has two very interesting products, and they are somewhat related but also a little different. It must have been a tough marketing challenge to come up with a unified message, but apparently they did it, because the company’s been super successful by all measures.

So, without further ado, let’s cut to the tape. And after you listened to this podcast, I’m sure you’ll want to check out Gravitational’s website for more info.

Ev, thank you so much for joining today.

Ev Kontsevoy: Thank you for having me, Mike.

Story Of Mailgun

Michael Schwartz: Before we talk about Gravitational, can you talk a little bit about your previous startup called Mailgun and your experience at Rackspace, and how that led you to identify the business opportunity for a Gravitational?

Ev Kontsevoy: Mailgun was interesting, and for those who don’t know, Mailgun is an API platform to send and receive emails programmatically, so it’s email for developers. If you need to send a password recovery email, or if you need to send newsletters to your customers, you just use Mailgun API to send those messages and collect responses.

That company was interesting to me because of two things. First, it was founded in the middle of financial collapse. I moved to New York City around 2009, right when the economy was self-collapsing, I guess. And it’s also when AWS was beginning to happen, which is always interesting, like, which means that when everything is crushing around you, there is always some positives. And I thought, well, if Jeff Bezos can sell APIs to servers, I could probably sell APIs to emails.

And the reason for that is that if you’re moving to the cloud, you cannot really take your things with you, so whatever email delivery appliance you used to have, like you need to have a virtual replacement for it, that’s how Mailgun really got started. It was really tough, raising money back then for a project like this, because most investors didn’t understand what an API was. I would do a presentation, and then an investor will pull out a Blackberry. And he said, “All right. So, I got my Blackberry here out, so how do I use you API?” At that moment, you know that you lost, that this is not going anywhere.

But then, an interesting thing happened. A Twilio got funded. And everyone paid attention because Twilio said, “Oh, we are API for developers to do, like, SMS.” They started saying that Mailgun is simply a Twilio, like Twilio, but for email. And it helped tremendously.

So, we got accepted into Y Combinator, in 2011 actually, and went from there. I ran the company for a couple of years and eventually got acquired by Rackspace, by one of the cloud providers.
So, the interesting thing I learned from that experience – well, it was my first company, so you’ll obviously learn a ton if you do that – but as a technologist, I wasn’t prepared to be exposed to so much…let’s just say crime. That’s what it is really. Because email is a really dark world, so many shady things happen via email. You know, fishing, and viruses, and spam, and I would say that 80% of my attention was consumed by those problems, as we were running that company, which is unfortunate, because you actually want your real users, engineers, developers to enjoy, the product, you want their experience to be great, you want performance to be great, you want documentation to be amazing. And you constantly have to deal with spammers, fishers, and all parts of bad, bad internet.

So, that was my Mailgun experience. And the reason we, I guess, decided to sell that company to Rackspace, is because Rackspace at the time had very compelling vision, for using open source and open standards to free the world from AWS dominance.That was kind of resonating with me because I started my career as a software developer during Windows dominance. And I just remember how boring and bleak everything felt, just operating within constraints of what Microsoft thinks you should be doing. And, yeah, so that was the story of Mailgun.

Technical Origins Of Gravitational

Michael Schwartz: You know, it’s a totally different answer than I was expecting.

Ev Kontsevoy: What did you expect?

Michael Schwartz: I was listening to another episode, or another interview with you, and you spoke for some time about some of the interesting technical challenges around how complex Mailgun was, and how you were considering replicating it on a different cloud, and how completely, like just, it seemed like such a big challenge. And I was wondering if that sort of gave you some technical ideas that might have led to the development of the Gravitational, like, technology stack?

Ev Kontsevoy: Oh, so, that’s more interesting question – how did I go from being an email person to effectively ending up almost in the security space. So, what do you think happens right after an acquisition, when one technical company acquires another technical company? It happened with us, and maybe, like, when Facebook acquired Instagram, there was probably something similar there, the first thing they ask you to do is, start planning to migrate all your stuff into their own infrastructure.

Especially for Rackspace. Rackspace’s a cloud provider. It would be really strange for them to have an email service that’s not using their own cloud. And at the time, we were using SoftLayer, which is now part of IBM – old-school, bare-metal servers, and migrating to a public cloud on Rackspace, which was virtualized and had all these fancy infrastructures as code capabilities. It took us a long time, I don’t remember exactly how long it took, but let’s just say if I say 6 months, it’s not going to be an exaggeration.

And I remember having a conversation with someone in my family, maybe it was even my wife, where someone asked me like, “So, what are you doing – like, now, post-acquisition – like what are you building?” And I said, “We’re not building anything, we’re just moving from SoftLayer data center to Rackspace data center.” And that person wasn’t technical, and she said, “Isn’t that, like, copying files over the internet??” “Why is it taking six months?” Like, “You have that many files??”

And I laughed. But at the same time, it was kind of illuminating. Like, normal people think that copying software from one data center to another, it’s something that happens within few seconds.
Wouldn’t you probably feel the same, like, what is software, is it just some files, you have software on your laptop, I have software on my laptop, like, it’s just copying things around, but apparently, when it comes to data center software, to what we call cloud software today, everything takes months.

And, at the time, I just kind of took this for granted, like you’re sure it’s a complex problem.
We have completely different security here, we’re going to have that over there, over here we are using this kind of load balancing, over there is going to be different kind of load balancing, and the code needs to be updated, and so on and so forth.

But then, when I became a “racker” – that’s how Rackspace employees called themselves, I was a proud Racker by the way, I love that culture – so, once I became a racker, I got exposed to vast representation of cloud users out there, companies who use cloud computing. And I was talking to them usually trying to understand how can we improve, how we can make our cloud offering better.

And I was amazed how frequently they will bring this problem that I had with Mailgun. It’s like, “Hey, we’ve built this application, and it’s running on AWS, and now we’re trying to run it on Rackspace, and it’s really challenging. Can you help us?”

Or they would say, “We want to use Rackspace, or AWS, or Azure, some kind of cloud provider to build applications, the development environment, but for whatever reason, we need to actually run it in Luxembourg, like in the data center that is supposedly compliant with whatever regulations there are under.

So, how do we have staging environment in one place and identical production in a completely different place? And they kept coming to us looking for advice. And sometimes, we would be able to sell them something, you know, like DevOps as a service, or security as a service. But generally, I just saw this trend is that people feel like they’re chained to their cloud environment.
It doesn’t even matter how amazing that environment is.

But not being able to just take your production and have like, I don’t know, a hundred copies of it running all over the world – it’s extremely frustrating. And it’s limiting to a lot of use cases. You know, latency is important. Because the laws of physics, they don’t really change. So, you have to be able to run your code, close to where your data sets are. Data sets are distributed, which means that code needs to be distributed.

And that’s what I became deeply dissatisfied with SaaS model, in general. I don’t think there is anything wrong with Software-as-a-Service, but there is definitely something wrong with software-as-a-service running in a single place.

And as I was talking to more and more companies, I realized that some of them – check this out – they can’t even recreate their production environment in a different Amazon account. Those are companies based in Silicon Valley by the way.

So, let me just kind of zoom into this use case: you have an application running in an AWS account that you have – you control that. Go ahead and create another AWS account from scratch, also yours, so you have full, you know, God permissions for both accounts. And then, have a full replica of what you have in one account and another. And a surprising amount of companies don’t know how to do that.

They just overtime kind of lose institutional knowledge of what would it take to recreate everything from scratch. And as an engineer, you probably understand why that is happening, because you know, when you start building your application, like in the early days, not a single line of code is written, but you’d know that you need some environment.

You’re going to go and click some buttons in that AWS panel, maybe you’ll write some terraform, or cloud formation, but not always, maybe use Ansible, so, you kind of start manually creating first layer of your future environment. Then you start adding things on top, then you start deploying your code, maybe manually at first, maybe SCP. And then, you move to something, I don’t know, maybe like Ansible, or Chef, or Puppet.

So, things happen over time, and not everything is documented. Some scripts, they run daily, maybe they are part of your CICD pipeline. Other scripts you ran three years ago, and maybe the person who did it is no longer with the company. So, the point is, almost any cloud environment today, it’s built with many layers that are created over time by different people.

And that’s the reason why they’re not reproducible. And a company needs to have, you know, we need to have seven regions all over the world instead of one. Or we need to run our software inside of someone else’s AWS account. Or we need to deploy into GovCloud because government wants to use our software. They run into all these issues that they’re chained to one specific environment. And that’s why Gravitational was born. That’s the company that a bunch of ex Mailgunners started. So, that’s maybe a different answer to your original question.

Products

Michael Schwartz: So, let me drill down a little bit more, Gravitational has two products, Teleport and Gravity. Which was the first product? Or were they both coming at the same time?

Ev Kontsevoy: It’s basically a packaging question. We initially built a solution, so if you want to run your software in many different places, you have to solve many different issues for that. You need to separate your application dependencies from infrastructure. You need to solve remote access problem, you need to solve compliance problem – because a lot of these companies, like the reason they needed to be in the different place is because of compliance requirements.

And we had – what I would just call a code base, a bunch of GitHub repositories. We have this culture internally that we create GitHub repository per library. So, we break everything we built into these libraries. Each library has its own repository, and then we compile the software, and then, we produce solution.

So, originally, everything we built was just a collection of these repositories. And we started to sell the solution called Gravity, and Gravity includes everything we do. Gravity is a complete platform. With Gravity, you can take your AWS account – technically, it’s a Kubernetes cluster, but let’s put that aside for now – and you could save it all into a single file. That’s your image, we call it “cluster image”.

Think about like doing a snapshot – it’s not a snapshot, but I think it’s a helpful analogy – and then you can move that file somewhere else, and you can create exact replica. So, you take this image that contains the full copy of your production environment, and you can copy/paste it all over the world, and you can have thousands of identical environments created from that image.

So, the question then becomes, how do you keep them up-to-date, how do you push software updates, how do you fix the vulnerabilities, how do you troubleshoot problems that happen remotely. So, you do need to have some kind of remote access to those environments. Interesting analogy that I like is software updates built into operating systems.

If you have a Mac, it somehow updates itself, it downloads things from Apple, it applies these updates at reboots, and all of this kind of is just working automatically. So, think about it, from Apple’s perspective, how is that different from running a massive software deployment to hundreds of millions of servers running on untrusted network all over the world, with unreliable internet connectivity. For a typical data center person, that is a Star Wars level tech. And that is what Gravity tries to do with data centers, with your cloud account.

And this component that allows you to securely download and apply updates, that is what Teleport is. It is basically a part of Gravity that enables this world-class security into this restricted, regulated, remote environments, where Gravity is usually running.

And at some point, we thought, why don’t we make open source available for people to use as their own software update mechanism in their own kind of applications. And we open-source that, we put documentation in a separate place. And what we discovered very quickly is that people realize that it’s a much better way to do SSH than open SSH oftentimes is. Which was completely unintentional, but it was kind of nice for us because suddenly people started to discover Teleport, and download, and use it more. And basically, it’s a really good way to access infrastructure right now.

So, whatever you’re using to SSH into your servers, or to access your Kubernetes cluster, you’re probably using something worse, so I highly encourage everyone to check Teleport out. It’s free, open-source, Apache license. So, that’s how it happened – everything was built at the same time, but Teleport, just by accident, developed its own fan base, so to speak.

Revenues By Product

Michael Schwartz: In terms of revenues, which product is more important?

Ev Kontsevoy: It’s hard to say. I think both of them are doing really well, and Teleport is definitely not as expensive as Gravity is because it’s not as foundational to company’s business. Because we have Gravity customers who basically run massive, they sell a lot of software into these remote locations and deliver it with Gravity. So, Teleport, it’s usually part of a platform, it’s not the whole platform. So, it’s cheaper per deal, but we do close a lot more Teleport deals.

Marketing Message

Michael Schwartz: Have there been some challenges around finding the right marketing message for this platform?

Ev Kontsevoy: Absolutely, absolutely. I do think we’re still searching for the right way to describe what we do to the world. There are people out there who believe that Gravitational is a company that helps you take your SaaS application and sell it as a kind of on-premise environment. And it’s fine. Yes, we can do that, and we can do it better than anyone else.

But to me, that’s not really the reason why I decided to spend significant, you know, invest a portion of my life into this company. We want to enable a completely different software distribution model. Think about it like push versus pull.

We believe that the reliance of DevOps team needs to be reduced. The fact that most companies today have to set up and maintain these complex environments, with so many moving parts, and have these massive DevOps teams that constantly struggle with this ever-increasing complexity of this environment – it just feels temporary to me. It’s got to be simpler.

The typical DevOps picture at a company, like average company today, reminds me of what you would read in a history book about early computing.

Remember those stories about old electromechanical computers that would take up the whole room in the building, and you had cockroaches and bugs crawling in, and you had special people called debuggers kicking them out with broomsticks and replacing vacuum tubes and relays, computing was like a manual job, you had to have people walk around and constantly do that.

That reminds me a little bit about like a typical cloud environment today. I think it should be sealed, fully automated with zero human presence. So, if you walk into a data center today, you’re actually not going to see that many people, probably you’re not going to see anybody at all. There’s going to be some security at the entrance, but inside, it’s going to be quiet, no people.

So, I want that to be true for virtual access as well. Even though there are no physical people in that data center, but you could be assured that there are probably hundreds, if not thousands of DevOps engineers, maintaining those machines basically manually. And the purpose of like the goal for Gravitational is to make it not so. We want this all to be completely automated, similar to how millions of Apple laptops download software from Apple, apply patches, and keep running. I see no reason why a typical cloud environment for a typical company should be very different from a MacBook.

Value Prop

Michael Schwartz: How do you convert that into like business peak? You know, because it’s sort of, like, what you’re saying is almost like a kind of “sale to the guy with the hands on the keyboard”. Is there a way to convert that into like actual value proposition for the business customers?

Ev Kontsevoy: Well, first of all, let’s be honest with ourselves – can we do this today? Let’s just take a random company that have nothing to do with, let’s say –

Michael Schwartz: – eBay.

Ev Kontsevoy:  eBay. Can they make all of eBay run similar to a MacBook, with no DevOps team or server today? No, I can’t. There’s so many problems. Like, it’s a complex challenge. So, it’s going to take us many years to actually solve all of these challenges. But what you can do, you can start looking into where DevOps teams are overloaded today and start pushing that needle.

So, for example, if you try to run the same application, let’s say in a hundred different places, you will quickly realize that secure access is a huge problem. Because all these different cloud environments, they have their own tools for accessing infrastructure. And then, you have this like open-source ecosystem that all these components need to be integrated and everything used to be secure. And it begins with SSH, and it ends with Kubernetes access, and then you have, like, internal things, like Jenkins, maybe how do you secure access to Jenkins – all of these problems, they become extremely complex if you try to run more than one production environment.

So,okay, now we have a security problem, we have this access problem – that’s what Teleport solves. So, maybe I cannot promise you that your DevOps team will have nothing to do, but I can promise you that your secure access will be taken care of. You no longer need to have a competent team of infrastructure security people.

Or, if you have one, from now on, they can focus on other things, we will take your security problem away. And it doesn’t matter if you have a single cloud environment or 56,000. So, think about any like retail business, like McDonald’s or Taco Bell, they have tens of thousands of restaurants all over the world, each of those is actually a small data center. They have computers in the back, but can you dream about updating software and those locations, using like regular open SSH and let’s say Ansible? That would be quite, let’s say, inconvenient.

So, here’s the problem that we already solved for them. I do think that our strategy will be to just declare that going from 0, which is where we are today into this bright future, where all software runs by itself magically everywhere, we need to solve 57 problems.

Alright. So, let’s outline what those problems are. I think it actually helps because maybe some other startups will help us. Maybe they will solve disaster recovery or backup problems, but we will concentrate on security first. So, that’s how Gravitational is executing today.

Both Teleport and Gravity, they are very much security and compliance oriented. Because, if you want your code to run globally, you have to take care of that first as basically problem zero. That’s why we focus on it for now.

Free V. Commercial Offering

Michael Schwartz: So, a lot of open-source companies, they open-source a funnel for customers who might want to engage commercially. What does the sales motion look like at Gravitational? Is it try by fly, and what’s the effort to bring on these large customer accounts who probably pay the bills?

