 Live from San Francisco, it's theCUBE. Covering Red Hat Summit 2016. Brought to you by Red Hat. Now here are your hosts, Stu Miniman and Brian Graceley. Welcome back, really happy to have on the program the headline keynote speaker at the event. President and CEO of the company, Jim Whitehurst. Also gave a great history lesson and the catalyst for this whole convention here. So Jim, welcome back to the program. Thanks so much for having us. Great to be back on. I appreciate you being here this year. All right, so Jim, largest event here. You were up on the keynote stage. Give us what you take on kind of the energy in the show itself so far. Well, one of the things I find just amazing about a Red Hat event is there is a lot of energy. The people who come here are generally passionate about open source and that just comes through. And for me as a speaker up there too, I feed off of that energy. So it does have a different vibe than most events because people are here because they are passionate about open source. So before we get into some of the Red Hat specific stuff, last year you launched a book and you've been on a book tour. So I was wondering, kid chair, what lessons did you learn going around talking to people that have read your book, other CEOs looking for advice? What were some of the key findings you had? Well, first off, I'm just amazed at how much traction it's gotten. I knew it would resonate with a certain set of executives who thought, wow, my industry's being Uberized so I need to think about this. But literally across the board, I've had management teams from big German companies fly over to want to sit down and talk about this. The concept that the traditional production systems about run its course and that we now need to organize for innovation is pretty widely held. And so I think the biggest kind of thing that surprised me is how much traction I've gotten. Then of course immediately from that is for traditional companies. It's like, well that's great, Red Hat grew up that way. How do I go from where I am to where I need to go? And that's been a fascinating set of conversations to be able to have. Yeah, so do you believe that companies can move to become an open organization if there are 10, 50, 100,000 person company today? Oh, I absolutely believe it. There are different levels of things that one can do. And in the book, I kind of have this baseline thing that I talk about around purpose and passion and around engagement. And every company can highlight their mission statement, why it's important and connect people's jobs to that, right? That's purpose and passion and that's engagement. And any company can do that. And you see some great examples from P&G to some of the pharmaceutical companies that really talk about tying everyone's job to making people better off. And Ellen Loomis today talked about it at Target and kind of their mission in communities. Any company can do that, that's not hard. It gets harder when you get up to the next level when you say, okay, I now have a set of energized people who understand there's meaning in what they do. That can be top down led, frankly. It's then how you actually attack that middle management kind of people who like controlling information and think that knowledge equals power and breaking that down. That's really the harder part and the one where I've spent a lot more time talking to executives. But I think people try to do that first versus saying, hey, does everyone in your company know your mission statement and do they know how their job connects to that? That's something that the CEO can mandate, right? But if you don't do that and you don't have that foundational thing going on to the other, it just, you're kind of wasting your time. Yeah, you made a great analogy. You talked about sort of building on the shoulders of giants, where we are today in the industry is because people, we're willing to not patent the light bulb. We wanted to put those ideas out there. You talked about companies kind of getting uberized. Do you find that that CIOs understand that it's no longer about having to own everything, we talked about target. They said, we don't own the supply chain anymore. We don't necessarily own manufacturing. We're building on those shoulders of giants. Do you think people get that? Is that, I mean, that's very much this idea of participating on what's out there, participating, building it going forward. Are you seeing that beginning to grow, that momentum? Oh, I see it a lot. I mean, even like large German financial services companies are now saying, hey, I get it. I need to have my people be able to participate. And they see it from multiple levels. First off, I think across the board, CIOs recognize now to get the best developers. They have to allow their developers to contribute to open source communities because that's how people build their resume. So just if I want talent, I have to let them participate. And then for the next level up is we're starting to see more and more saying, okay, if they're going to participate, let them do it in communities that also helped me. And so we have a couple of projects that were companies we bought in an open source. So they're a little different like cloud forms. And I've been amazed to see the number of really large companies that are putting full-time developers on working on cloud forms because there's basically saying, this meets a set of needs I have, sort of, but they're these 50 