InfoWorld: Why do people need an open source infrastructure company like SpikeSource?
Polese: It fundamentally boils down to the challenges around interoperability. One of the biggest challenges that we find enterprises have and companies of all sizes [have when] they're using open source is keeping all of the moving parts working together on a continual basis. [These are] the "what-works-with-what" problems, which [are] compounded when you have dozens of components in a stack. This is very typical for an enterprise that's running open source applications. And those components are changing on an ongoing basis, whether it's updates, patches, new features, security vulnerabilities.
To give you some numbers, in 2005 alone there were 490 combinations of PHP (Hypertext Preprocessor) Apache and MySQL that were released. And then if you add 21 releases of OpenLDAP, you get over 10,000 combinations just for that one subset of the stack. And if you multiply that by Linux kernel versions and updates and distributions and then add patches on top of that, it becomes a very complex problem. There's a lot of overhead involved in managing open source infrastructure. It's the ongoing patch management, life cycle management that becomes the cost, frankly, and it adds risk [and] overhead to enterprises that are using open source.
InfoWorld: Could you discuss briefly the type of services you provide for open source users?
Polese: We provide, first of all, the stacks themselves for free for download from our site, so you can choose a variety of different components. We certify over 100 components across six operating systems, six language runtimes, and have tested very large combinations of those components. So you can download the stacks for free.
The service that we provide is an update service, and it's basically what we call SpikeNet. It's a patch management update service that provides the ongoing lifecycle management for that stack, and the updates are targeted for a configuration that's running at the endpoint. The service includes regular alerts and notifications. And then there's a high-stakes vulnerability or security alerts. We deploy a patch that's been tested and validated against that configuration in 24 hours or less.
So that's basically what SpikeNet is, that's the update service. And then the other part of the offering is technical support, which is one phone call for support for the entire stack. We have partnerships with companies like MySQL and JBoss. We sell third-level support from those companies and we also have many experts here internally at the company who are knowledgeable about different components in the stack.
InfoWorld: So you only sell services, you don't sell any software at all?
Polese: Correct. And the services, in the form of SaaS [software as a service], it's not the traditional professional services organization. This really is software in the form of updates. We don't sell traditional enterprise licensed software products, but we do sell software in the form of ongoing updates and patch management. So it's similar to a Norton-style model. The service is really the bits delivered that are tested, certified, validated to work with that configuration at the endpoint at the customer site.
InfoWorld: Is SpikeSource involved in intellectual property protection services?
Polese: We don't do that ourselves, but we are partnered with the leading companies. We have, for example, a relationship with Black Duck. We created an integration between our asset management tool, called the Spike Asset Manager. Together with Black Duck, we integrated that with their licensed calculator that basically reports on what the open source licenses are that are related to those components. So it's a very natural marriage of the two companies' products and services.
InfoWorld: What's the installed base of SpikeSource?
Polese: We're not yet talking about the numbers of customers at this point. You can expect to see some announcements over the next several months about additional customers. A bank based in London was one of our first customers. Another customer is Business Objects, an ISV in this case, that's using SpikeSource to basically standardize on a common stack so their customer base has been moved to an open source environment. So I can't give you numbers right now of customers, but I can tell you that the pipeline is big, the demand is strong, and we're [closing] business every day.
InfoWorld: Are there any parallels between SpikeSource and your previous venture, Marimba?
Polese: Well I think [there is] one very, very strong parallel, and one of the things that attracted me to this company is this model of SaaS. And specifically, in the case of Marimba, it was a licensed model that we were using, so we were delivering our product in the form of software -- the free software product management environment that companies could run behind their firewall. In this case, we're actually delivering the updates over the Net as a service, but the common theme is making it much easier and cheaper to run complex software within the enterprise. So removing cost and complexity [from] software lifecycle management, that's definitely a common theme between the two companies.
InfoWorld: Are you seeing more enterprises looking first for free, or so-called free, open source software rather than looking to buy software these days?
Polese: One thing that I've noticed, just in the last year or so, is a change in attitude on the part of enterprises, and they're moving from kind of kicking the tires with open source to realizing that open source has already been at their enterprise, and they need help in the form of third parties basically managing and maintaining that open source software. So it's becoming, first of all, acknowledged open source, that is acknowledged as mainstream within the enterprise.
And then secondly, it's becoming increasingly not just another option or a cheaper option, but even a safer choice [than] proprietary software in some cases, particularly in the area of infrastructure where CIOs [and] VPs of IT don't want to be beholden to one vendor, don't want to be locked into a particular infrastructure or deal with the silos of the past. So it's almost becoming a norm that enterprises are moving toward open source, particularly in the area of infrastructure. And I think over the next year or two, we'll start to see the application adoption happening as well.
InfoWorld: When you say applications, what kind of applications? I know there's SugarCRM, but what are some of the other application options for open source?
Polese: There's been a whole crop of companies that have emerged over the last six months or so, and they include Alfresco, for content management; Pentaho, for business intelligence; GroundWork for IT management and monitoring. The list goes on. Funambol, this is mobile applications -- the Java environment for telephones and handhelds, and Compiere, which is an ERP company. So basically, name a category and there are one or more commercial providers of services for open source applications.