Ev Kontsevoy: Look, I’m going to be honest with you. We don’t really have a clearly defined strategy that’s documented for example internally, like how do we upsell open-source users. We simply try to — I think we have a following approach, we want to make sure that if you are an individual, like a developer who is curious about where technology is going, someone who has a home lab in their apartment, or a couple of Raspberry Pi’s that they’re running a little toys on – we want to have something for you.

We want you to get access to Gravitational vision, we want you to find our projects interesting. So, we’re going to have something for you. Yes, it’s going to be free, yes it’s going to be open source. We’re not going to sell you anything because you don’t really have problems that we solve at commercial level.
So, then if you are a small team, let’s say about three, two, 20 people, and you are working on some young project, let’s say your startup, we want to have something for you as well.

Then finally, if you’re a large enterprise, let’s say you’re IBM, and you have some problem, we are going to have something for you as well. Every time, we look at the capability that we are introducing into one of our products, we will always have one of those three use cases in mind, simply the size of the team. One-person small team, and then giant team. And it just so happens naturally that things that giant teams want, they are willing to pay for them.

And things that hobbyist would want, I think trying to charge money for it – it is just ridiculous. At least for us. And that’s how we naturally end up in the split, what is a commercial offering and what is free and open-source offering.

Is Gravitational Open Core?

Michael Schwartz: Would you say that Gravitational is open core?

Ev Kontsevoy: I would say no, we are open source, like we are open-product company. Everything we make is open source. We have a tiny bit of proprietary magic dust that we apply to our open-source products, but that dust just happens to be critical for large companies. In other words – let’s talk about a simple use case – you want your engineers to SSH into their machines, in the most convenient way possible. You don’t want to like annoy anybody with additional stuff.

But you also want this to work across all kinds of cloud environments, you want this to work with, you know, IoT devices out there in the field, you want this to be compliant with all these different regulations that your customers want you to be compliant with.

You basically want the best in-class security and compliance, but you don’t want developers to be inconvenience.

Okay, which means you have to use identity-based system. In other words, if a developer, who wants to access something, they need to go through some SSO process, once a day, nothing crazy.
And, usually, if you look at small teams, what do they use, everyone uses like Google Apps and maybe GitHub, which is naturally what are open-source products for. But if you look into what giant enterprises use, you will start discovering products you’ve never heard of. Like, I think SalePoint, and you obviously want Teleport to support those things. And that’s what we’re going to charge you for.

Another thing too is, if you are a giant enterprise, you are going to have all these different teams and different groups, you might have infrastructure developers, or like NetSec team, or you’re going to have like some auditors. So, in other words, the composition of your teams is complicated. And you need highly granular role-based access control.

So, this extra granularity that only large companies require, that’s another proprietary thing, like from our perspective. So, we basically try to attach – we try to draw the line between open source and enterprise offering, basically based on a company size. Because large companies, they need things that are not even obvious to startups.

SaaS Gravitational?

Michael Schwartz: A lot of open-source entrepreneurs, they love the SaaS business model. I’m sure you’ve kicked around some SaaS ideas. Is there a SaaS Gravitational offering, or are you thinking about one?

Ev Kontsevoy: It definitely makes sense. Yes, we do run into accounts every once in a while who simply say, like, “We love your tools, this is unbelievable, but believe it or not, we right now have zero engineers available to set everything up, to get up and running. “Can you just do it for us, can you run it for us?” And we listen, and we, let’s just say we’re considering it.

Pricing

Michael Schwartz: Most of the companies in this space are using a per-user metric for gating. I’m wondering if you’re using that strategy, has it worked for you, is it a good proxy for value and a good way to land and expand?

Ev Kontsevoy: I just told you what our internal motivation is, what we’re actually building – completely autonomous unmanned, operational model. So, it would be strange for us to charge you based per on number of users if we believe that software needs to run without humans standing around.

Difficulty here comes from the fact that we’re not there yet, so yes, you do need DevOps engineers SSHing into boxes every once in a while. But I believe, if we succeed over time, like the need for that will disappear. So, if we, for example, adopt a business model that we’re going to charge you based on how many SSH users are manually accessing servers, that pricing model will not be compatible with our long-term vision.

Even today, I would argue, without even Gravitational technology, if you have a well-running operations, but you are a Cloud environment, you should not be giving SSH access to your production environment, to all of your engineering team.

Ideally, very few people should be able to do that, and ideally, there should be no need. Especially if you’re running on a modern cloud, you can simply like kill things that misbehave and recreate them from scratch very quickly.

Michael Schwartz: So, what gates do you use?

Ev Kontsevoy: It’s based on your footprint. If you’re running large applications, you’re processing tons of data, you’re present in many data centers all over the world, you have tens of thousands of services based on that, we will charge you more for our solutions.

How To Gauge Deployment Size?

Michael Schwartz: In the Kubernetes world, servers are so ephemeral. You get a lot of servers when there’s a big demand and less servers when there’s less demand. It seems like all those per server, per CPU models are so challenged in the new Cloud Native world – how do you gauge the size of a deployment today?


Ev Kontsevoy: Well, I would argue that per server, per CPU, per RAM pricing, it’s not getting obsolete. If anything, it’s getting more and more popular with – like, look, AWS themselves. That’s what they charge you for. Yes, it is more challenging to accurately meter usage, but generally I would say that usage-based billing is the future for almost everything we use in a data center today.
So, for Teleport SSH access specifically, we look at how many servers we’re using. And for different companies, we offer different options there because there are different business models, and that’s the reason why we do custom quotes for every account.
For Gravity though, I do believe that the value we provide is based on how many environments you’re going to be running. Let’s say, if today, you have a single-production environment, then tomorrow, you’re going to be in a hundred production environment – it’s the environment. Like, the number of environments, that’s the value that we give you. So, then we’re going to charge you based on how many environments you have. We don’t really care about how many servers you have in each.
And environments, they rarely jump too quickly. So, it’s kind of slower moving targets. And that’s how our pricing is built on for Gravity site.

Does Open Source Help The Business?

Michael Schwartz: Has open-sourcing the software really materially helped the business?

Ev Kontsevoy: Absolutely. Because it’s the best form of marketing you can do in our market. We are all dreamers. I believe the technical founders and companies that are started by engineers, they almost always have this dream component attached to it.

And you want to find people who agree with you that future is going to look different, the future is going to be moving this direction and not that direction. And that person is probably also technical. And the best way to communicate with that person – and it has always been like this – is to show me the code, let me play with it. Because that’s how we collectively dream together, by downloading each other code, installing it, playing it, and then communicating, and sending each other pull requests and criticism. That’s just the best way for, I think, mankind just collaborate and move the progress forward.

And if you don’t do that, if you use proprietary kind of code in the cave mode, then you’re basically guessing. You’re saying, “Hey, I’m going to go and work on this problem for a year.”, and then I present you with the solution. If solution works for you, you’re going to buy it. And if solution doesn’t work for you, you’re just going to ignore me. And that’s just a much slower way, to get to this optimal state of offering something that the world truly needs.

So, it’s really hard for me to even think differently right now. You see, with Mailgun, it was different because the problem was so obvious. The problem was basically this: the world needs to send and receive email. And there are solutions for it already, and you have them in your data center.

And now, you’re going to go be in the cloud, so you cannot take your solutions with you. So, you need to have a cloud version of it. All right, sure, here’s one. But Gravitational is much more visionary company that we just want to change the way how cloud software runs. And if you’re going to start working on that problem, doing it in the open, it’s the only way I see how it could even be accomplished.

Portability Of Startup Experience?

Michael Schwartz: This is an unusual question that I haven’t asked before, but you sort of backed the question a little bit. You know, I’ve actually started more than one business – Gluu’s my fourth business – and one of the challenges I found in starting the second business was I applied a lot of the lessons from the first business to the second business. And it turned out that the second business was so completely different that actually like I shouldn’t have.

And I’m wondering, are there any cases where – I mean, certainly you learned a lot in the first business, that helps – but was there any like things that you feel like maybe the first experience led you to something to take longer to figure out?

Ev Kontsevoy: Actually, the Gravitational in many ways is anti-Mailgun. So, Mailgun was proprietary code-based SaaS. Gravitational is open-source software that you can download and run. So, from the beginning we knew that our ability to borrow from Mailgun experience is going to be limited.

So, that allowed us to bypass a lot of these potential problems that you’re referring to. However, what was helpful and applicable is just the mechanics of starting and running the company. You know, raising money, incorporating, setting up like basic processes. So, a lot of that you could just fly without even thinking and do exact same things, simply because a lot of early-stage startups are surprisingly similar. So, copy/pasting that experience into your present, I think it’s totally applicable.

Why Leverage An Incubator For A Second Company?

Michael Schwartz: You chose to go to Y Combinator and raise seed funding and go a pretty traditional startup route. But you didn’t have to go that way, you could have probably bootstrapped it. I’m wondering, why did you think going the traditional route made sense, given that you probably had some capital and some experience and maybe could have done without it?

Ev Kontsevoy: Because it worked previous time. You see, I’m a technologist, I’m not a professional entrepreneur. Like, incorporating, raising money, doing all these things – it’s boring stuff. So, it worked wonderfully for us at MailGun, going through this traditional sequence, through Y Combinator seed stage, and so on and so forth. We just did the exact same thing, we would concentrate and spend my time on actually building interesting products and solving problems, because that’s really the reason you’re doing it. Everything else feels almost like distraction.

Yes, you have to do these things, but at the end of the day, they’re not differentiating, they’re not going to define if you’re going to be successful or not – it’s simply getting resources, and office space, and processes, and 401k plan, whatever, just getting it done as soon as possible and moving forward – that was the goal. And look, Y Combinator, they’re very incredibly efficient at getting all of their startups through this early stage, so I highly recommend it.

Team

Michael Schwartz: So, you’re currently in the Bay Area, are you planning to recruit most of the team in the Bay Area? Maybe you’ve already, like, diversified quite a bit – what are your thoughts about building the team in the next couple of years?

Ev Kontsevoy: If you’re asking me, like, what I recommend – I don’t recommend anything. I think it always depends on founders and company culture. There is always this popular question, like, “Shall I go 100% remote, or should I have an office?” I don’t know the answer to that question, there are pros and cons, but what we’ve decided to do is that we want – there are smart people all over the world –we don’t want to discriminate based on either they are in Bay area or not. We want them to be involved, we want them to join the company. And we quickly realized that Seattle actually is the capital of cloud computing of the world. It’s not Bay area.

If you want to recruit engineers who understand what kernel variables are, who understand differences between file systems, who can troubleshoot lost packets in the network, you will have a much better time finding that talent in Seattle because every single public cloud provider is there. You know, Azure, AWS, GCP, it’s all sale companies, even smaller clouds, like former CenturyLink Cloud, in the Oracle Cloud, original team was based there.

So, Seattle, it’s the highest concentration of cloud computing experts. And for that reason, our engineering is actually based in Seattle, even though the company is headquartered in Oakland Bay Area. But we’re also open to hiring people all over the world. We have a small office in Toronto, we have remote people on the east coast, and Germany and Italy. So, we’re constantly evolving in our views on what kind of culture we want to have. It is challenging, it’s not easy.

How To Scale Beyond Startup Phase?

Michael Schwartz: So, you’re in an interesting stage in the company’s development, where you’ve had quite a bit of success, and you’re sort of scaling to the next level. Any advice for entrepreneurs who find themselves in that situation, in terms of, like, how to adjust to this new sort of focus on sales and marketing, especially for technical founders.

Ev Kontsevoy: You just gave them advice – do not ignore sales and marketing. Think seriously about sales and marketing. Something that I learned in my journey, going from engineer to entrepreneur, was that building a sales team, building a marketing team, is absolutely similar to building a product.

So, just like you have an engineering team with your processes, you know, for example, no one can commit to master directly, you have to do your own branch, and a pull request with a code review. And all good engineering teams, they have processes, and then the coding style, and like which programming languages we allow, which ones we do not allow – building this takes experience, building this takes a lot of brains, and doing it well requires a lot of energy and discipline. It’s really tough. So, this is why top technologists are so expensive. And that is absolutely true to yourselves and marketing teams.

Doing marketing and having a marketing machine that’s operating properly also takes a lot of brains. No, it’s not obvious, no, you can’t just read a couple of Golden Books and go do it yourself. And then, the same thing with sales.

So, underestimating the effort and sophistication of sales and marketing activities I think is quite common amongst engineers. So, simply building and expecting that the users will come – it rarely happens. You have to just approach those problems with, I would say, seriousness, and everything else will come from there. Because if you’re not stupid, if you do have engineering approach to everything, simply putting yourself into that frame of kind of mind, will help you solve sales and marketing challenges.

Advice For Entrepreneurs

Michael Schwartz: Last question, any advice for new entrepreneurs launching a business around an open-source software project or product?

Ev Kontsevoy: Yes. I would just say, forget about that word, don’t call yourself entrepreneur – that’s a distraction. Think of yourself as a product person who tries to solve someone’s problem, and just focus on that until you have overwhelming evidence that it is indeed happening. Because at the end of the day, company is just like a vehicle for allocating and distributing resources. This is what it is. It’s deeply secondary to what you actually trying to do. So, if you want to change the way how backups are done, just focus on that and just forget about incorporation, what kind of company you want, what kind of investors you want – all of that, it’s not primary to your success.


You have to understand what your solution is going to be, how it’s going to be different, how it’s going to be better, who is going to like it, who’s going to not like it – solving all of these problems and just focusing on that before you even begin to think about entrepreneurship is probably key.
Because one common thing I see in “entrepreneurial circles” is that people basically start with this, “I want to have a company.”, and then, they start looking for problems to solve. It just feels very unnatural to me.

Closing

Michael Schwartz: Ev, thank you so much for going over a little bit on time and for sharing all your experience, and best of luck with Gravitational.

Ev Kontsevoy: Thank you very much! Thanks for having me, Mike.

Michael Schwartz: Great job by Ev, isn’t it? Editing by Ines Cetenji. Transcription by Marina Andjelkovic. Cool graphics from Kamal Bhattacharjee.

Music from Broke For Free, Chris Zabriskie and Lee Rosevere. The podcast Twitter handle is @fosspodcast. Follow us. Retweet the episodes, help us get the word out.

Next episode German-British-Kiwi, Martin Buhr from Tyk, one of the coolest open-source API Management companies around.

Stay safe everyone. Until next time, thanks for listening.

Episode 47: Jenkins Software Delivery Automation and Management with Tracy Miranda, Director of Open Source Community CloudBees

Intro

Michael Schwartz: Hello and welcome to Open Source Underdogs. I’m your host Michael Schwartz, and this is episode 47 with Tracy Miranda, Director of Open-Source Community at CloudBees.

CloudBees is a company behind Jenkins, the famed project, which is used to automate building, testing and deploying software.

Many commercial and open-source projects use Jenkins as part of their continuous integration and delivery infrastructure, including my company Gluu.

Jenkins was forked from a project called Hudson, started by Sun Microsystems in 2005. After Oracle acquired Sun, Hudson was forked and rebranded as Jenkins.

Tracy has been an entrepreneur, a developer, a technologist for around 20 years. She was active in the Eclipse community, serving on the board of directors. She’s also one of the founders of the Continuous Delivery Foundation, which operates under the Linux Foundation.

Hopefully that gives you a little background, so let’s get on with it. Here’s Tracy. Thank you so much for joining today.

Tracy Miranda: Thanks, Mike. It is my pleasure to be here today.

Joining CloudBees

Michael Schwartz: For 10 years, you founded and ran your own consultancy, specializing in Eclipse development – how did you end up getting involved in CloudBees?

Tracy Miranda: Yes. I think the common thread there is definitely open source. So, I think that’s something early on in my career I’ve always been drawn to, especially because of the innovation that you find with open-source communities. And it came at a time I was looking to just make a change in the career and focus a bit more on some of the community building aspects.

And as I was talking to people out in the industry, I got introduced to Kohsuke Kawaguchi, who’s the creator of Jenkins, and at the time was the CTO of CloudBees. And the more he talked about the next stage of CloudBees, and what he wanted to do with Jenkins, the more exciting it sounded to me, so I could not resist the opportunity to join his team and lead the open-source team and try that future direction.

History of CloudBees

Michael Schwartz: So, for the non-geeks in the audience, can you talk a little bit about the history of Jenkins, and how that impacted the development of CloudBees?

