Manny Rivelo officially took over as CEO of F5 July 1st, stepping into the big shoes of John McAdam, who grew the company from $109 million in 2000 to the $1.7 billion behemoth it is today. Network World Editor in Chief John Dix recently caught up with Rivelo to see what he has in store for the application delivery networking company.
You’ve been with the company almost four years, so let’s start with an overview of your accomplishments to date.
I joined reporting to John McAdam to help with the security business. It was the early days of F5 exploring its security portfolio and he wanted me to look across the company at what we needed to do from a sales organization and product development perspective to begin to make that push. The goal wasn’t to have a separate security product. The push was to introduce security solutions as part of application delivery, as part of our ecosystem of services and applications. That was the initial undertaking. And that went well.
Almost a year later he asked me to do the same for the service provider business. We had more traction there but we wanted to round out our portfolio. We were introducing new solutions and had done an acquisition in that space – Traffix Systems -- and so it was a question of how we packaged that in a cohesive manner to get larger penetration with service providers.
About a year later he asked me to take over additional responsibilities, such as product management and business and corporate development, and then he asked me to help him begin to develop the strategic framework for F5 going forward.
How did the passing of the baton go when you officially took the CEO reins on July 1st?
About 100 days ago we announced to the Street that I was the next CEO, and at the beginning of our Q3 John took on the role of coach, mentor and supporter and asked me to step into the shoes knowing I wasn’t official until July 1. That gave me an opportunity to hit the street running.
What will employees and customers notice as being different about F5 with you at the helm?
I’m more technology oriented than John. John started out as an engineer but over the last 20 years he’s become more of a business leader. Obviously, I practice business leadership, but I’m in tune with the technology elements and what’s driving the industry, so I think you’ll see more of a technical slant from a CEO perspective than you would see with John. John would delegate those activities to myself or our CTO. I’ll be taking some of that on.
How about in terms of day-to-day activities? Anything the staff would notice?
I’m probably a bit more hands on in the sense of deeper technology discussions. But the way I run things on a day-to-day basis is not that different from John. We’ve got a pretty good cadence and a good governance model inside the business, so the meeting formats, the organization is not that different. What I’m doing aggressively is imparting ownership and accountability throughout the company. As we become larger it gets harder for everything to boil up onto my desk or on the EVP’s desk, so we’re looking at mechanisms to push some of that accountability out through the organization, giving us speed to decision and execution while at the same time governing it like we have historically.
Given you’ve been there for four years and have led a lot of initiatives, I presume the product roadmaps stay pretty much same?
We’re very happy with the trajectory, with our vision and mission and strategy. Obviously, what we’ll look at is how to accelerate and where to double down from a strategy perspective. We’re going through our FY16 strategic planning process now and converting that into an operating plan so we can execute and hold ourselves accountable throughout the course of next year.
Then we’ll make some tradeoffs. There will be some things we back off from a little in terms of investment, and certain things we double down on. That’s just fine tuning more than anything, but the general direction is still true. We’re focused on application delivery and creating a better user experience by making connections fast, secure and available, and allowing users to access their applications from anywhere, any place at any time. That theme resonates with customers. It lends itself well to the modernization of the current data center, and to workloads that are moving to hybrid or public cloud infrastructures, and we just have to continue to build out that portfolio.
Are you at all surprised that F5 could build a huge business on its Traffic Management Operating System (TMOS)?
TMOS has been underestimated in the industry for what it really is. In 2004 the company made a strategic decision to move to a proxy and that has allowed us to do a lot of interesting things from a product perspective, one of them being consolidation of additional products and services to the platform.
I think that has been misunderstood by the market, primarily because between 2004 and maybe 2010 or 2011, everybody said F5 was a load balancing company while the reality is we were building an application delivery controller platform based on a very extensive proxy-based architecture. I’ve heard very accomplished industry individuals wonder out loud how a company could grow to $2 billion by building a load balancer. Well, we didn’t. We built a platform.
You spent 19 years at Cisco before joining F5, how would you compare and contrast the companies and the cultures?
We’re very similar in lots of ways. As a matter of fact, over the years we’ve hired some of their developers, product managers, engineering talent, etc. Both companies are very grounded on the customer. Cisco will talk about it being the foundation of the company and we’re the same way. The customer comes first. And like Cisco we’re partner-driven. We have a large ecosystem of resellers and partners and distributors. We’re 98 point something percent partner-driven as pertains to transactions, and I think Cisco is 90-something percent.
And we are employee-driven in the sense that, not only do we want to create great shareholder return, but we want F5 to be a great place to work. We get a lot of accolades for that and that’s something we’re very proud of. So culturally, we’re similar with Cisco. I think that’s why we also partner well together. We understand them and they understand us. We come at it from the same perspective.
How many employees do you have now?
We crossed 4,100 last quarter and we’re on a quest to bring in 500-600 a year and continue doing that. And that’s across the whole organization, from sales to engineering, our service and support organization and, of course, G&A.