InfoWorld: Is open source in fact cheaper or are there a lot of hidden costs? Is it cheaper than commercial software or is it just as expensive once you add up the service, support, and all the other issues?
Polese: Well there's certainly been a lot of discussion about this topic and [I will] be glad to tell you just how expensive open source can be when it comes to implementation and maintenance and lifecycle management. In fact, there are significant costs involved in ongoing patch management, testing, certification, and updating of these components, when you're starting to use more than a handful of them.
So we can make a case that open source software can be as expensive as proprietary if you have the overhead of having to staff the internal team and almost becoming your own vendor just to maintain that open source software. And that's of course one of the reasons that we were inspired to start this company, Marugan Pal and Ray Lane founded the company back in 2003. They saw that cost rising, they heard some CIOs who were frustrated with what they saw as increasing complexity in using open source, and Marugan saw an opportunity to create technology to eliminate a lot of that overhead for companies.
InfoWorld: Is there anybody else doing anything similar to what SpikeSource is doing, IBM Global Services or anybody like that?
Polese: There are a couple of other companies that are sort of pure-play providers of open source services. We [see] OpenLogic and SourceLabs, but the traditional systems integrators are not providing automated testing in lifecycle management for open source stacks. They typically have a team of consultants that they bring in and are on-site on an ongoing basis, but there's not a specific service that I'm aware of from the large SIs that provide what we are providing, which is a wide choice of components across multiple operating systems, including, by the way, Windows. So we do certify on Windows as well as Linux. And then the ongoing maintenance updates, alert [notifications]… that is a unique service. I'm not aware of others, certainly in the systems integrator space, who are offering that. And as far as we know, we provide the greatest breadth of coverage of testing from the open source market today.
InfoWorld: Is SpikeSource profitable at this point?
Polese: Well, we don't yet discuss [that] and we probably won't until we become a public company, should that event occur. We don't reveal information about our financials at this point.
InfoWorld: There's been talk in the last couple of years about whether commercial software would go away. Do you think there will always be a place for commercial software? You're not going to have a world where all software is free? You don't see that happening, do you?
Polese: Well, just to sort of drill down on that word a little bit, there's commercial and there's proprietary, and there's open and there's closed, and there's different combinations of all four of those.
InfoWorld: I'm talking about where you pay for the licensing in software.
Polese: I don't think any one model will be the only model out there in the market, so I do think there will continue to be software that's priced and sold successfully using the enterprise software license model. But I think the majority of software over time will move to software-as-a-service subscription or on-demand models simply because the cost savings and ease for the end customer is so compelling. And because the Internet now enables us to deliver with low overhead very high values for an ongoing basis to customers, and that's what they want.
They ultimately just want the software to work and they want it to perform as promised, and that really requires ongoing maintenance, which is of value and should be a cost that customers are willing to bear, and they are, indeed. So I think the model will, over time, move more and more to software as a service or on-demand, but I don't think that'll be 100 percent [of] the market in any case. I think you'll see a combination of open and closed, proprietary, commercial, enterprise licensed, and SaaS models.
InfoWorld: Do you have any upcoming announcements you want to talk about at this point?
Polese: Not at this point, but we certainly will be over the next several months.
InfoWorld: Can you elaborate at all on that?
Polese: It will be related to our customers that we're seeing out there in terms of how they're using the product, and specifically customers as they are willing to be identified. Obviously in the beginning, when you're starting to sell, it takes a while for customers to be willing to be identified publicly, but that will happen over coming months. So [we will discuss] customers, partners, deployments, how is it really working out there in the world of IT? How are people using our services?
InfoWorld: I was looking at your biographical information on the SpikeSource Web site, and it mentioned you were the original product manager for Java at Sun Microsystems. Do you think after 10 years that Java has met, exceeded, or fallen short of your expectations?
Polese: Well, [this] is a personal opinion, it's not a SpikeSource opinion, but I'm thrilled with the success of Java. It has exceeded my expectations. It's a phenomenal number of developers, of devices that are deployed based on Java, enterprises that are using Java. And I can tell you this anecdotally, in our customer base [when] talking with companies, most of them are using Java. Java is very much mainstream when it comes to enterprise applications and I don't see that changing any time soon.
InfoWorld: One more question about Java. Do you think Java needs to be available in an open source format, or should they stick with the Java Community Process?
Polese: That's one that actually I prefer not to weigh in on right now. I [haven't been] examining the community model lately and contrasting that to a pure open source model, so rather than stating an opinion without having thought about it, I'd like to hold off on that one.
InfoWorld: Are there any restrictions as far as which of the open source licenses you support at SpikeSource?
Polese: No. We basically tack on the licenses that are already attached to, associated with, those components.
InfoWorld: Do you carry any Sun software?
Polese: We are not currently certifying with Sun software, Solaris, but that is on our road map.