Tracy Miranda: Yes, yes. So, Jenkins is a built automation server. It is most commonly used for continuous integration and continuous delivery, which are big parts of delivering software. So, it’s a tool that’s been around for 15 years. Many might know it originally in its first incarnation as Hudson, but it evolved over the years and became Jenkins and became very rapidly adopted by developers and focused on delivering software everywhere, just because it gave you a lot of flexibility.

And it was the first tool that sort of helped you integrate and build your software. And it was really what we’d say is the start of this whole field of developer productivity engineering.

And around it, so companies like CloudBees emerged, offering more Enterprise version. So, when it came to scaling or features around governance and securities, and CloudBees would offer Enterprise Jenkins. And that’s just sort of evolved and evolved, and now the whole space is currently really doing very well as we deliver more and more software every day.

CloudBees Products

Michael Schwartz: So, CloudBees has a number of products and services. For 2020, what are the most important products, with regard to revenue, and what are the most important projects for your future growth?

Tracy Miranda:  In 2020, well – let me talk about the direction we’re going first of all, and then I can bring that back to the present – so, we see just everybody’s delivering a lot more software, and software has become critical to every industry. So, you know, whether it’s a bank or a travel company or insurance company – you name it – software’s a differentiator for them. So, the more software we have, the more we kind of start to talk about like software factories. And you can use the factory metaphor as well to apply it to this.

So, in that model, we talk about Software Delivery Automation, and Software Delivery Management automation is just – the name says it all – it’s everything you need to do to get the software delivered, pretty much like a factory. And then, the Software Delivery Management, or SDM, is the part where you have the business intelligence coming in, how do you make the decisions, what to release when, and to who. So, that’s the direction we’re headed in, and we’re building out all the different parts that contribute to integrating all the tools.

Today, what a lot of companies have is basically focused on continuous integration and continuous delivery, so, tooling around tools like Jenkins, we also have SaaS versions of CICD tools, and then, any tools that help you deliver faster. So, we’ve got a whole kind of portfolio, depending on your flexibility and what you’re trying to achieve.

Market Segmentation

Michael Schwartz: CloudBees is in a very horizontal market. As you mentioned, you are serving customers in basically every industry. Given that, does CloudBees segment solutions or the marketing effort, either vertically, or by use case, or in any other way?

Tracy Miranda: I think probably the most clear segmentation, which we will kind of see, is whether people want to manage it and have things kind of on-premise themselves, or whether they want software-as-a-service. So, that tends to be a key differentiator.

And oftentimes, it will depend on the industry. So, certain industries might have very strict compliance or governance around it. So, perhaps, it always has to be an in-house solution. But then, perhaps some new startups, so, in different segments can afford to go with much more as a service model, where they don’t really want to deal with the nuts and bolts, and the upgrades and the security patches – they’re just happy to focus on what they need to do to get their software out the door.

Why Open Source

Michael Schwartz: Without open source, there probably would be no Jenkins, at least as it currently exists.  And therefore, I guess perhaps no CloudBees. But going forward, why does continuing to invest and contributing to an open-source community materially help the business?

Tracy Miranda: This is my key role at CloudBees is, it’s kind of overseeing the whole open-source strategy. So, you’re absolutely right, CloudBees is based on this massive open-source project, and as we grow and continuing to evolve, we’re going to do a lot more in open source and in different ways.

I think there’s lots of different benefits we see to open source, so, on one side, if you take kind of just the engineering side, there’s obvious benefits from working with the community – you’d get fast feedback, you’d get people contributing.

A lot of the developers we hired in the early days would come from open-source communities, and then they’d even have the advantage of they are already up-to-speed with the processes and the ways of working and the code base.

But then, there’s also other kind of strategic science to open source as well. Open-source projects tend to spread like wildfire, I had someone using the term, kind of the open-source tsunami. And they have a tendency to change the direction of industries, to take something like Kubernetes, which caused a big shift in the whole sort of cloud infrastructure.

So, in that way, we also kind of look at technologies for them to be open and for them to drive the future direction of the industry and help us to get to an innovative place. So, we always want to be involved with open source and find ways to just create those kind of win-win situations for both the community and the company.

Open V. Commercial Features

Michael Schwartz: You mentioned previously that it was an Enterprise version of Jenkins, and I’m wondering about, today, is there still software that’s non open source, and if so, how do you decide what to open-source and what to keep private?

Tracy Miranda: Yes. I know that’s a key thing, and it’s constantly evolving. So, we have an internal process, and we’ll kind of look at the way things are evolving in the market. In general, like you take something like Jenkins, and we have a lot of plugins added by different groups and different individuals in some cases.

One thing that CloudBees do is, for the software like CloudBees Core, or CloudBees CI built on top of Jenkins, is we also offer kind of tiers of plugin, so we know which ones meet a certain level and meet the requirements for Enterprise type customers.

So, this is focused specifically on things like security and governance and running things at scale. So, typically features in those areas, or verifying plugins, will be the areas we’ll tend to kind of have as the more closed source. And anything developers tend to use, this tends to be pretty open.

Open Source Strip Mining

Michael Schwartz: I’m sure you’ve heard this term “open source strip mining”, where large companies take open-source software projects and commercialize them. You know, you have a SaaS, you are offering themselves, but is this something that you’re concerned about, or any thoughts about this sort of phenomenon?

Tracy Miranda: I’ve definitely heard the term, yeah, it’s a pretty controversial one. But I think it is something that is always a consideration. So, you take something like Jenkins X, which is a new open-source project. It’s not related to Jenkins, as the name might indicate, but it’s actually a complete new CICD tool based on Kubernetes. And it’s one of the best ways to do Cloud Native CICD.

So, a lot of Jenkins X is open source, and you could conceivably imagine another company taking it and wrapping it up and delivering it in a specific way, but I think the reality is that open source is always evolving. And it’s more about kind of the vision in the direction it’s going. And the key thing I guess from CloudBees’ perspective is, we have a lot of the people who are driving that direction working for CloudBees.

So, I guess that the people, at the end of the day, are a secret source. So, even if other people want to come and extend it or do it in a different way, I think we’re always kind of focused on what’s the vision, how is this going to evolve, how we’re going to keep pushing the industry forward. It’s a concern, but we try not to spend too much time focused on that, just more time focused on what do the users want and where are we headed.

SaaS V. License?

Michael Schwartz: In terms of monetization strategy, is the Enterprise license the majority of the revenues, or is SaaS the biggest part of the revenue stream?

Tracy Miranda: Yes. Enterprise licenses are definitely the main focus. I think that will evolve over the next set of years, but, for now, that’s certainly the case.

Pricing

Michael Schwartz:  Few questions about pricing, which is hard for a lot of startup entrepreneurs. Many organizations are using Jenkins for free – is it hard to move these customers to a paid offering? What type of gates do you define? Is it per developer? And is pricing still evolving with new offerings, or have you achieved some stability in the pricing area?

Tracy Miranda: Yeah. No, I think this is an area constantly evolving. You know, Jenkins is a great tool, and a lot of people can do a lot of things with that anyway. So, we’re always looking to add value on top of that. So, we find a lot of the customers who see the value of CloudBees, they’re focused on what they need to do as a business, they don’t really want to be messing around CICD is not their value add, so they want kind of the complete package. And that includes the ability to get support and the ability to know things are going to work for them.

When you are sort of doing things in open source by yourself, you tend to run the risks yourself. You can pick up plugins and you have to decide, are these going to work for me, are they going to have the security patches attached. And what happens if something goes wrong? You know, you can’t pick up a phone and kind of call up the open-source community and ask them to fix your thing in a timely manner. That being said, it is a constantly evolving space.

So, I think kind of the offerings and the bundling and the way that works is always evolving. And like we will do things as well, like offer kind of more analytics on top of that, which give people sort of more insights in what they can do with their systems, and yeah, that’s just constantly growing,

Partnerships

Michael Schwartz: What have been some of the more important partnerships for CloudBees in terms of specially impacting the business?

Tracy Miranda: In today’s world, I think you really can’t succeed as a company on your own – we had a recent kind of partnership program, which I think we’ve got a whole bunch of companies who we were working with. My main tendency is to be on the open source and on the Continuous Delivery Foundation – it’s not partnerships in the traditional sense, but a lot of companies on the open-source side we’re working with closely.

And the other big one today is the partnerships with the cloud providers, and with those we have really strong relationships. I think every cloud provider has a marketplace out there, and you can easily access all CloudBees products very easily from the cloud marketplaces. I think this year we’ve also named the Google Cloud partner of the year, so, yeah, a lot of strong relationships, especially towards a whole Cloud space.

Project Governance

Michael Schwartz: You have a lot of experience in this area, so I can’t resist asking, but companies can host their own open source and build their own governance infrastructure around their project, or they can move to a foundation that can help maybe attract a larger community. What’s the strategy of CloudBees there, and how’s that evolved over the years?

Tracy Miranda: Yeah, a great question. So, Jenkins itself pretty much had its own governance, and that worked well and served the community really well for the first kind of ten, fifteen years. You know, it is very alike with model software in the public interest, it provides some great services.  But, eventually, it got to a point where there was some kind of sticking points in the community. These were things sort of shared widely with the community.

Some key things like just having a business entity so that we could get signing certificates, having a more kind of ability to hire for roles that want developers, but other kind of things that are key to software projects, but you don’t necessarily get contributions for. And again, the ability to build a bigger community.

So, these are kind of some of the limitations that we hit. So, Jenkins got to a scale, where it needed to grow past that and to get companies interested and understanding it, they needed a really kind of known model, which is why it then looked at setting up Jenkins in an open-source foundation. And that led eventually to the Continuous Delivery Foundation forming, which is, as the more we talked to folks, the more it made sense, not just to have a single project foundation but to have something where a bunch of folks could come together and work towards a bigger vision.

So, that’s been the key thing. The creation of the Continuous Delivery Foundation is what have helped launch over the last year. And that’s been a major kind of change, both for Jenkins and for CloudBees as a business.

Fostering Diversity at CloudBees

Michael Schwartz: You have been an advocate for a diversity. And I am wondering have you been able to have an impact on how CloudBees builds the team?

Tracy Miranda: Yeah, I think diversity is super important for all sorts of reasons, but especially for business ones. I am very lucky in my position, I head up the open-source team, I’m a hiring manager, so, in a great position to kind of influence that at CloudBees.

So, I have a great team, and I’m happy to say very diverse on kind of multiple accesses. You know, gender and age, and from where we are across the world. So, that’s been really nice.

We also have lots of initiatives at CloudBees. One of the things I’m pleased to say is, there’s a lot of people doing things like CloudBees, and kind of constantly changing the status quo, which is nice, because it’s not always something I have to do, and then I can just kind of focus on my main job. But, yeah, a lot of great folks pushing things in the right direction.

Pandemic Impact On Diversity?

Michael Schwartz: We’re recording this episode in May of 2020, so the pandemic is on everyone’s mind. It’s easy to look at all the negatives, but being an entrepreneur, I think I’m inclined to look at positives. Is there any way we can spin the pandemic as a positive around creating more diverse teams?

Tracy Miranda: That’s really interesting. But I think by moving online and by a lot of companies had this almost artificial limit on, where people can be hired from and all having to live in specific areas, which are often cities, which often have big barriers to entry in some cases. I think by going virtual, you do remove some barriers, you do make it easier for people to be hired from wherever they are, and all of a sudden, that does open up the field for people you can hire from. So, I think, in that way, it can be very positive.

How To Catalyze Gender Diversity In Tech?

Michael Schwartz: Just speaking from my own personal experience, my company is very globally distributed in terms of team members, we have team members from like every continent, except Antarctica. So, we are doing an okay job in terms of diversity, but in terms of getting more women on the team, we’ve faced some challenges.

I know you’ve talked a little bit about this topic, but maybe you can share why do you think there aren’t more women in tech, and what are some of the challenges that women face? And how can we maybe help more women get into the tech business?

Tracy Miranda: I spent a lot of time over the last three or four years trying to understand for myself, because I think at the beginning of my career, I took it a bit for granted. I thought this is just the status quo, this is how it is, but I think it is down to kind of a number of factors all coming together. And you know, unconscious bias tends to be a big feature.

We’ve got just a ton of research that shows how lots of different things have compounded things over the year. I think there’s a great NPR Podcast as well, which talked about the times of women started dropping out of computer science courses. And it was almost because computers in general were marketed towards boys. And it was very difficult for them to sort of coming disadvantages to the courses, and there was not a lot of empathy for that. So, I think that that’s kind of one factor, but there’s a lot of other things in general that play out, just networks and how people bring people into companies.

So, the good news is I think we have more awareness than ever before of what it takes. And then, there’s a number of things we can do. The bad news is, you almost have to keep at it constantly, and things change very, very slowly. But we know, for instance, just representation matters hugely. So, having more women voices, having more women in higher position kind of modeling — I think there’s a great expression “You can’t be what you can’t see.”

And then, just having more not just mentors for women but sponsors who are ready to kind of pull them up in the right channels, help them to get and meet their goals much faster. And I think we’re getting a lot more systematic approaches in place to do this. And actually, I was really glad to see with your podcast, you have a lot of the recent guests have been some very frankly incredible and awesome women. And I think that’s places you start, just having that representation, having those people talking and telling their story.

Advice For Open Source Startups

Michael Schwartz: Thank you. We are doing our best. So, last question, you run your own company for a decade, and you’ve been around open source for a long time, so I’m sure you’ve seen some successes and failures of entrepreneurs who have tried to use open source as part of their business model. If you were starting out from fresh today, you wanted to use open source and build a business around it, do you have any advice for that person about how they should go about it?

Tracy Miranda: I think there’s a lot that gets said about kind of open source and the relationship with business models. I think I completely buy into it. Building off open source has so many efficiencies and so much kind of leads to a lot of serendipity.

I think you see a lot of startups today embracing open source and understanding that it’s not just open source in the sense of code, but what you’re really doing when you embrace open source is building out a community. And I think people understand more than ever how key developers are to any product and how key that community is.

So, not that open source is the only way to do it, but it’s such a great way to do it, and I think the main advice would be: if you’re doing it, you have to commit to it completely. You can’t kind of be half-hearted about open source, you have to commit to the vision and to the community and constantly growing it and tending to it like garden. And then, it will play huge dividends. And we have seen the companies who have done really, really well off open source. It’s just kind of really sort of impressive.

Closing

Michael Schwartz: Tracy, thank you so much for spending some time with us today. And best of luck with CloudBees and with the Continuous Delivery Foundation.

Tracy Miranda: Thanks very much for having me. It’s been great.

Michael Schwartz:  Thanks to the CloudBees team for helping us to promote this episode on social media. Editing by Ines Cetenji. Transcription by Marina Andjelkovic. Cool graphics by Kamal Bhattacharjee. Music from Broke For Free, Chris Zabriskie and Lee Rosevere.

The podcast Twitter handle is @fosspodcast.

Next week we talk to Ev Kontsevoy, founder and CEO of Gravitational. Stay safe everyone. And until next time, thanks for listening.

Episode 40: Pivotal, enabling enterprises to manage a unified multi-cloud software infrastructure with James Watters, SVP Products

James Watters, SVP, Products at Pivotal Software, is a veteran of the unix and open source software business. With a broad breadth of products, including Java Spring and many other essential tools for developers, Pivotal has built a business of enormous scale in record time.

Intro

Michael Schwartz: Hello, and welcome to Open Source Underdogs. I’m your host Mike Schwartz, and this is episode 40 with James Watters, SVP of Products at Pivotal.

Pivotal is probably best known for the success of Spring, the most popular way for developers to write Java applications, but they built a great business around the Pivotal platform, which enables large businesses to manage a unified, multi-cloud software infrastructure.

Pivotal is a little different than your typical open-source startup. Spun out of EMC and VMware in 2012, and IPO in 2018, and shortly before I recorded this episode in August of 2019, VMware announced the definitive agreement to acquire Pivotal, a combination that’s expected to close in 2020.

James makes the case that open source is winning because it’s innovative feature-rich and enterprise-ready. He has a deep understanding of both the technical and business mechanic that make open-source companies tech. I’m sure you’ll enjoy this interview, so without further ado, here we go.

Pivotal Background

Michael Schwartz: James, thank you so much for joining the podcast today.

James Watters: Great to be here, Mike. Hi.