things I want. And rather than coming to Red Hat and waiting two years for our developers to do it, they're just writing it themselves and driving it in upstream. So I think they're getting it. The biggest two issues I think the CIOs have around it is first off, they have to sell it internally, right? The number of CIOs I've talked to have come to us and said it helped me convince my legal department to allow my developers to contribute, right? That's a hard one. And then the other one is just the whole culture change of how you actually take a lot of people in an IT organization who are used to equating a system going down with getting fired and saying, hey, it's time to take some risk. Let's experiment some, let's innovate. If it goes down, that's okay, right? And so dealing with the culture change and then dealing with intellectual property lawyers are two big ones that they're working their way through. Yes, so Jim, Red Hat's always an interesting company to watch. First of all, congratulations. You know, the first $2 billion open source company. Thank you. When we look at kind of the existing products and some of the emerging products, I mean, you've got a whole extra dynamic of that, you know, adoption and community building and readiness. You know, it's not just build a product and hope that customers are ready for it. I mean, you know, when I look through the announcements, containers are obviously really big. Brian was just at DockerCon last week. We know how Red Hat is involved here, but how would you, as you plan and you say, okay, we're going to go from $2 billion to, you know, here's our goal to be a $5 billion company. You know, how do you build the kind of maturity of the communities and the open source products and fit that into the overall planning of the company? Well, that's one of the things that excites me most about Red Hat is if you think about where we came from, it started off with Linux. And Linux in the open source development model did a great job of developing features and functionality. The issue is, essentially, you want to put that in production long term. The last thing you wanted is fast feature revision, right? That's, you know, release early, release often and all the powerful things for a development model made it hard to deploy, right? And that's what Red Hat did, right? We built a business model to say, how do we take this fast piece of feature development and actually productize it and make it stable to run, you know, nuclear submarines and stock exchanges? And we did that for a long time on a set of technologies that looked a lot like what already existed, you know? Linux looks like Unix and Jbos looks a lot like WebStream and WebLogic. But over time as the web companies have really taken off, they've started doing everything in their infrastructure and open source. So now all of a sudden, CIOs see this massive wave of innovation coming out of open source. So if five years ago you set open source on a CIO's mind, they would say, oh, low cost. Probably pretty good, but low cost. Now when you say open source, they're saying innovation. So for Red Hat, we spent a lot of years taking share in established categories. Unix to Linux, Windows to Linux, WebStream and WebLogic to Jbos. But now what's really driving our growth is talking about how are you building your next generation architecture. So we are one of the largest contributors to the Docker project. We are the second largest contributor to the Kubernetes project. Because now what we're seeing is enterprise IT saying, here's where the world's going. Red Hat, you have to be there with this infrastructure to help us catch that. So now we're sitting in the CIO's office talking about innovation rather than in the VP of purchasing office talking about how we can take money out of your infrastructure. And that's a whole different conversation because you're on the value side of the equation. So we're seeing, if you saw it with one of the innovation award winners on Amadeus, they're using our container platform to basically drive their whole next set of functionality. So it's not about carving out costs, it's about driving functionality. And that's a much bigger market when you start to think about the potential for IT. And we're uniquely positioned to take all this open innovation and drive it as product for enterprise customers. And so that's why going from two to five billion, I don't want to be cavalier, but that's something that we feel really confident we'll be able to do over the next several years. Yeah, the more and more we, Stu and I and Wikibon and theCUBE talk to enterprise customers, government customers. We're hearing this theme over and over, which is we look at open source as our way to figure out the technology to educate ourselves. They feel like they're more prepared when Red Hat walks in the room, when any vendor walks in the room, it becomes a must have. Do you guys feel like, I mean, you kicked off the show today talking about OpenShift, application development. You kicked off your financial show talking about OpenShift. I mean, do you guys feel like you're the best positioned company in terms of helping customers say you're making open source part of your core culture, how you decide applications, decide technology. We're the ones that are going to help you turn that into something like you said, that you can run submarines, run stock exchanges, run telephone companies on. Well, that's what we've done for