InfoWorld: I don't know if proprietary is the right word, but say, for example, with Linux distributions, if you get an enterprise package from one of the major vendors, they often come with portions that are more or less non-free device drivers, that kind of thing. Do you also provide support for those?
Polese: We provide support basically at the operating system level or above, and specifically what we're doing is certifying the common components that you find in the core stack, in the basic infrastructure stack -- like the application server, Web server, and database -- and then additional supporting components. So we're not getting down to the device driver level.
InfoWorld: So then a different table type for MySQL, for example, that might be a commercial product?
Polese: If it's part of the mainstream MySQL release, we are supporting it.
InfoWorld: Let's say there was some sort of add-on that was popular but was more or less commercial software, you wouldn't be interested in providing [support for that]?
Polese: We do certify with proprietary and commercial software, so Windows is a good example of that. If there was a popular commercial software product that was used in combination with open source, we would likely add it to the set of components that we validate.
InfoWorld: And as far as the technical support side of it, how does that work? You say your main service product is SaaS, how does the technical support work?
Polese: We have coverage for 24 hours a day and 365 [days a year], traditional enterprise-class support. We have teams here in the United States as well as Europe and in India who are experts in various components in the stacks and in technologies like Java or PHP. So we have a set of very well-qualified experts here on open source who are ready and standing by for customer's calls as they come in.
InfoWorld: So that is traditional phone-based type of support?
Polese: Yes.
InfoWorld: And so you have partnerships with, for example JBoss, and if you need to get escalated to developer-level support, you'll pass this along from the one phone number?
Polese: That's right. So the customer [has] to make one call to us, although we can, as they need it, provide third-level support from JBoss or MySQL or other commercial providers. And we have strong relationships also with open source [providers] and the open source community in general, so we're able to tap into that expertise as needed. And we're also building relationships with other providers that are not household names necessarily, but commercial providers of open source, support providers of those components.
InfoWorld: You mentioned you have some people working overseas. Do you want to weigh in on the outsourcing issue? Sun Chairman Scott McNealy last week said that there's a false notion that if a job is outsourced overseas, that means a job is lost here. Do you have any perspectives on that?
Polese: Yes, well I agree with that statement. I don't think we can make an assumption that it's a job lost here. In fact in our case, we were a global startup from day one. We started with a team in India, and specifically because we believed that talent is everywhere and [we access resources] from the global market when we're aggregating and supporting open source [software]. We're selling to the global market. Our first customers, in fact, were U.S.-based companies [but] we're finding great demand outside the U.S. as well as inside.
So it makes sense that we would have development and support teams that are located outside the U.S. as well. This is a team that's very much part of our engineering team. We didn't decide to shift jobs over to India, these are positions that we [intended] from day one to be based there, but we continue to hire here. So I think Scott's point is a good one, you can't always draw a sort of black and white conclusion about having an offshore team. It does not mean a job loss over here necessarily. In fact, it can mean growth straight across for the companies, and as we get bigger, we'll add more headcount here too as well as over there.
InfoWorld: Do you have any other topics you wanted to discuss?
Polese: I think the main points that I would want to get across are that we are seeing a very [strong] demand for our offering in the marketplace, and that is because of the complexity of managing and maintaining open source on an ongoing basis. And that's something I think maybe people who aren't emerged in the world of open source often don't see.
There's a lot of discussion about [LAMP] or Linux, but in fact it's not commonly known that a typical open source application is comprised of dozens of components, and many of which are not at all household names. And the overhead of managing those has really cost the companies significant money and created risk internally as well, so that's why they're actively looking for third parties to offload these tasks.
The other thing I just want to emphasize is at the root of what we provide as a company is this automated test framework that's running today over 30,000 tests nightly, as I mentioned earlier, across six operating systems, including Windows as well as Linux. Six language runtimes and over 100 components, and that's what's enabling us to know at any given time what works with what, what the potential conflicts are, dependencies, and therefore deploy a tested, validated cache to a customer site. So this is all to say that what we're doing is not providing a sort of traditional professional services function. We are a software company, we're delivering that software in the form of a subscription on an ongoing basis. But this is very much a technology solution based on automated testing.
InfoWorld: As a global company, would you say that the majority of the demand for SpikeSource is presently in the North American market or elsewhere? And how do you expect your revenue to pan out as far as the different markets globally?
Polese: Based on the interest that I'm seeing, I would expect over time for at least half, if not more, of our revenues to [come] from outside the United States, and I would expect that to happen on a more compressed time table than in the past. And that is because there is so much aggressive open source adoption in Europe, in Asia, in other parts of the world -- South America. And those companies are actively seeking third-party solutions to help them reduce the cost in overhead of managing that open source.
But they've made a strategic decision that's from the top and oftentimes even is prompted by a government mandate within that, in China, in Brazil, in the United Kingdom. Even here in the United States as well, and in certain states are starting to see it. But certainly outside the United States there's been a tremendous movement to open source in the last year, two years in particular, and we're seeing that continue to accelerate. So I expect, as I said, more than 50 percent of our business ultimately to come from outside the United States.