Michael Schwartz: So, you were trying Pivotal in 2012 when it was formed, and for the listeners who don’t know the backstory, maybe you could just drive a little bit about how that came about, and perhaps about how it’s coming full circle to some extent.

James Watters: I was fortunate enough to join a open-source research and development team at VMware in 2010, working on an open-source project named Cloud Foundry, and we didn’t really know what it would become as a business. It ended up, they decided to spin that out along with another open-source project called Spring Source, or Spring, into its own company, and that was one of the foundational product elements of the company called Pivotal.

Michael Schwartz: What’s your current role with pivotal?

James Watters: I’ve done a lot of product work at Pivotal. I’m currently SVP of Strategy, focused on new parts of our product. I’ve been focused on things like streaming, container-as-a-service, function-as-a-service, all the emerging areas of our product.

Size Of Product Team

Michael Schwartz: Just to give everyone a sense of the scale, could you give a rough estimate about how many product managers are Pivotal, and the total size of the product team?

James Watters: It’s pretty expensive. There’s hundreds and hundreds of engineers that work on the platform at Pivotal, and I would say 50 full-time product people working and supporting them.

How The Product Management Has Changed In The Last 15 Years

Michael Schwartz: When you were at Sun a while back, you were a product manager of Solaris, which is a pretty epic assignment for those of us geeks who revere Solaris. Since then I’m wondering, could you comment about a little bit about how has been an open-source project manager evolved? Like, what’s different now?

James Watters: That’s a great question. The cycle time was so different on Solaris. And that was an 1100-person engineering team. And then, on the kind of customer-facing product front, I think we were under 10 people. It was very much engineering organization, product provided a bit of input and amplification of key customer themes. We worked on often multi-year release cycle.

In the new world of open-source, the community input comes so fast. It’s a different release cadence. Our core platform PCF at Pivotal, we released every quarter. And that was a big mindset change for me versus some of the older world at Sun. It was just how fast everyone expected you to respond. It’s not uncommon now to meet with a client. And in a matter of weeks, we will have a feature changer update shipped to them.
It’s a completely much more iterative world of continuous delivery, both at the platform as well as what we’re trying to inspire our customers to do for their end users. So, I think that’s dramatically changed since.

How Smaller Organizations Can Improve Product Management

Michael Schwartz: If you’re not Sun, you are VMware Pivotal, but you are so much smaller. Do you have any suggestions for some of the little things that you can do, or that it open-source company might do around product management?

James Watters: I think that’s really opening a question, and I don’t want to speak conclusively on it, but I think what I’d say is, there’s kind of two ways of coming at it. And my specialty is always being understanding the enterprise organization that the product fits into.

There was a point in our journey, where we felt adding additional features around security would probably be neutral to the developer audience that was using the platform, but what actually bring like the chief security officer and her team deeper into the conversation.

Suddenly, we approached a few banks, and we said, “What if we could rebuild this entire platform infrastructure every day for security?” And we had a really brilliant product person at the time named Justin Smith, who let this initiative to articulate the idea of the much more ephemeral approach to the platform.

I think the reason I mention this is, you could have gone deeper on just developer experience, but by finding that other constituent in an enterprise that come to the negotiating table around why we’re giving money to this company, that really changed the game for us and a few clients, because the chief security officer was now also an advocate.

I think it’s challenging you doing open-source products because you might get a lot of feedback from your immediate community and immediate users. But in order to sell the products to a larger organization, you need to think about articulating investments to a broader set of constituents.

Pivotal Products

Michael Schwartz: You mentioned PCF for Pivotal, Cloud Foundry. For those who don’t know, maybe you could just tell us a little bit about what that is, or also walk us through some of the other product offerings at Pivotal.

James Watters: I’ve been fortunate enough, Palmer at VMware hired couple of Google engineers in 2009-10, to come build this platform out. It was really like what you might call the Cloud Native platform world today.

At the time, there was no such thing as container-as-a-service, and at the application level, there really was no micro-services, and continuous delivery was sort of a very radical idea of enterprise. It was sort of the first platform built with the container first design, built to enable continuous delivery of things that look more like micro-services than monolithic applications.

And kind of was the first investment in this Cloud Native space, in terms of application platform and culture, all coming together in a platform.

That was really what PCF did, and we were able to scale it from zero sales in 2012. Or the spin that was first contemplated to hundreds of millions of dollars in sales, and ultimately the background of a public company.

Market Segmentation

Michael Schwartz: Cloud Native is a broad horizontal market. Do you segment the market at all by vertical industry or use case?

James Watters: This is another thing around products. For me, products strategy is that I do think that vertical use cases are critical. I’ll give you two examples. In the banking world, there is a huge focus on Java, because it’s traditionally a Java-centric custom application world.

Banks were always willing to invest in the high-end applications that often was built by Java developers.

When I first started and till this day, banks are, I would say, the number one language in banking is Java. They are very security-centric, they operate in a highly-regulated world, and they tend to be very hybrid cloud. There’s very few banks that run public only.

They were a tremendous fit for the design of PCF, both from support for Spring Boot as well as its core security differentiation.

We absolutely thought of a lot about banking, insurance, regulated industries. Then, manufacturing and industrial was a little bit different space. There you had a lot of the IoT world, you had streaming data, you had a completely learning how to build software for the first time way of engaging, where industrial companies were just getting started on major software investments.

I definitely think about vertical segmentation. I think for anyone who’s contemplating a sort of customer first approach to product thinking, vertical segmentation is a good early model to take on.

How To Decide What To Open Source?

Michael Schwartz: Pivotal has 73 projects in GitHub, and I’m sure that there’s more in private repositories – how do you decide which projects to open-source?

James Watters: I think, by and large, we tend to be an open first-style company, as I mentioned on the Andreessen Horowitz podcast awhile back, I am an advocate for sometimes keeping the UI, closed-source can be a simple way of differentiating between the pure-community efforts and the final enterprise products. But in general, we’ve tilted towards open source first.

That’s also been a key part of our relationships, like I mentioned, with certain banks.

A lot of the core security infrastructure of the platform was all kept open source, because the banks felt more comfortable consuming a platform that was opened first, even in those core areas.

Value Prop

Michael Schwartz:  When you have a lot of projects, is it difficult to position the value proposition of the company?

James Watters: That’s a great question. If you think about how many projects you want to take on, like say, MongoDB is a fairly focused company. One core thing, Elastic are fairly focused company, but you get into the platform world, companies like HashiCorp are very successful at doing multiple projects. I think Pivotal is probably one of the broader breadth open source company is out there, certainly Red Hat has a pretty broad breadth. You hit a point where you become the platform provider of choice for their next generation of design, and actually the pressure comes to do more and more and more.

One of the biggest pressure points for us was always like, “Okay, we love this as an application platform. Now, provide us the whole universe of data services on the platform.” And so you have to achieve a certain critical mass to have the scale to invest like that.

But I do think that in enterprise segmentation, it’s powerful when you can start to have people accept the offerings you do have. And then, the biggest pressure is, “And now add this, so I can have one coherent approach. And I think that that’s something really important for open-source companies to think about it. Like, “Look at how Amazon operates. They are not a federation of hundreds of little hosting providers all coming together. They really have that sort of single point of interface to all of their abstractions.

I think that’s an interesting dynamic in the world right now. Open source is like, how broad you should go in your portfolio, do enterprise buyers favor that, is it better to be lower and single products – that’s something we discussed.

Pricing

Michael Schwartz: With a lot of products, containers, Cloud Native services, it seems like it’s harder than ever to figure out how do you price. There’s more things you could gate on and the more elasticity is given, I know us, at my company Gluu, a lot of challenges because of CPU that depends upon the time of day. Can you talk about the evolution of pricing, and did you get it right initially, or did you have to make some tactical adjustments along the way?

James Watters: I think that’s a great question. I think it’s never easy or straightforward, we made a decision that we were going to go after the largest thousand companies in the world predominantly. We were going to supply a lot of technical resources to them, to ensure that they were successful with our product, and very much be an outcomes-focused company.

I think we intended to price at the higher end of the market, and that was a very deliberate choice. And I think as we’re growing now, we’re seeing more opportunity to start to segment the offer. To have a more transactional approach, we reintroduced the container-as-a-service product that didn’t have as many features as the full platform, but was something that people were ready to pay for more on a transactional basis.

I think that there is this tension between the desire to have a broader platform versus to be more transactional, and that very much comes back to customer segmentation. I would think of pricing in terms of how transactional you want to be, and then what the customer really expects out of you to make them successful.

Like, what does customer success really look like – it has to be at the core of your pricing model. If the prices are really low, and they’re not successful, that’s actually not on either of your interest.

Competition

Michael Schwartz: Does Pivotal actually have competitors?

James Watters: I don’t think that Pivotal has a company that is assembled just like us. We have some unique assets, one of the reasons we were successful in enterprises is, we have the number one way that enterprises build apps in the Spring Boot.

So, when it comes to like how enterprises are building applications in the Spring Boot, it’s probably easily the number one, and it might be over 50% market share of net new enterprise applications today.

There’s not another company that has that. We also had a very big git, and we were owned by kind of the Dell VMware family of companies ultimately. So, we’ve always been able to go to market with them, but we really still did have to earn our own way. But we could get introductions.

I think all of those things came together in a way that allowed us to build a higher-end platform to focus on the top 2000 companies in the world, and to go make them successful, and to price and package accordingly.
I think one of the challenges right now for smaller open-source companies is, these cloud platforms that are open-source, they keep adding features that are pretty high rate. So, you may think that one day, you have a company, and the next day, that’s a feature of a cloud platform. And I think that’s attention.

Certainly, in the service mesh world, you see disruption of kind of traditional networking and API management, coming in the way that people are adopting a service mesh, etc. Is that a company, is that a platform – I think that’s a very dynamic part of the market right now. It’s pretty important, and I don’t talk about it too much, but I really do enjoy working on open-source projects because they can have a breadth of impact that’s pretty unimaginable to something that you have to commit a sales transaction and for software before someone can use it.
We have an asset at Pivotal, Spring Starters, and they’re the number one way that people get started with a new job application. And that’s start.spring.io. You start a new job project there.

Every two seconds a developer on average is going there to kick off a new project.

And the top three countries for it are China, United States, and India, but these are the kind of impacts that open-source can have worldwide, deep into developer impact that you can never do with closed-source only, enterprise sale only products.

I think just the unimaginable breadth that open source can get you in ubiquity, that it can get you in the modern world is stunning. So, that’s what I’m humbled to work on. I think the challenge is then like, “Well, how do you make sure that the largest 5,000 organizations in the world are contributing to that?” And that’s where I do have a passion for enterprise monetization of open source, and finding ways of partnering with those organizations, and packaging, and pricing things, such they feel that there’s good value. And partnering with these open-source companies and making them their most meaningful platform.

I think I’ve got there two minds, number one, open source is super important just from a long-term impact the world, it’s harder to work on projects, they can have a bigger one than open source ones.
And then there is the challenge of like, “Well then, how do you build the economic model around that when it’s so ubiquitous to begin with? That’s the kind of challenge that I’m taking on, and I’m humble to be able to work on open source for enterprises for that reason.

What Types Of Software Should Be Open Source?

Michael Schwartz: Do you think that certain types of software lend themselves to being open source?

James Watters: I would say that the developer workflow today – and that’s not my line but I like it – it starts with “Git clone.” And I think any saying, where a developer is initiating a project in this era, it better be either a really easy to use API, I think Stripe certainly has proven that, or, it better be something like start.spring.io. Or, git clone, something that a developer could just go grab in a permissionless kind of way.
And Adrian Cockroft at Netflix said that, back when he was at previous companies, there were these big architectural debates for months before a project would start. And that in Netflix you really implemented the running code talks. It’s all about running code. I think that that is the reason why open source is really powerful for anything having to do with developers.

And then, on the infrastructure level, open source has become the most profound way that large vendors collaborate. If you look what’s happening in the Kubernetes community, where you have every major public cloud contributing to Kubernetes, IBM acquiring Heptio to make major contributions to Kubernetes, in infrastructure, open source has the way that these, what you might have had standard bodies before, there’s sort of like a running code way that large vendors are collaborating. Both, in the end-user developer space as well as in the infrastructure space, open source had a huge impact.

But if you think those worlds are slightly different, the dynamics of start.spring.io, which is very end-developer focused versus the way that every public cloud is normalizing how they run Kubernetes are slightly different, they’re all open source but they have slightly different behaviors and attributes. And it’s kind of fascinating to see database companies like MongoDB a little bit different than the way that the Kubernetes community is operating.

Do Enterprises Care About Open Source?

Michael Schwartz: Do you think that customers actually care about open source? I mean, large enterprise customers?

James Watters: I think large enterprise customers absolutely have seen the tremendous benefits in just frankly the innovation velocity of open-source products. And I think the biggest change is that in the early days, open source was a cheaper version available for free of the enterprise products. That’s what I think it was especially hard to monetize.

If you’re just going to be the cheaper thing and the low-cost provider, and not the premium product, a lot of enterprises might look at that and say, “Hey, we’re an enterprise, we can afford to buy whatever we need. We just really want innovation leverage, like we want the best product.

But I think there’s a new whole category of products, or there’s only an open-source player that is creating it. Like PCF was the kind of first micro-services platform in the world for enterprises. And it was built a 100% open source. It was both the market leader in terms of features and the open play.

I think the open-source market is changed, where there is room to be both innovative, or the expectation is that they’re both innovative, higher-end, feature-rich as well as enterprise-ready – all of that is expected from open source today. I think that’s where the innovation is happening.

If you look – here’s an example – Amazon has a service Kinesis, which is how they were doing messaging, and it did a pipelines. And now they’ve switched that to a managed Kafka service. They had to do that because the innovation was really happening in the Kafka community in open source. Even on Amazon scale, they couldn’t keep up with it.

I really find that to be the best part of the market right now is that you can’t out-innovate the open-source players.

Cyclicality Of Centralization

Michael Schwartz: It seems like there’s sort of a cyclicality between centralization and decentralization. For example, a couple years ago, everyone was at full tilt towards “Go to the cloud.”, and now, it’s almost like with Kubernetes and other technologies – is there any shift away towards maybe bringing more of this type of functionality in-house, and does that help a company like Pivotal?

James Watters: When I talked to CIOs about this, I tried to help them deconstruct the current cloud market, and what I told them is, “Public cloud is not one thing. It’s really three different zones of features that you need to think about. The first is the commodity layer, which is, “Hey, I’m just buying virtual machines, networking disc, the basics, and that’s kind of where public cloud started.

There, you can use a platform like Kubernetes, and run those system resources in similar ways, if not identical ways, across public-private, hybrid multi-cloud. So, I think Kubernetes has done a tremendous job of making those system resources normalized across all the clouds.

Then, I think there is this emerging space within the Cloud Native community around the open-source developer focused projects that run on Kubernetes, like Kafka, like Spring Boot, really like Pivotal’s platform. That’s where the developer innovations come. That’s like the open developer innovation community, that’s number two.

And the number three is, they selectively are these managed services like Google Spanner, Google Machine Learning, or you might be ahead of the market, where there might not be an open play there yet, where Spanner requires dedicated fiber networks between data centers to make the database magic work. So, there are areas we are the managed cloud or head.

Our perspective is that innovation in the core, where you are really arming your developers, continues to happen in open source. Commoditization can be achieved through technologies like Kubernetes running in a normalized way across clouds.

And then, technologies, like the Open Service Broker, relay to buy these managed things. Long story short, I think what’s happening is, the CIO’s are getting smarter about deconstructing cloud from this monolithic idea of “I go all in one cloud.” to like, “How do I selectively use what’s best about each cloud?” I think open source is playing a huge part of that.

Should Open Source Be Less Expensive?

Michael Schwartz: You touched on this a little bit before, about how open-source software maybe should be cheaper. I think that there is a sort of perception for some reason that even though you get more rights with the license that the software should be less money – do you think that that is changing, or is that something that is an industry we need to work on with customers?

James Watters: I’m a maybe a contrarian here, my dream was always a very open product that generated a lot of value that enterprises were excited to invest in the platform partnership in. And, essentially, I don’t think that open source should have to have cut rates levels of investment into research and development vs. closed source.

My contrarian nature there says, “If you really have the right relationships with these customers, they’re going to be just as happy giving an open-source provider money as they are giving Oracle money.” I mean, if anything, I think that open-source partnerships are valued in a more profound way in the modern enterprise that might be even happier to give you more money than Oracle.