a long period of time. And, you know, what's fascinating to me is Red Hat's been the only kind of publicly traded kind of at scale open source company. I hope there are many more and obviously Hortonworks has gone public now and so Cloudera's fully grown. So there's another set of companies but we've done it at scale. But what's interesting is most open source companies don't follow our model, right? They actually do an open core model. And you know, we deeply believe in our model which is everything is open on the development side because it's a better model. But our whole business model is how do we actually harden that and drive that forward? So you mentioned OpenShift, right? So the problems that we're trying to solve for customers isn't what's the functionality in the container or even what's the functionality in Kubernetes around orchestration, right? Google's doing that, right? So there are plenty of really smart people who run big data centers who can help drive the functionality. What we're driving is saying, okay, how do you think about running that in production? So you take something like containers, right? Which we are all in because we're really passionate about it. We believe it's an incredibly efficient way to develop applications. But if you look at something like this recent bash bug, you know, the buffer overflow bug, that literally affected every container in production because that's in user space. So it's in the container, right? So if you're thinking about functionality of the container, that's one thing but we sit and start with saying, we're running production, all right? So the real problem is, okay, if there's a problem, how do you literally pull back every single container without taking your systems down, rebuild it to fix the problem and get it back redeployed, right? That's the mindset we go into these open-source projects with. The functionality will happen, right? And we try not to start open-source projects. We get involved in the most robust ones. Our DNA in day one is, how do I take it and run it securely, safely, at high reliability in production? And I think because we come at it from that angle, in the end, you know, a lot of these things, early days, they'll be, you know, a buzz about, ooh, this new person, new functionality, new cool stuff. But when it comes time to put it in production and you start looking about what you need, that whole life cycle and what we do and the dollars we spend on that start to show value and therefore help us drive our business. Funny anecdote, you sort of telling that story of thinking about the life cycle. We sat next to a guy at breakfast this morning, one of your customers, large retailer, he said, look, I have so many stores that when I have to roll out new stuff, I can do two, three, 400 in a year, but we have 5,000 stores. I have to think about that long cycle. I have to think about that many. So the fact that you're thinking the same way that he's thinking, you know, again, like you said, you're really aligning, you know, what you do well with what their problem is. I think that's really, really critical as you think about how to grow the business. Well, that's really, so if you look at Kubernetes, we're the second largest contributor, right? And so we're not focused on the things that Google knows well. We're focused on things saying, okay, what does an enterprise need that Google might not need? So a greater level of persistence, right? How you start thinking about the fact that you might have multiple locations versus these few mega data centers. And so the feature functionality we're driving are exactly the things that enterprises need to augment the things that Web 2.0 is already doing and doing well. Yeah, absolutely, absolutely. So what, you know, we just talked about containers. For a lot of people, containers are like, whoa, super new and, you know, kind of outside their realm. You announced during your financial results that you had a big IoT win, which even seems further out. Talk about where IoT and Red Hat fit together and what you're hearing from companies that are trying to push towards IoT. Well, I think a couple of observations there. First off, you know, IoT is not new and that there've been devices out in the field a lot. What's really different is they're now connected. And so, you know, I would say we were originally dragged into IoT at the device level when we had a couple of large customers come and say, hey, now that these things are connected to the internet, they're exposed and so I need to be able to push security updates to this device. And since they're all running Linux, it's like, well, who has a security response team, right? With the heritage of pushing, you know, within hours updates. Well, that's Red Hat, that's what we do. And so we got pulled in at the device level because of security, now that these things are hooked up. But what we found over time, the place where the majority of the traction is and that very large IoT win you talked about actually was not the operating system, it was messaging. All of the modern, high-speed, open messaging work that we've done plays incredibly well into IoT because it needs to be lightweight. And because you're talking about hundreds of thousands or millions of units, it needs to be very, very low cost. And so all of a sudden, we're building a nice business there, we've announced some reference architectures with EuroTech and with Intel, more at that kind of