I want to come back to your mention of security because I understand a good portion of the revenue growth last quarter was attributed to gains in security. What is working there?
The initial security technology we added in the 2004-2006 era was SSL decryption and encryption, offloading the servers from doing that. Over the years we’ve enhanced three primary security-oriented footprints inside the TMOS platform, and some outside TMOS as well.
Inside the TMOS platform we’ve aggressively looked at the user perimeter, the authentication and authorization of a user accessing corporate resources. We want to be that front door, whether those resources are inside the enterprise or are being consumed in the cloud; we want to enable customers to do single sign-on to those services and log those connections. That’s been a growing business for us. It grows off of a product we call APM, Access Policy Manager.
The second major footprint we invested in aggressively is being the last line of defense for applications we sit in front of, protecting them from everything from DDoS attacks all the way up to a Web application attacks. That’s a market that’s been growing for us. We have a suite of products there, including our Advanced Firewall Module and our Web Application Firewall.
The third area we’ve pushed aggressively over the last 18 months and have had some significant wins this past quarter, is targeting service providers. Mobile operators are growing rapidly, the infrastructure needs to be secured, and they don’t want to become commoditized, so they’re introducing our GI firewalls. All of that is part of TMOS.
Outside of TMOS we’ve introduced a series of services known as Silverline, which is a SaaS service, and the initial offering was anti-DDoS, which you can think of as a scrubbing center in the cloud. If you’re being DDoS attacked you could send us your traffic, we’ll clean it for you and only give you back clean traffic. More recently we launched on that service a web application firewall. So we’re introducing a series of security cloud-based services that we can stick in front of your data center or your applications, whether those are in your data center or in the cloud. That’s a subscription based offering and you’ll see that portfolio expand.
Given there are so many entrenched legacy security tools, how do enterprises adopt these things?
Obviously, we already have a good enterprise footprint supporting traffic management and a lot of other services, so what we’ve done is made it easy for them to procure additional modules or enhanced capabilities. Some of that is just the sales organization showing the new use cases, where we have great performance and feature richness.
But we also have a bundling model known as Good, Better, Best where we tier services that we think go well together and offer those to a customer at a favorable price. So instead of buying five components, you can pay for two and get the value of multiple components. We launched that about 18 months ago and we’ve seen customers say, “I need these other two modules, but let me just buy the best module because then I get all the additional services.” Then slowly they begin to introduce those services because they’re already paid for. That reduces the cost of ownership significantly over time.
Given F5 has historically delivered purpose built hardware, what do you make of the adoption of Network Function Virtualization (NFV)? Do you anticipate customers starting to adopt NFV services from service providers instead of bringing in your gear?
Let me answer that a couple ways. I’m surprised at how much momentum NFV has picked up in a very time since it came up as a proposal at ETSI, which is a standards body. We’re two and a half years into it and the momentum is great. All the service providers we talk to have various proof of concepts going.
But we are really a software-based company. I talked about it in the recent earnings call, where I gave some stats so that they could see our momentum. Our software revenue has more than doubled over the last three years and represents over a third of our business today, so it’s a significant contributor and growing at a healthy clip. We’ve vectored, if you will, to produce one set of code that can sit as software-only on hypervisors, that could go down the NFV path, or could used on our purpose-built hardware for faster acceleration.
Our software is intelligent enough to see if there is hardware acceleration sitting beneath it. If there is, services get offloaded and the CPU doesn’t get consumed. If there isn’t, it just uses the CPU. So it’s one set of code where you have zero religion on whether you want to deploy it as software only or hardware. We think the market demands a combination. It depends on whether you want to scale up or scale out.
We’ve had some significant NFV wins already. We have dozens and dozens of proof of concepts throughout the world. I talked on the earnings call about a win we had which is a significant proof of concept in Asia-Pac with two of our ecosystem partners. That went really well for this carrier and they’re going to deploy NFV. In fact, they actually took it to the ETSI standards body to get it certified as the first true fully implemented NFV deployment in Asia-Pac.
So we think it’s a great opportunity. We think it makes a lot of sense for service providers to be able to change how they deploy their network architecture and rein in expenses because they don’t have to purchase hardware all the time in step functions. Instead they can linearly scale up through software based models.
If that model is broadly embraced, do you lose direct contact with enterprise customers since they would be buying from service providers?
We’re not trying to prevent migration of workloads to cloud-based infrastructure. We’re really behind enabling that, and we think that’s all upside from a business perspective. But when we talk to large companies it’s clear many workloads will never leave the enterprise, for compliance reasons, for regulatory reasons, for security concerns.
What we are noticing is there is a new set of applications that didn’t get these services in the past, primarily because they weren’t inexpensive. When they came with hardware they cost a significant amount of money and/or the applications weren’t going to exist for a long time. A typical example of the latter is a sporting event. In the Olympics applications need to be deployed and scaled out to support billions of users, but they have a shelf life of a month, maybe a little longer than that.
I can’t mention NFV without following up with a question about SDN. Where do you see SDN today in terms of customer adoption and what has it meant for you folks?