I do think that that something is happening. That also comes back to how these open-source companies engage with these large enterprises, are they focused on them, do they understand their vertical needs, do they put security first, are they able to measure the outcomes that are achieved with their platforms?

Closing Advice For Entrepreneurs

Michael Schwartz: Last question. Do you have any advice for entrepreneurs who are starting new ventures based on open-source software?

James Watters: I think my advice would be, if you really develop a community around your open source, you’re one of the luckiest people in the world. That’s a tremendous gift. Save and invest in that community, but also spend some time understanding how that technology fits into the value chain, in the largest thousand companies in the world, and investments they are making in technology.

Try to balance the needs of the developer who’s approaching it from a ‘git clone, let’s get started’ perspective, as well as the more complex matrix or matrices of a large enterprise organization, and what they need across security, operating, certainty SLAs, etc. If you can get those two forces right, then I think you’ve got a remarkable opportunity. But I do think that monetization, and ultimately funding a great R&D team behind your open source project, takes a balance side towards both.

Closing

Michael Schwartz: James, thank you so much for taking your time today in this really pivotal moment in Pivotal’s trajectory.

James Watters: One last pivotal word joke.

Michael Schwartz: Thanks, James.

James Watters:  Thank you, Mike.

Michael Schwartz: Thanks to the Pivotal team for making this happen.

Transcription and episode audio can be found on opensourceunderdogs.com.

Music from Broke For Free and Chris Zabriskie.

Audio editing by Ines Cetenji. Production assistance by Natalie Lowe. Operational support from William Lowe. Transcription by Marina Andjelkovic.

The Twitter handle is @fosspodcast.

Next week, we have Geoff Schmidt, Co-Founder and CEO of Apollo GraphQL.

Until then, thanks for listening.

Episode 39: Rancher — A support-based business model that scales, with co-founder Shannon Williams

Shannon Williams, Co-Founder and VP Sales of Rancher lays out how a great team with deep domain knowledge can actively identify a product market fit in a crowded space, and emerge a winner. It’s an inspiring story of a plan perfectly executed. This is a MUST LISTEN episode of Underdogs!

Intro


Michael Schwartz: Hello, and welcome to the Open Source Underdogs podcast. I’m your host Mike Schwartz, and this is episode 39, with Shannon Williams, Co-Founder and VP Sales of Rancher.

Let’s go for a minute into the land of hypothetical. If I can ask all 38 previous podcast guests a question, “Is monetizing support a good idea?”, I think there would have been virtual consensus that support doesn’t scale. Except, Rancher is perfectly executing a business plan to do just that.

I hope you’ll enjoy this episode. Tweet your comments at @fosspodcast, and we will asynchronously discuss in the Twitter sphere, but for now, here we go with the interview. Shannon, thank you so much for joining us today.

Shannon Williams: Thanks for having me, Mike. It’s exciting to be here. Looking forward to our conversation.

Origins

Michael Schwartz:  Can you just fill us in a little bit about how Rancher got started and what was the mission?

Shannon Williams: We’ve been going now since 2014. In a lot of ways, it feels like we started before that, because my co-founder Sheng Liang, Will Chan and I, the three of us started another company called Cloud.com back in 2008. And, for all intents and purposes, we’ve been working together every day for 11 years now. That company was an early developer of open-source infrastructure-as-a-service software.

We built a product called CloudStack with the founding members of the OpenStack foundation. I had a really fun run there for about three years before being acquired by Citrix, and spending another three years at Citrix.

In our work on CloudStack, we learned a lot about, as you can imagine, managing infrastructure at scale, building out private clouds, helping a lot of large companies build public clouds. At the time, everything we were focused on was how do we deliver virtual machines to developers quickly from anywhere.

But over the course of working on a lot of private clouds, we noticed that we had a lot of conversations with people trying to figure out how to blend their on-premise infrastructure with this growing amount of cloud infrastructure.

One of our early customers was GoDaddy actually. They were looking at building a public cloud, and Darren Shepherd, our fourth co-founder of Rancher, was a Chief Architect there. We got to know Darren really well.

We started talking in 2014 about what could be done to bring together the on-premise infrastructure, the cloud infrastructure, into something that overlaid it all, and to really allow people to treat infrastructure like Cattle, like a disposable commodity. And Docker was just getting started, the concept of Containers was emerging, and we thought there was a really cool opportunity to look at leveraging that, to build out management tooling, infrastructure services, and kind of imagine the next generation of infrastructure management, which would hopefully enable people to do computing anywhere, with really consistent deployment experience, management experience, monitoring experience, all these types of things.

And so, Rancher was born. For almost 5 years now, we’ve been working on continuing that journey, how to build open-source products that are available to anyone, and really allow them to run workloads anywhere. So, that’s really where we came from.

Value Prop

Michael Schwartz: This market, it’s really diverse. There’s a lot of tools and tooling in this area. I’m wondering, what’s the exact value proposition for Rancher service?

Shannon Williams: Rancher is open-source software, we have a number of open-source projects but our most famous is called Rancher, and it really sits at the management playing around Kubernetes. Organizations use Rancher because they are deploying and managing more and more Kubernetes clusters.

Rancher provides distros of Kubernetes. We have one called RKE, which is a pretty typical, upstream distro, it’s really good for deployment, automation. Then, we have one that’s optimized for the Edge or other low-resource utilization called K3s.

We provide distros of Kubernetes to people that need to run Kubernetes, but Rancher itself actually sits above those distros, it’s the management client. What’s cool about it it’s really distro agnostic. It actually manages any Kubernetes. And by managing, what that means is an organization implements Rancher so that they can deploy and control, and then grant access to dozens or hundreds of Kubernetes clusters – some running in the clouds, some running as hosted services like GKE, and EKS, some running on premise, maybe on the Edge.

By bringing all those clusters together, what Rancher allows them to do is, dictate policy, control access, monitor availability, manage deployment of applications, manage catalogs, attach additional open-source services, like Prometheus for monitoring, or Fluentd for logging, or Istio for service match, and so, Rancher sits at that next. So, how do I manage Kubernetes everywhere according to my organization’s policies.

By doing that, it enables them to then really deliver their service reliably. For organizations, they think of Rancher as the Kubernetes platform, it’s Kubernetes as a service, it’s how they deploy apps and run anywhere.

Monetization

Michael Schwartz: The Rancher GitHub repository has 14,000 forks, which is really a lot. But there’s only around 60 something developers, which I could see is probably primarily being the people in your organization – can you talk about the relationship between the open-source project and the activity there, and the SaaS service?

Shannon Williams: Just to be clear, we don’t offer a SaaS service. Rancher is open-source software only. We only provide open-source software that people use, but what we sell is support for those open-source projects.

On any given day, there’s about 30,000 teams around the world running Rancher. Those teams, they may be a smaller group that’s deploying it for one application. There’s maybe somebody doing a Dev lab, or test lab, but of those about 1%, about 300 enterprise customers, these are companies that deploy Rancher, and whatever they are running on it, it’s critical to their business.

They contract with us to provide enterprise-grade support for Rancher, RKE, K3s, and really their whole Kubernetes stack up and down. By providing that Enterprise-grade support, what they get from us is the confidence to run really important workloads on the open-source Rancher, but what they like is that we don’t have your classic open-core only model, we don’t sell version that’s different to them. They just pay an annual support subscription, and they use it.

A year later, if they are no longer using it, they are not paying an annual support subscription. They can keep using the software, but they would be using it again without support.

Our model is geared around helping organizations that need support, get the best possible support in the world for Rancher, Kubernetes, Prometheus, and Istio, and all the pieces of technology that we deliver to them.

Why Open Source?

Michael Schwartz:  Has open-sourcing the code really made a meaningful contribution to the company?

Shannon Williams: It’s at the root of our success. By open-sourcing the code, we enabled a startup with relatively no name recognition obviously, to come into, in a lot of ways, it’s a very crowded market.

Think about the companies that are dealing with application management platform as-a-service. When we started, you can imagine Docker, Mesosphere, Red Hat, Pivotal, these companies were already out there. You know, Docker, in their sense with having released the Docker project, orchestration and building different types of management tools, and with enormously more funding than us, much, much, much bigger brand recognition teams.

We had to find a route to market with limited funds, we needed to let our product be our best piece of marketing, and so we took that approach. We believed in this for a long time. In our last company, we had a very similar approach. We made Rancher fully open source and free because we felt that it was the best way to get adoption, to plant seeds in organizations that would need this technology.

By putting it out there, we really bet on two things. We bet that people would like it, and that they would want to use it, but we also bet that this technology was crucial. And that at least a good chunk of people who use it would find value in getting support for it and find value in having SLAs that they can rely on for that application. And we’ve been thrilled. I mean, our company’s now almost 200 people, we’re more than doubling this year. In terms of revenue, it’s really worked out really well.

People really do love Rancher. It’s something that makes me really confident with the model as you have to believe in your engineers, you have to believe that products can be great. We also spend an enormous amount of investment of time working with our open-source community. We have a huge Slack community of thousands of users who come in with suggestions and ideas on how to make the product better. We get thousands of issues, and feature requests, and bugs filed by the community.

I don’t think we have more of a user community then of a contributor community. I love it because they come to us with real problems that need to be solved, and I identify them. Often, their use cases sometimes are pushing the boundaries that we may not see out of a Fortune 500 company that’s using Rancher. So, it all sort of pushes forward with the hopefully creating a great product for everyone.

More On Why Open Source…

Michael Schwartz: So, just to sort of dive a little deeper on that. If you made the software commercial tomorrow, do you think the 300 or so Enterprise customers, who are using the software, do they really care about it being open source? Or is it just a non-sequitur, or they just want the best software? So, if you made it commercial tomorrow, do you think that that would be bad from where you are today?

Shannon Williams: Yeah, I do. When I talk to organizations about our business model, they get really excited because there isn’t one of them which hasn’t been in a position of really limited leverage against their current vendors. Everybody has been staring at just massive renewal orders.

We closed, just this quarter, today is the end of our third quarter, and we closed three deals with organizations that are spending a lot with us, half a million a year in recurring revenue, for example, to support environments. And their frustration in some cases was platforms that they had built, PaaS platforms, where the cost had grown exponentially. And they just had no ability – even though these were all based on open-source, they weren’t themselves open source. I mean almost everything is based on something, open source at this point.

What people really like is, they like an open-source product, because they always have the option to leave it there, let it run, support it themselves, hire some engineers and figure it out. In the end, if you are running a proprietary tool, and you don’t pay, you have to yank it out of production. And that is impossible for most companies.

I think our business model, yes, some people would still buy a Rancher, and be fine with it, but I think a lot of the smartest CIO’s I talked to are really excited to see a company like us, that embraces open source for commercial purposes, provides really good support, and is committed to building open-source products. For us, it’s allowed us to grow faster than any other approach I’ve been able to come up with.

Pivot To K8S

Michael Schwartz: Seems like Rancher made an epic pivot towards Kubernetes at some point, I guess, fairly recently – what did you learn from that process?

Shannon Williams: Well, the hardest part about getting into any market is making bets, and then figuring out where they come down. Rancher started about the same time as Kubernetes. Right around 2014, Kubernetes was starting at the same time we started our company.

At the time, we really thought Docker and their Swarm and stuff were probably more likely to win out. They had so much momentum. But it only took a year to realize that Kubernetes was actually really well-built piece of code.

So, when we first started working with them, we were kind of thinking we would be managing Swarm clusters and Mesos clusters, and then, even before we launched our 1.0, we decided to support Kubernetes, because it was a really good piece of software.

So, we released our 1.0, our first product to the market in 2016, Rancher 1.0, at the time, if I was talking to them, I would have said something like, “You know, it seems like different companies are choosing different orchestration approaches to containers because they need different things from them.”

Some people want to scale really big, like Twitter. So, they’re using Mesos, other people really focused on the developer experience, and they’re choosing Swarm. And it wasn’t really clear yet that one standard was going to emerge, but what we started to see was some stability issues with some of the other orchestrators that we saw as a manager. It was like, “Ah, these things aren’t stable as I would have expected them to be.” What we found is that Kubernetes is really reliable.

So, as we imagined our business, and trying to support these technologies and helping companies implement them, we felt like it was safe to bet on something reliable, and that did require pivot that moved away from messaging, and product development had gone into supporting, we built our own thing, we had Swarm, we had Mesos, we weren’t really sure what orchestration was going to take off. But as we got more comfortable with Kubernetes, and luckily, we started working on it early, it made it really easy for us to honestly commit to something we liked.

By that point, by 2017, we were all in on Kubernetes building on that. And since then, we already had a lot of people using it in our 1.0 product, we also had a really nice base installed, we didn’t just lose.

So, a lot of times, you have a pivot, and it means almost starting from scratch. But actually, we didn’t really lose hardly anyone because it was very much in line with the direction that most of our customers wanted to go as well. Even if they maybe chose a different orchestrator, they also saw the market going this way, so they were really, really appreciative that we gave them a path to get to Kubernetes off of maybe something else they had chosen when the market was still a lot less clear.

We found that that wasn’t nearly as big a problem. Now, what is hard in pivoting, especially, one of the things we built was our own orchestrator called Cattle, and one of the hardest things was actually convincing our own engineers that the Kubernetes was actually superior to what we had developed ourselves.

That’s a hard thing to do because no matter what, if you built something, you’d always love it. And at the same time, in an early market like we were in, lots of people loved the thing we built, a lot of people telling us, “Hey, we really like this Cattle. It’s really good and you should just keep improving that.”

But as an entrepreneur trying to build a business, you have to be really, really honest with yourself, and you have to really look at all the signals, not just the ones that maybe are giving you the positives you want to see.

All the signals told Sheng, and I, and Will, and Darren, that we needed to really focus our business on solving the problem that we thought most organizations were going to have. And that was, how to take Kubernetes to scale, how to bring together a really complex ecosystem around it, how to build a platform that would work.

That meant really having long conversations with our engineers, convincing them if they weren’t excited about this, that maybe there are other things they could work on in our team and finding the team focused on doing this.

It worked out great, but it was not trivial. We have a small team, I can only imagine when you see big companies today trying to pivot to Kubernetes, you’ve got years and years of customers install base, and how difficult that might be for them.

Pricing

Michael Schwartz: Great. It takes a lot of leadership. Most sizable organizations are using Containers today, so if you can sell to anyone, it becomes sort of challenging, so who do you sell to? I’m wondering, do you segment the market at all?

Shannon Williams: One of the nice things about open source is, it has allowed us to, give an idea most, I would say the 300 Enterprise customers, like every quarter now we’re closing about 50 new customers. Every quarter we are closing, we look at what the source of those are. I would say 30 of the 50 came from open-source Rancher users.

They started with open source, they used it at a business-unit level, or line-of-business level, and it became important to them, and they needed support. Those deals, they are not very competitive, they’ve already kind of looked at Rancher, they have a relatively short sale cycle, they’ve done the proof-of-concept – we don’t have to go in and prove that Rancher is the right solution for them.

What we found is that we don’t really need to segment that. The product pricing was probably the most important thing to segment. We did find that with such a huge install base, one of the mistakes we couldn’t do is, we couldn’t support everyone for free, for a small amount of money. We needed to kind of keep a relatively medium-sized bar, to ensure that people who needed support had to make an investment to get it.

For example, we could have gone with a lot of SaaS models, $10 a month or something like that, but the reality is, infrastructure and Containers, Kubernetes – these are all really complex. The support is quite real. We provide a lot of advice, a lot of architectural help with these organizations doing it. So, there was a real risk that we would price the product so low, and that we would then be trying to do this for lots of companies with very different levels of technical skills.

I’d say, the closest thing we came to segmenting the market was providing a lot of free open-source support for people who are trying to figure it out themselves, but then, charging a reasonably significant fee to come in and get support. Our customers had to invest tens of thousands of dollars on an annual basis to get support with us.

By doing that, it allowed us to work with companies that really valued this. We’re investing their time and the money into making it successful. That was really the best qualifier. It allowed us to focus on teams that really could help us grow the business at the same time.

We’ve seen some industries become really big with Rancher, but it’s more just a sign of who uses Containers. It’s companies, and certainly the internet, and the technology industry, but there’s a lot of financial services, companies, fintech companies, biotech companies, universities, research organizations, we’re seeing adoption in government and military use cases. It’s really broad now.

Retail, Edge’s driving, all sorts of interesting use cases, oil and gas, all sorts of interesting use cases in manufacturing, automotive – just lots of cool things that people start to imagine, a model where Kubernetes becomes this grand unifying theory for computer, where it runs everywhere. It runs in their single node, base station, it runs out in the windmill farms, it runs in Chick-fil-A shops, it runs in factories, it runs on cruise ships, it runs in data centers, it runs in the cloud. It’s a really exciting time to be working on tech, I would definitely say that.

Pricing To Value Ratio

Michael Schwartz: Normally, it’s really hard to get pricing right. Did you have to pivot your pricing model a couple of times? Or how was your experience like, figuring out what are the right price points?

Shannon Williams: Oh, man, that is a good one. We learned a lot from our last company. I made every mistake you can make last time. This time, we definitely had to pivot a little bit to be quite sure what the right element was to scale on with the number of clusters, or containers, or nodes, or CPUs, or things like that, but we decided pretty early on that the size of the implementation was probably a good way to judge how the cost should change from a small deployment to a large deployment, the number of hosts and servers, things like that.

Actually, I would say we learned a lot, we’re fortunate, that were a lot of indicators from the market, as people talked to us I would say. Your first 10 – 20 customers give you a lot of feedback on pricing, whether you want it or not.

Usually, I think most people price to low, just by nature. We all want to just make it both amazing and cheap prices. Like, who wouldn’t love this thing? It’s the best and it’s the cheapest. But you have to be realistic about what it takes to fund a business, what it’s going to take to build a profit, and what you can do with those engineers you can hire, and then you have to convince people of the value. It can be tough.

I remember I walked away from a lot of deals in open source. I just said, “I’m sorry. I totally appreciate that you’re telling me you could use the software for free, so you couldn’t possibly pay me more than $10,000 or $20,000. But if I did that, I wouldn’t be able to build a business, I wouldn’t be able to write open-source software, and I wouldn’t be able to give you the level of support you demand from your other enterprise software vendors. So, I’m sorry, we can’t do business with you.”

And sometimes they come back, sometimes they don’t, but being willing to walk away from deals – for our business model, it is absolutely critical to have to be able to do it. Otherwise, again, the car I’m selling you is available for free. You can take the same car with the exact same features, you’re not paying for a special version, it doesn’t have a better horn or better tires –it’s the exact same car. What I’m offering you is the confidence of working with me on it, and the world’s best support for that technology. If you don’t value those things, then, we can’t come to any business relationship between us.

Technology Partners

Michael Schwartz:  Have you used partners to help you deliver to customers, especially globally? Or are there any other business partners that have been important for you to build a business?

Shannon Williams: Yes, yes, yes, yes. Over and over again – yes. The critical partners for us have been really two big buckets. We have found that the other companies who are building critical technology for teams adopting containers. It’s a company that’s called Portworx that builds a really nice storage, and a company Aqua that builds great security, Sysdig who creates monitoring, Gitlab who does really cool tools for CI and Git deployment – all really commonly chosen by our customers.

But partnering with those companies, companies that fit into the same solution stack, we have been able to do two things: we’ve been able to build a much more credible solution for our Enterprise customers. And we’ve been able to align messaging and go-to-market together, and take maybe a couple of other organizations who are our size, venture-funded startups, and take our stories, and show them to larger organizations together.

And we would’ve done this through, we’d run online meetups, where our partners come and present to our users about their technology, and how they work with Rancher, and how they work with Kubernetes. That gives us a lot more credibility, and helps those company succeed, which helps the market grow because the market is vibrant. So, we invest a lot in partnering. We’ve also partnered really closely with the cloud providers.

We work really closely with Amazon, Google, and Microsoft in the U.S., and large providers around the world, to ensure that their implementation of Kubernetes works really well with Rancher. And that’s been fundamentally critical, especially because what we see is we see a market where, if you are in the cloud, you are probably going to use the cloud providers Kubernetes.

So, we want to make sure that we’re not trying to convince you to use Rancher’s Kubernetes on Google, take Google’s Kubernetes engine, which is great. Let us provide you with the common frameworks, whether using Google’s in Google, and Amazon’s in Amazon, on premise and Edge, or different types, everything is consistent, everything is managed the same way, everything is deployed, monitored, upgraded consistently. And you have a platform that really is this UberCloud we set out to build in the beginning anyways.

Integration Partners

Michael Schwartz: If a customer says that services aren’t enough, they want on-site engineers, they want sort of higher-level design consulting – do you do that as expert services, or do you work with delivery partners to do that?

Shannon Williams: We tend to work with delivery partners. We work really closely with both big and small delivery partners who had built expertise. In Rancher, we have a platinum partner program, which is made up of some amazing companies that have implemented Rancher for others multiple times, and really have deeper understanding often not just of our ecosystem.

So, companies like RoundTower, CloudOps, Readapt, Accenture. We work with quite a lot of the large multinational services companies. We work with different regions around the world. These companies, BoxBoat and other really good ones, these guys, they’re really staffed to provide ongoing services for organizations in a way that we’re not.

Like, we are great at coming in and giving you a ton of information about Rancher and helping your architect your Rancher deployment, but a lot of times, technology is only a chunk of the solution. The solution needs to include some transformation of how you do things, how you do DevOps, how to train all your developers around microservices, how they start thinking of some of these new service matches, and how they might get into solving business problems for your company.

We can point you in the right direction and help you with those things, but we’re very laser-focused on the Kubernetes platform. And these companies are much better than we are at providing the transformational experience around there. So, yeah, we very much partner, especially in those longer-term things.

What we have found as really critical is the actual investment of our own on customer success. I would say, one of the things that’s got a lot better as we’ve grown is, we’ve invested more and more in — I think it was like the first 90 days when an organization becomes a Rancher customer.

I think this is really important for open-source companies because if you are a SaaS provider and somebody’s using your product, you have a pretty good idea what they’re doing with it. But as an open-source software companies, especially ones that support that open-source software, organizations can have very different processes, they may have more or less mature implementations, they may or may not have built-in an HA deployment. And they’re coming to you to provide support. You really need to make sure they understand best practices, that you reviewed their deployments, you helped them understand how we recommend doing things.

We invest a lot more now in customer success than we did in the early days. When a customer comes on board, we really spend a lot of time going through their architecture, helping them make improvements that they will achieve their goals, whether it’s stability, multi-cloud implementations, or they might try to do something, there’s a lot of scale. And then, there might be something we’ve learned already that can help them. I would say customer success has been a big learning for us.

Net Retention

Michael Schwartz: Has that investment in customer success also translated into increased revenues per customer year-over-year, so they’re buying more, or other products, or other divisions?

Shannon Williams: Well, it’s still new enough that I wouldn’t say if I know how correlated those two things are, but we certainly believe they are. We are investing in it because our bet is helping a customer be successful, with even a departmental implementation or a single app deployment is going to pay dividends for both retention of that customer and that workload.

So, a year later, when they decide they want to renew that support they bought last year, they have a really good feeling that, “Yeah, that was a great investment. Partnering with these guys has been useful.”

But certainly that also works internally. As they use it, they seem to spread the word. I mean, we have seen over and over and over again the power of the success of a Rancher deployment spreading within a company.

Users love Rancher. It’s a user-oriented product. What’s so cool about a product that has 30,000 open-source users is, it says something about how usable it is. It’s like terraform, you use it, it’s pretty straightforward, you like it and you go, “Cool. This is easy. I can get this.” You tell your friend, “You should use terraform. It would help you do something.” It’s kind of same with Rancher.

If all those users are using it, they are clearly getting some value from it. When somebody in your company says, “Hey, use this.”, and you’ll probably benefit from it. And there’s no barrier. I don’t have to start by going and getting a license to try it. I can just use it. It tends to spread the same way. It’s just the word of mouth and the power of it kind of spreads.

So, we found that making them successful and making sure those early champions are well-armed to explain why they chose Rancher, and they got a really good implementation, they don’t get bitten by a bad config, or maybe not knowing the best practices, it helps us in the long run for sure.

Cloud Strip-Mining

Michael Schwartz: I’m sure you’ve been hearing about open-source strip-mining from large cloud vendors, but what I’m wondering is, do you think it would be good or bad if some mega cloud company offered a Rancher-based service?

Shannon Williams: I think it would be great personally. From our perspective, the value of these mega cloud providers is always tied into a big ecosystem that they’re trying to build around. What we find is that organizations want to live in those ecosystems, and leverage those ecosystems, but they know they’re not going to live in just one of them. So, they want lots of them. And the more that those ecosystems interact or work together, or do things that help them work together, the better off they are.

In so many ways, I think the strip-mining analogy is that it’s a rough analogy because, well, it’s true that some of these providers don’t put a lot back, and there’s definitely been some ugly competition between open source and commercial. For the most part, I think their relationship has actually been pretty beneficial, mutually beneficial between the cloud providers and the open-source software developers.

It’s often where it’s really struggling, where you‘ve seen it’s struggling is when organizations haven’t had a great business plan our route to market, or they haven’t been able to commercialize their own products. And then, all of a sudden, it gets embedded into something larger. And then, the only monetization of it happens in the cloud.

I think that’s where we see most of the problems. I think that’s going to continue. I think that that was happening before as well. You know, ideas are developed, but are never really taken to market fully or are not pushed into the market aggressively. Organizations build upon those something new, or something tangential, or something that accelerates them. And that is what ends up being the big success.

To me, that’s business. That’s something that’s going to happen in any space, whether it is open source or not. And, yes, in our world, people can take and build on it very easily, but that’s what you know you’re getting into when you’re starting an open-source software business. And if you don’t, you really should research a little bit more.

This is a knife that cuts in many ways, from a business perspective. And I certainly would look at the world, and I certainly wouldn’t call foul if that happened to an open-source project. I’ll give you a feel, in China, Rancher is incredibly popular.

From early days, my co-founder Chan grew up in China, and so, you have someone who can speak Chinese and talks about it in China – Rancher became really famous. We’ve had multiple times where startups have kind of emerged competing with us in the market, selling Rancher and providing support around it.

Our experience has been that that, as long as we continue to push forward the innovation and organizations really value what we do, they’re going to want to work with us. They are going to benefit from working with us.

As long as we keep pushing it forward and building the product better, that will continue to be the case. But you have to know what you’re getting into. I don’t feel like there should be a huge shock if you build an open-source product, and someone forks it, and does something cool with it, that’s kind of the idea.

When To Use Open Source

Michael Schwartz: Moving to slightly higher level, do you have any thoughts about when entrepreneurs should use the open-source development methodology to develop a commercial product?

Shannon Williams: For me, I think it’s about the product you’re trying to build, and what you think your route to market needs to be. If you’re entering a market that you think is pretty competitive, and has a lot of different products, and you know you’re going up against much more well-funded organizations than you, then, I think open source is a really, really important one to consider and to look at. Because it allows you to get adoption in what would otherwise be a really hard market.

If your only feedback is going to come from a handful of companies you can convince to POC you or pay for it early on, you are going to have a hard time building momentum. And you’re going to have a hard time having good conversations with users who either like or don’t like what you’re building.

To me, I don’t know, I’ve been building nothing but open source for 11 years, so it kind of feels to me like everyone should just build open source. I don’t find that it’s ever slowed down our monetization. It’s always been a benefit. But I certainly would say that if you’re building something that you think is transformational, that actually has a broad audience that will adopt it, open source should very much be what you’re considering.

If you’re building something that’s probably a service, and it’s going to be hosted, I think open source can be enabling capability, but I wouldn’t worry too much about the open-source side, I would just focus on building the SaaS platform product tool that you are building a cloud service.

Because I think in those cases, open source is less important than it is an on-premise software or fundamental software. You’ve seen with Docker, open-sourcing, and having an open source success is not by any means enough to guarantee a commercial business success, but it puts you in a position where you have a great chance to engage with users, listen to what they think is necessary. Next steps, what they’re excited about your platform for, your product for, and what they’re willing to pay for, and build on that.

Advice For Entrepreneurs

Michael Schwartz: Last question, any advice for new entrepreneurs starting a business around an open-source platform?

Shannon Williams: Of the four of us who started Rancher and started Cloud.com and everything, I’m the non-engineer. My role in the early time of building a company, I was considering my role then to be how to connect with users, like how to connect to people even before you have a product.

When we were in our first 6 months, our first year, I spent all day, every day, thinking about who are potential users could be, based on the direction we think we were heading, and reaching out to people, introducing myself and introducing the idea we’re building, and getting feedback.

You always have to be thinking about the next milestone of users, “My gosh, how do we possibly get to 10 companies using our product?”

And the only way I can ever found that works to get to 10 is to find them by hand. To think, “You know, I think this makes sense for somebody in that space.” I really believe that if you as a founder can’t explain your value proposition enough to get someone to sit down on the phone and talk to you about it, and maybe watch a demo.

Especially when you can tell them, “Hi, I’m Shannon. I’m one of the founders of this new startup called Rancher. We’re trying to solve this problem, and I thought it might apply to you guys. I really love your feedback. We are not trying to sell you anything, we just want your feedback on what we’re doing.”

If someone doesn’t want to talk to you with that pitch, you might be barking up the wrong tree with your idea. That initial response, if you can’t just explain what you’re trying to build to someone right away, and if you can’t get a meeting, it’s probably worth reflecting on what you’re doing, and maybe tweaking, and then trying some different approaches, trying some different messages.

Because if you can’t get a meeting, it’s going to be really hard to get a sell. It’s going to be really hard to get a user, it’s going to be really hard to convert them into a paying customer.

But if you explain to someone, most people love to talk to entrepreneurs starting companies, especially if they can really clearly communicate what it is they’re trying to solve. And that validation early on goes enormously towards then calling that person back in three months, and saying, “Hey, we got a first beta ready, would you like to take a look at it?” And getting those first 10 is hand-to-hand combat.

Really the first hundred is hand-to-hand connecting to people, showing them the product, showing them the value, and getting to use it. Every once in a while, you have these runaway crazy successes, where everyone’s like, “Oh, my gosh, I can’t believe – how did we live before this existed?” But most of the time, it doesn’t work like that. Most of the time, you have to connect, talk, demo, listen to the feedback, and go back and consider how far on or off your strategy you are.

Closing

Michael Schwartz: I said it was my last question, but now you just raised another question, and I can’t resist. Previously you mentioned that a lot of the leads for customers were from inbound, from customers who use the software, liked it, and then called you to purchase a support subscription. But 50 deals a quarter – that’s a lot of business. That’s really pretty stellar. And I’m wondering, what’s the right mix of inbound and outbound marketing sales to push for, or how do you balance that?

Shannon Williams: First step for all of this is find a real market. When you find a real market, things get a lot easier. Because you have to have something going on that’s causing people to look for a solution, they have to have a problem.

So, to your question, if I had my druthers, I’d have a 100% coming inbound, so everything coming inbound means that the market is actively looking for solutions. My brand is well enough known, we are the company they should at least talk to about this to get a demo. Ideally, it’s open-source, just download it, and install it, and try it, and see what you think.

I, from day one, believed in inbound as our goal. So, that meant, instead of spending a lot of our early dollars on advertising, for example, I spent almost everything we did, online communication to users. And that meant, oh, my goodness, we wrote dozens and dozens of pieces of content explaining how to use Containers, and Kubernetes, and Docker, to help people find us.

They may not be looking for Rancher, but they were looking to solve a problem. And so, we really tried to build a list of the lots of the problems they were trying to solve.

We hosted an online meet-up every month that grew to have thousands and thousands of people register every month. It was crazy. We just run them today – I just did one last week.

And what we said was, “Hey, come, it’ll be our smartest technical people. We will stay as long as you need. We’ll demo whatever it is we say we’re going to do. I won’t just show you a bunch of slides, we’re actually getting this code, we will teach you how to do it. And we will stay until every Kubernetes questions are answered.”

So, these things would run two hours, three hours, but they allowed people to cross hurdles, to learn how to build the CI/CD Stack on Kubernetes, or how to do monitoring on it, or how to deal with logging, or how to use containers and the cloud – whatever it was we were trying to solve that month, we really focused on it. It was really that. It was education, community, content that, coupled with early references that we built by hand, in that hand-to-hand phase, got the word out.

By continuing to invest in that, we were able to kind of sow so many seeds of open-source users that as they matured, and liked what they usd, they contacted us. The right mix for me is a 100% inbound from the open-source community. But what we did find was, as we grew, we started to run into bigger organizations. They have entrenched vendors.

All of a sudden, we might have won a line of business users, and then they just said, “Hey, we love this Rancher. We are going to use it for application A, B, and C.” But 80% of the company was using something else that they’ve maybe built themselves, or maybe they bought something, some other product a couple years ago to do PaaS, or something.

And so, because those organizations started to look and say, “Why aren’t you using this? Why are you using Rancher?”, we had to support them and show other people in the organization, “Well, actually, this isn’t the same. It’s different, and here’s why it’s different.” What we did find was there was longer Enterprise sales cycles, so we needed good high-quality sales people to work with bigger companies.

But the positive was, we found that those companies actually really appreciated that it was open source. And the fact that you already had one over, a group of people who really loved it internally, meant that you kind of solved, in a lot of cases, the biggest problems these IT teams were facing, which was, they were building stuff and no one was using it anyway because they were just going to the cloud, they were building something themselves.

So, when we could tie together, the IT organization, which is like doing everything they can to support forward-looking development while still being secure and still being cost-conscious. And teams that have usage and feel like they’ve got found something cool, it was just like made it for a much easier sales motion than your traditional either selling top-down or kind of getting some executive buy-in, and then hoping people use your product once it was brought in.

I don’t know, does that answer to your question, Mike? I kind of feel like I ramp up there.

Michael Schwartz: Yeah, that’s lots of great info. Shannon, thank you so much for joining us today, and being so honest with your answers.

Shannon Williams: Mike, it was my pleasure. Thanks for doing this. I love your idea of open source entrepreneurs just sharing and talking about what we do. I think it’s a phenomenal business model. It is a real transformation of the relationship between the developer of a really powerful software and the consumer of that software. So, it’s something I have enormous passion for.
Michael Schwartz: Best of luck with Rancher, and congratulations on all the success.

Shannon Williams: Thank you so much, Mike. You too. Have a great one.

Michael Schwartz: Thanks to the Rancher team for making this happen. Transcription and episode audio can be found on opensourceunderdogs.com. Music from Broke For Free and Chris Zabriskie. Audio editing by Ines Cetenji. Production assistance by Natalie Lowe. Operational support from William Lowe. Transcription by Marina Andjelkovic.

The Twitter handle is @fosspodcast. Rate us on iTunes if you like this episode.

Next week, we have James Waters, SVP of Product at Pivotal. Until then, thanks for listening.

Episode 38: npm Inc.– From Software Registry to Software Business, with Isaac Schlueter, Chief Open Technology Officer

Isaac Schlueter emerged as one of the most important leaders from the Javascript community. As Chief Open Technology Officer of npm Inc, the company behind the essential software registry, he has a bird’s eye view of what makes Javascript such a unique ecosystem. And his mission was also unique: to transform a free public utility into a viable enterprise software business. This episode was recorded in person at the Open Core Summit.

Transcript

Intro



Michael Schwartz: Welcome back to Open Source Underdogs. I’m your host, Mike Schwartz, and this is episode 38, the last in-person interview recorded at the Open Core Summit. Our guest is Isaac Schlueter, CEO of npm Inc.

Many programming languages have a central software registry, but the JavaScript npm Registry is unique. It’s the biggest and the busiest by far. For example, it has around four times the number of modules as a number two registry, which is Maven for Java.

If you want to learn more about npm, Isaac was a guest on Founders Talk Episode 61. And for an interesting perspective on the npm ecosystem, you might want to listen to Changelog Episode 355 – it’s an interview with C.J. Silverio, as a former CTO of npm Inc. She provides an interesting perspective on the economics and the technical challenges of running the world’s largest package registry.

I hope you enjoy this episode. And if you like it or you’d like to start a discussion, tweet at us. Our Twitter handle is @fosspodcast.

So, without further delay, onward with the interview. Isaac, thank you so much for joining us today.

Isaac Schlueter: Hey, happy to be here.

What Is Npm?

Michael Schwartz: Some business people listening to this podcast might not know what npm is or what it does – can you give a really quick explanation?

Isaac Schlueter: Sure, this is my very fast 50-cent tour. Basically, npm is a way for JavaScript developers to share modules of JavaScript code. So, if you have some reusable function, something that you’re using in a bunch of different places, they can publish that up to the npm Registry. Other developers in other projects can use npm to install that dependency and also keep up-to-date when there are updates to it.

If you’re depending on a platform, or a module, or a library, or something, you can automatically pull in all of those updates and keep your app up-to-date.

Why Inc. Not Foundation?

Michael Schwartz: Most other package ecosystems are supported by a foundation, for example Ruby, or maybe Python – why didn’t that work for JavaScript and npm?

Isaac Schlueter: There is a couple of reasons for this. The first one is, if we go back to the kind of the history of npm, when I decided to start a company around it, it was my side project for about four years.

And it grew in popularity. It was running on donated infrastructure from this company, Iris Couch. We just grew to a point where the scale was too massive for them to be able to afford to keep doing that.

I looked at my options, and starting the foundation was definitely on the list of things that I could do. Another option was, find a home for it in some big company, try to get hired by Google or Microsoft, or somebody.

The reason why I decided to start an independent company was simply owing to the scale and the rate of growth that we were seeing. So, the typical way that a foundation operates, you raise a bunch of money from a bunch of companies who have some vested interest in whatever the thing is, whether that’s an open-source project or some other thing. And then, you spend that money on keeping the thing going, so that might be, having developers work on the project, your managing governance, or marketing, whatever.

Within npm, we had this exponential growth curve that we are still at the very beginning of, in terms of the number of users on the npm platform. We’d grown to about a million users. Our rate of downloads and package growth was just astronomical.

The JavaScript language is used in pretty much every application out there. There are Ruby developers, there are .Net developers, there are Python developers, but the front-ends are all running in JavaScript, and everybody was increasingly putting more and more stuff into npm and using it very widely.

So, we kind of did some back-of-the-envelope math and realized like, “Okay, well, we could go, raise a couple million bucks to start a foundation and be able to put some resources behind this thing. But what are we going to do next year? We’re going to need 10X as much. And then, the year after that, and the year after that.

The task of just kind of continually being in fundraising mode was pretty daunting. Especially because it’d be hard to justify that the benefits to each of those member companies would also keep increasing enough to justify them, increasing their investment.

On the other hand, if you have an exponential growth curve of almost anything, even rising costs, you can take that to an investor and say, “Here’s the thing: it’s a thing that’s growing, it is a thing that’s exciting.” You can tell a story about how you’re going to go about monetizing that in the future, and that’s something that is sort of a good fit for a venture-back startup.

Npm Products

Michael Schwartz: Most people use npm for free – what do you actually sell?

Isaac Schlueter: We sell two main things right now. The first is npm Orgs product, which is a multi-tenant SaaS thing that you can use to store your private code within your organization. That’s used primarily by smaller companies or front-end development teams within larger companies.

The price point there is $7 per user per month. It grows depending on the size of the Org, you can have multiple packages all underneath that same Org.

The other thing that we sell is our product called npm Enterprise, which is a single-tenant instance of the npm Registry and website. It has some additional features, like single sign-on, or security policy enforcement, that kind of thing, which is more of a need at bigger companies.

Market Segments

Michael Schwartz: What kinds of companies use the Enterprise products – do you segment the market at all?

Isaac Schlueter: The sweet spot for us is about development team of 50 or more. We do some market segmentation to go after different sectors. There are some sectors that we focus on, but obviously, we will sell it to anybody who wants it. There’s a fair amount of inbound that comes in as well.

We’re seeing the most traction in sectors that have really high compliance, policy and security compliance needs, so financial industry is a really big one. And there’s also a ton of customers with money to spend on their development practices, and they get a lot of benefits by having their developers able to build things in a more frictionless way.

The other sort of category of markets that we go after, where we’ve seen some good results, are companies where there is sort of an internal agency model, where you have a web development team that has multiple different website properties.

There might be hopping between different websites that are all kind of under one big corporate brand. And in that case, there’s a lot of benefits to being able to reuse those modules.

Also, frequently, in both types of companies, once a company gets to a certain size, there’s often like a tools team or kind of a platform team that’s in charge of all of the reusable JavaScript code that’s used across all of the different properties. And in those cases, they also benefit a lot by having something like npm in-house.

Marketing / Sales

Michael Schwartz: In terms of marketing, you were sort of starting from a nice position because everyone knows npm – how do you organize sort of the marketing effort so that people know what the commercial offering is? And how do you organize the sales – do you just wait for inbound or you do any outbound marketing?

Isaac Schlueter: We do a fair bit of outbound marketing, and it’s a little bit of a double-edged sword. Everybody knows npm, but not everybody knows npm Inc. or npm Enterprise.

One of the challenges that we ran into, which I think is common among a lot of companies that are operating in open-source communities, is that people have heard of the thing but they haven’t really heard of the product.

One of the things we heard is, “Oh, npm? That’s a company??” I just thought packages came out of the ether. I didn’t realize it was downloading from somewhere.”

So, when it comes to our marketing efforts, a fair amount of the work there is in continually beating the drum of like, “Yeah, we have things for you.” “If you need policy compliance, if you need security, if you need proprietary code, and you want to manage it, using the things that your developers already know and love, then we have a solution for you.”

When we go through the sales process, typically we have an internal champion, which is usually engineering architect, or engineering manager, or something like that, who sort of intuitively understands the benefits of npm.

Then, the sale process tends to be one of making the case to folks who are not already deep in this ecosystem. That tends to be people in kind of like internal development tools, purchasing team, the CIO’s office – it can take a couple of different shapes, but, you know, the folks within a large Enterprise who managed to spend on development tooling.

Free V. Commercial

Michael Schwartz: Diverting a little bit from marketing, one of my guests said to me that it’s almost better to start a company around a product that you don’t write, an open-source product that you don’t write, because all those engineers who are working on the open-source thing, they’re not billable, or they’re not contributing to their commercial product – do you feel that friction at all, where maybe part of the team is really committed to the community mission but maybe other parts of the organization are more interested in the product than actually generate revenue? How do you reconcile that?

Isaac Schlueter: It can be a tough needle to thread. I mean, not to dispute the past guest who said that, there’s some sense in what they’re saying, but obviously, I do disagree because of what I’ve done.

I think that the challenge, or at least the puzzle, is to figure out how do we continue to make good on our community mission in such a way that it serves our product interest, and how do we design our product interest in such a way that they’re served by the success of the open-source community.


We have certainly made some missteps in the past. One of the biggest things that makes good intuitive sense. You have an engineering team, you have a web team, you have a backing team. Of course, you’re going to have an open- source team, but the minute that you start doing that, you create this unhealthy dichotomy.

Even if it’s just in your own thinking as a founder, and as a manager, as an entrepreneur, where it can be very easy to get into these dysfunctional patterns of being resentful about, “Well, these five engineers are spending all their time on the open-source stuff, and we’re just giving that away, and how is that helping the company?” “And here I am, busting my hump every day, trying to make our website better, and trying to sell products and trying to get new log-ins and new sign-ups.”

And every time you want to build some new thing, it’s like, when we run into this case of like, “Should we give this thing away or should we charge for it?” And the thing that I’ve come to after five and a half years of doing this is – if I was smarter, maybe I would have come to it sooner –
is just that that’s the wrong question.

The minute you find yourself asking, “Should this be free or should it be paid?”, you’ve already kind of committed the fundamental thinking error of putting those two things at odds.

The better way to think about it is, “What is the free thing that will get someone to pay for this?”

So, what can we give away in such a way that it will open the door for an upgrade path, and that will open the door for a paid product that is a very clear enhancement to the thing that they’re getting for free.

Some of the best companies in the space that I’ve seen tend to have an approach of, like, their explicit goal is that individual developer should never have to pay for our product. But, a company should almost always have to pay for it.

And that really clarifies the thinking, and it clarifies a puzzle in a really interesting way. Because anything that involves a team of ten people, writing a proprietary application, like, they got to pay for that. That’s a company, that’s a for-profit company.

Now, okay, it could also be like a school or it could be a nonprofit org – you can always give those folks a coupon, that’s not actually a problem. But with our Enterprise product and with our Orgs product, I think we’ve done okay. Orgs are free if they’re open source.

If you have five people collaborating on an open-source project, and they want to keep a bunch of modules under a namespace, they don’t have to pay for that if it’s all open source. And we really see that as part of the nice, easy transition from like an individual working on open-source, a group working on it, and then up to a group working on some kind of paid product.

One of the things that we did not anticipate when we made Orgs free was actually it increased our paid Orgs signups.

We’d always intended to do some kind of, like, first month free, type of trial type of thing, and just kind of didn’t get to it because it takes time and attention, and there’s only so many people and only so much code you can write in a day.

And we decided that we want to make Orgs free for open-source projects. Because there was a handful of different open-source projects, and we gave them an Orgs, one of our database markets just went free. And we were kind of like, “We should just make this a thing.”

When we did that, what was surprising was, people at companies would sign up for a free Org, add their whole team, try it out for like an hour, go, “Okay, this is going to work, and then, they’d flip the switch to be a paid org.

That’s for me when kind of the light bulb went off. Like, “We should not be thinking about what is paid and what is free, we should be thinking about what is free, so that it makes it easier to buy the paid thing, if you need it.

Pricing

Michael Schwartz: So, it was all on the honor system? You could sign up as an Org?

Isaac Schlueter: You couldn’t publish anything private. You couldn’t have a package in your organization that had access control attached to it. Anything you published in a free Org would be open to the entire world.

Michael Schwartz: You really almost had to invent a business around this because I can’t say there was like any direct model you could choose. And one of the hardest parts of that is figuring out what to charge for that, especially because you didn’t have a lot of data. I’m wondering since you started the last five years, have you had to pivot on the pricing model a couple of times? Or has it been relatively stable, and did you get it right?

Isaac Schlueter: Yeah, we just stuck the landing – it’s been perfect. No problems at all. I wouldn’t say that we’ve pivoted on the pricing model. We have made some changes that I think are somewhat subtle. And most of those I’ve been owing to user experience.

Around in 2016, or beginning 2017 I think – I forget the exact dates now, it’s all lost in the mists of time – when we originally released our Orgs product, our paid Orgs product, basically an organization, again, you build things in the simplest way possible with the stuff you have because you’ve got to ship something, and if at one point it was perfect, you waited too long. And just the easiest way to do it was to say, “An organization is a subscription that belongs to a particular npm user.”

That gets us into some real interesting subtlety I think that not a lot of Org users, then or now, really fully appreciate it. But the idea was, your Org would have an owner – that was an npm account.

The real big problem that came up, and it came up fast, was, well, what happens when that user goes away, what happens if they leave the company and now what. It’s still billing to their account and their account has this credit card attached, it is a corporate credit card, and like, the only way to resolve it was actually to go through our support team, which, I love our support team, I think that they’re great, they do great work, and I’m really happy that they’re there, and supporting our community, and our customers, but every time somebody has to contact support – that’s a mistake we made, that’s something that we needed to fix.

So, we kind of went back to the drawing board and said, “How do people think this works? How do users think this Orgs thing works?” They think that they create an Org, and they think that they just pay for the Org, and the Org has some user who is administering it, but they can change that user.

So, what that said to me and what we kind of landed on was, the organization itself should be the primary first-class kind of billing entity. And then, the user account of the subscription, and everything else, is attached to that organization, not to some individual user.

Then, that shift, due to some other sort of subtleties, and how it was implemented, we realized that if we made this transition, a bunch of Orgs, who are currently not paying for users who have access to their packages, would suddenly have to start paying for those user accounts.

And the way that we addressed it was, we just collected all of those cases where that would happen, and we applied a coupon to all of those accounts to give them a discount and said, “All right. Like, your bill isn’t going to go up.”

Yeah, we probably could have just said, “Well, bad news. I know you’re paying $7 a month now, but it’s now going to be 21 because you got these other two users that technically are part of this other Org, even though they’re in your Org also.” And it got really hairy, but we figured that the user experience hit just wasn’t worth it like, “Thank you for being an early subscriber, an early adopter.”, but moving forward, it really vastly simplified it.”

The organization is a top-level thing, it’s like a first-class entity in our system. Every user account costs 7 bucks a month – that’s it. There’s no like discounts if you’re in multiple Orgs or anything like that.

Nobody complained, some folks got an email that said, “Hey, you know, we’re changing our pricing model. This would make your bill go up, but here’s a discount, so it won’t.” There was basically no reaction, which is what we’re hoping for.

Now, our Enterprise product, regarding pricing, yeah, we’ve been all over the map there. You talked about there not being data, well, with a self-serve product, you have quite a bit of data. It’s really easy to just throw a survey out there, and like, yeah, it’s going to be noisy, and you’re going to get a dozen people were like, “Oh, I wouldn’t pay more than a penny.” But you can wipe out the outliers, and get some kind of at least directional data.

One of the things we found was, there’s already some services out there, like GitHub costed 7 bucks a month for Orgs at that time. I think they’ve since changed their pricing model for their Orgs products, so it’s like $25 for the first 5 users and then $9 after. We thought about doing something like that in our sales, mainly in the future. Just to kind of help people get over that initial hump.

But once you had your first 5 users, it’s very, very sticky. The easier we can make that seem, it’s like 25 bucks and you get 5 users – that seems cheap. But if it’s $7 a user, and you only had two users, there’s a pretty good chance you might not like stick with the product. If you get those 5 users in, now you’ve got five people all collaborating on code, and they’re not going to abandon that for anything because now it’s kind of in their process.

So, with the Enterprise product on the other hand, there really is almost no data, and it’s very difficult to get that data. A lot of Enterprise products, even if you go to like companies, providers, websites, and you look at their Enterprise products, it says, “Call us.” You are kind of in this like arm wrestling match with the procurement department, where your price is, like, you give us ‘whatever we can get out of you’ basically is the price.

I think with our Enterprise product now we start at $50 a seat, and the product has quite a bit more features in it than our previous generation of our Enterprise product which was quite a bit cheaper. And we also have a minimum number of seats in order to qualify for an Enterprise product. We don’t offer it for less than 20 seats.

The nice thing about that is that it immediately selects out everybody who’s not actually going to need the benefits of this product, who is not going to need the policy enforcement and security features of it.

They are not going to be as well served by that product like they should really be buying Orgs. So, it’s tempting to look at pricing as like the way that you make money, but really, another way to think of it is like, how does a pricing act as a filter for who should be using this thing, and how does it work as a signal.

If you have a product, and you have your product break down your pricing page, or whatever, there are companies that are going to just look, and they’re going to say, “I don’t want the cheapest one, I don’t want the most expensive one – give me the one in the middle. I don’t want to look at all these words.” And they’re just going to buy it.

You need to think of, like, who is that user, who’s that persona and kind of focus your research there, and then, work backwards, like, “What is their budget? What can they pay?” And then from there, you’ve got pretty good answer about your price.

Every Enterprise is going to try and make some argument for why they should be paying less. So, start high and let them push you down. And also, like, if you don’t start high enough, then they’re not going to think that it’s legit.

More On Pricing

Michael Schwartz: Was that one of the hardest parts of migrating from I guess open-source repository or open repository to business? Just getting that right?

Isaac Schlueter: On the list of hard things, that doesn’t even make it top 10, there is quite a bit that’s much more challenging. I mean, the other thing about product is, I think it’s really much more art than science, and certainly, there’s product managers out there who are like pounding the table as they listen to this, and sure that I’m super, super wrong about it.

But, so much of it is, you need to figure out a price that you won’t go bankrupt. And then, you need to figure out how to sell that at that price. And the specific number, is it 8, or is it 9, or is it 20, or is it 25.

I think at the end of the day, that probably matters a lot less than have you built a product that people want to use, and have you priced it in such a way that it sends a signal that those people actually are the ones who should be using it.

If you look at the pricing of wine, great example of this — I don’t know, I’m going to offend some wine snobs in your audience, I apologize – a lot of the pricing of wine is like completely arbitrary.

It’s like, are you somebody who likes the expensive wine or who doesn’t care, or you’re like somebody who kind of wants, “I want it to be good, but like I don’t want to spend a lot.” I mean, all wine, it’s all fermented grape juice. It’s not that different, it’s essentially just overstock of wine, that’s why they’re able to sell it so cheap.

But that price signals a particular kind of buyer who is likely to benefit from that product. And on the other end of the spectrum, it’s the same kind of thing. You’re buying this $500 bottle of wine because you want to show off how rich you are, and in order to show off how rich you are, it has to cost $500. And so, that’s why people buy that.

In the world of software product management, we like to pretend that we’re a little bit more rational because we’re all like tech people and we are very cerebral and logical. We do math, and it still largely just kind of comes down to like, what are the products that your product is like, how much do they cost. If you just copy them, it’s probably you could do a lot worse.

Lessons Learned

Michael Schwartz:  So, now I have to ask a question – what were some of the hardest challenges? Please, take top, one or two.

Isaac Schlueter: I set myself up to that one, didn’t I? I mentioned a kind of the split brain that can happen within an organization when you separate out your free, or open-source, or community offerings from your paid offerings, and think of them as different things. That’s a very, very easy error to make, but it’s a very pernicious one that really gets in everywhere.

And I think it, in order to avoid that error, you have to think about that design, not just in your product design but actually in your organization design, in your strategy, in your go-to-market, in where you get your investment from, and who you have on your board. Like it has to really, really inform everything about your company in order to steer yourself away from that kind of problem.

Another big and easy mistake to make is having an on-prem and a SaaS product at the same time early in companies like them. Eventually, you’re going to need to have an on-prem product. And if you’re positioned well to do a bottoms-up sale, that has to be a SaaS.

Because no development team — if it’s five people on a Dev team and you’re trying to convince them to use this tool, they’re not going to spin up a server and install it and operate it themselves – they’re just not set up for that. If there’s a SaaS offering, they’re going to take that one.

And as an early stage company, when you’re talking about like 10, 20 people, if you are building products, like you’re going to take every single shortcut you possibly can. And the biggest shortcut you can take, if you have an on-prem product and a SaaS product, is to start putting big ‘if blocks’ in your code base. And you can tell yourself like, “Oh, they’re the same code base, were totally keeping them in sync.” It’s all one big Dev team.

What’s going to happen is, even the same developer working on both things is just going to put a big ‘If Block’ and say, if process dot, end of dot enterprise equals true, and then basically fork in place, which is even worse than actually forking two code bases. Because now you have this kind of like convoluted ball of mud.

We originally did have an on-prem Enterprise product, we still have some customers who are using it, even though we’re still trying to kind of like nudge them to our Enterprise SaaS product. We reached a point as a company, where we sort of realized we can’t keep running this Enterprise product, we’re actually losing money on every sale, because the cost to support and operate and get a customer up and running is just too high.

So, we pivoted somewhat, we kind of instead said, “How do we take what we do with the registry and with the website, with the Orgs and everything else?” “How do we make a SaaS offering there?” And what do the Enterprise customers actually need for that?”

We’re still figuring out kind of how to play in that space, and how to best have that integrated and connected with our self-serve products, but it’s still a huge step in the right direction. I think hindsight being 20-20, going out the door really in our first year with an on-prem Enterprise product and a SaaS team’s product at the same time, seemed fine. It seemed like a good idea at the time.

A bunch of people told me, “Well, you need to really make sure that the code bases don’t diverge if you do that.” I heard that from a bunch of folks at GitHub, who made the same kind of error, and I was like, “Okay, noted. Don’t let the code bases diverge.” Got it. What they didn’t tell me was, “You’re going to let the code bases diverge. That is absolutely going to happen – it’s inescapable.” You can either be a SaaS company or an on-prem product company, and those two companies are very different shapes.

If you’re going to be an on-prem product company, that means there’s a lot more of a top-down sale most likely. Or it just has to be so easy to install and start running like on a laptop. It’s almost certain that you’re going to need some really good professional services skills within your company, because making a customer successful with that product is going to require that you have somebody who knows how to stand it up, and how to operate, and kind of which buttons to push, and which knobs not to push, how to tell if there’s a problem – all of that stuff.

That means training, that means customer success, that means like really building in good metrics into the product itself, but in such a way that they’re not going to offend people who don’t necessarily want data collected about them, or if it’s behind the firewall, like, how that all works.

On the other hand, the way that you go to market with a SaaS product is completely different. It’s more about adding hooks and adding limits and adding these pay walls within your free product. So, when you go to your settings page, or you go to like view some metadata, or you go to view a report, or you go to add a new package, they can say, “Hey, you need to pay to use this feature. And those are two completely different mindsets.

At a certain point of maturity, you could reach a point where you have enough, maybe you fall of the bottoms up path, the bottom up path eventually gets to the top, and the top down path eventually gets to the bottom. But if you try to approach it from both sides at the same time, I just feel like that almost never can work out well. Now, there are companies that end up doing both, but if you really look carefully at the companies that are successful doing both, most of them started on one end, and then made it to the other.

Either they started as a top-down company, and they did well enough with like evangelizing, and marketing, and getting adoption, and gaining traction within these large companies that it became sort of a de facto standard. And then open-source parts started to kind of become the way that developers expected to do things.

Or they started as a bottoms up strategy, where every developer just eventually started to expect that this is how things work. And when they came to a big company they said like, “We need to sign up for these.” And then, eventually, they built out features that built up to that enterprise-level. And obviously npm loses position to do the bottoms up thing, and so, approaching both the same time was — I would not do that again.

Team

Michael Schwartz: What’s your approach to building the team?

Isaac Schlueter: Before there was a company, there was me and there was one guy who was in Thailand. Another couple of folks, one was in Eastern Europe – again, this was a whole donated infrastructure stuff, so whatever that other company was doing. I didn’t really recruit them, it was kind of just like who I ended up with. And luckily, some of them were really good. A lot of npm’s success really owes to that.

When we founded the company, you know, it’s easy to forget now, because it doesn’t feel like it was that long ago, but video conferencing was not as good as it is now. Chat apps were not as good as they are now. Slack didn’t exist, Zoom didn’t exist. I think Zoom might have existed, but it wasn’t what it is now. It wasn’t back then easy-to-use.

So, initially, we would focus our hiring on the Bay area, which seemed reasonable. It’s what you do, it was a Bay area startup. We opened an office in Oakland, mostly because that’s where I live. We went from there, so that the initial team was almost all coming from Oakland. There’s one person we got doing op stuff, who is in South Africa. And part of the challenge was like adding remote people was really hard, because the whole team is there in Oakland.

Like, we’re talking about strategy, and tactic, and products, and technical direction, and stuff over lunch, out everyday, like, it’s really, really hard to keep people in the loop if they were not colocated with us.

We eventually moved from IRC to Slack, and we started doing more and more stuff on Slack. We found that we actually needed to have a little bit more time zone coverage. So, we added some other developers, we hired somebody who was in Europe, and that really pushed us to operate in a more distributor friendly way. So, doing more of our discussions on Slack, having our meetings with Zoom.


We kind of just kept adding remote people. It was like, “Well, there’s those two developers we want to add, we want to hire.” And like, can they do remote, and one of them is remote, and you do that again, again, again, and after a while, it got to a point where like, our CEO is in Halifax, our CTO is in Toronto, I’m here in Oakland. We have this big beautiful office, and I’m one of like four people in it.

When we rented that office, we had this plan to like eventually grow to 50 people. And we were looking at the office we were in. We were 13 people, and we did not fit. We had a single conference room, a single room with a door that closed, and we grew to about 13 people, and we were just like, “This is ridiculous, we got to get out of here.”

We found a bigger space, we knew that we would end up growing to between 30 and 50 people over the next couple years, so we’ve rented the space that could house that many. I think it was just a few weeks or a month ago actually, or maybe a couple months ago, where we had this interesting situation where our landlord wanted to move us to a different spot within the building.

You know, we’ve been thinking for like a year how stupid it was that we had this big Oakland office, and like, we’d really like to get rid of it, but we’ve got another year on the lease. And they’re like, “Hey, we want to move you from the 11th to the 5th floor.” And we’re like, “How about we just leave?” They are like, “Yeah, cool. We get to rent the space out at 2019 prices instead of keeping your lease? Yeah, go.”

So, it actually worked out great. It was a little bit sudden, the way that sort of fell on our lap. But yeah, now we’re just 100% remote, everybody works from home, and that freed up a lot of capital for us to actually offer like a monthly work from home allowance, to cover things like internet, and the desk light, or whatever work expenses you might have, whereas previously, it was like we really can’t afford to do that because we’re spending our whole office budget on an office.

If you want to work in the office, like, we got this great office, but most of our staff was not in the Bay Area. So, in terms of like, where do we recruit people or how do we find talent, we do get a lot of resumes, we do get a lot of interest especially in technical roles.

When it comes to other roles, when it comes to non-technical roles, things like sales or marketing – I hate that term ‘non-technical’, like, the profoundly technical jobs, but if I want to hire a product manager who doesn’t write JavaScript, if I want to hire a VP of finance, it’s kind of the same thing every other company does.

We use a combination of just our networks, which has some pros and cons. The obvious pro, hiring somebody you know is you know them, so there’s a good chance that there’s a little bit more of like a connection, they may be a little bit more motivated to make it work, etc.

The downside is, you probably know people who are like you, and so you can very quickly and easily get into a bad cycle, where your kind of diversity just goes off a cliff. Or even worse, we’re like people who are kind of in the crowd, or like included in decisions, or have a little bit more power or authority within the company, then they probably sort of can get very like toxic and weird that way. I think that we’ve avoided that for the most part.

The other thing we’ve done in, especially tough to find rolls, we’ve had some success with executive search firms, we’ve done that a couple of times. And then, also posting stuff on LinkedIn, on Lever, on our other social media channels. We have our own npmjs.com/jobs that shows what roles we have open, and people apply for them.

Advice For Entrepreneurs

Michael Schwartz: The last question. Any advice for new entrepreneurs who are starting a business where open-source is a part of their business model?

Isaac Schlueter: I talked about this a little bit, but I’m going to go ahead and just repeat myself, because I feel like this is really important and really easy to miss and really easy to not understand the importance of it.

You have to craft your plan such that doing the free thing actually serves your strategy. And there’s a lot of subtlety to that. I don’t have like one weird trick that will fix everything. But you definitely need to think of, like, “If we give this thing away for free, what happens?”

Part of the thinking there is, imagine that you have like ants roaming around on a dirt floor or on the ground, if you pour some honey in one spot, that’s going to change the whole ecosystem. And that’s kind of what happens when you start giving away something for free, whether it’s an open-source product, whether it’s a service that you say, like, “This is free for open-source packages or for open-source projects, or for open-source users whatever.”

You’re creating a pile of honey in the middle of all these ants that are currently just kind of roaming around in their own different ways, like, they’re all going to find it, and they’re all going to come to it. It’s like, “Okay, now what?” What I mean by that is, when you get something away for free, you are fundamentally kind of like disrupting an ecosystem.

It’s important none of the ants are complaining about the honey, but you’ve now changed the shape of the scenario. And that can be really, really good, or that can be really, really hazardous.

It’s tempting to be like, “Oh, I’m charging for this thing and I’m giving this thing away.” And how do I convince the free people to buy the paid thing? Like, you’d really need to back several steps up and think, “What do these people need? What’s the thing that I can sell them that will address that need? And what’s the free thing that’s going to drag them over?” Instead of saying, “What do I give away for free?”, and then separately from that, “What do I pay for it? How do I balance these two?” They have to be one thing in your mind.

Closing

Michael Schwartz: Isaac, that was super interesting. Thank you so much for joining us today.

Isaac Schlueter: Thanks for having me.


Michael Schwartz: Huge thanks to the Open Core Summit for connecting us to Isaac and for volunteering their only sales office to provide a quiet place to record. Don’t miss the next Open Core Summit. It was one of the best conferences I attended in 2019. Where else can you get a critical mass of open-source founders in one place?

It’s essential that we foster an event like this so we can share experiences about what’s working in open-source business.

Transcription and episode audio can be found on opensourceunderdogs.com.

Music from Broke For Free and Chris Zabriskie.

Audio editing by Ines Cetenji.

Production assistance by Natalie Lowe. Operational support from William Lowe.

Have comments? Tweet at us. The Twitter handle is @fosspodcast.

Please, subscribe to the podcast on your favorite podcast platform. Every subscription helps. Next week we have Shannon Williams, one of the founders of Rancher. He was fantastic, so don’t miss this one.

Until then, thanks for listening.