gateway level. And it's just a tremendous opportunity for us. It's really kind of come to us versus us kind of identifying it up front. Yeah, so Jim, I'm curious, what do you think about other large companies that leverage open source, maybe have open core, but haven't been given back as much? And I think even your keynote, there were a few companies that, you know, if you look at Google or an Amazon, traditionally haven't quite given back as much, but you talked about their artificial intelligence initiatives that they're opening up. So do you think more companies are going to be pushing that way, or is it, you know, where do you think they'll go with their models? Well, yeah, one of the things that excites me about something like AI when you have Google and Facebook and others who are pushing their stuff out is that I think that's going to force others that might pursue a more closed path because, you know, if you're trying to build and sell intellectual property, which is kind of the old model, and you're competing against Google and Facebook where that intellectual property is a byproduct of what they do, you're screwed, right? You need to rethink your model here, right? These are companies willing to give all of that away and build participation. So if you're one company trying to compete with that, over time you're going to recognize you're going to have to open source it. So, you know, I have no idea exactly what people's motivations are, but you know, I talked about Google, Facebook, Amazon, you know, Microsoft all opening their platforms. Question is, if Google and Facebook hadn't done it, would Amazon and Microsoft, I don't know. They're typically historically been less open, but I think competition's naturally dragging them that way. So it's great to have a couple that are open, and I think that will help drag others that way. Okay, so you talked about the mind shift from open source being cost-centric to innovation-centric. What about security? What are the conversations you're having with customers and how security fits into the conversation around your solution set? Well, it's top of mind of every board of directors on or I talk to every CIO out there. There is a growing recognition that security is, you know, probably the single largest threat that most IT organizations are going to have to face. What I find interesting is, I don't hear a lot about who is open source more or less secure. If anything, there's a general kind of growing agreement that it's more secure, but recognize open source development model. The problem that you have is, if you don't lifecycle manage it, if it's inherently more secure, but you don't lifecycle manage it, you got a problem. We last year actually just as a thought experiment wrote four hello world applications in containers, okay? Now, and compiled them. So this was, you know, of course where Red has, so C, Java, but also JavaScript and Python. And then we looked over the course of the next year, how many security updates did we push that were packages in user space, so therefore inside the container against those. And it varied from, you know, 50 to 60 to a couple hundred. So, lifecycle managing open source is no different than lifecycle managing any other piece of software. So the biggest risk that here CIOs talk about is, well, I don't know what all is in my infrastructure because if people have downloaded and used open source stuff that I'm not pushing updates to, I'm at risk. And that's true. And so part of our message is to say, that's not something inherently wrong with open source. Open source because of the model is inherently more secure because you have more eyes on it. That doesn't mean that you don't have to lifecycle manage it like any other piece of software in production. And that's the one we try to hammer on, hammer on, hammer on because you do get a lot of developers who get really excited about the brand new thing, download it, put it in production and frankly forget about it, right? And those are the real gotchas that we need to make sure that we work our way through. So in the board level discussions, you know, what does the board need to know about security? Is there kind of a checklist that they should be going through as to what they pay attention to? Well, look, technology is 10% of the issue, right? 90% is processing governance. And so really making sure that you have a chief information security officer, that you have an organization that's thinking about it, that you have the right audit trails, that you really have procedures that are followed. If you look at virtually every major hack that we've seen happen, it's rarely to say, ooh, they found a vulnerability we didn't know about. It almost always happens because systems weren't patched or the antivirus security wasn't updated. It's primarily processing systems and you have to think about it no different than you think about your financial accounting systems, right? You know, I have to sign every quarter as a public company our documents that say, we have a full set of audited results and we have processes and procedures. We have to follow those in IT just as rigorously and you know, IT is an interesting mix of production stuff that, let's be honest, feels dull and all the cool bells and whistles, new cool things. And the issue is all those cool bell and whistle new things when they go into production, needs to have all that boring audit trail process system around it. And as a board, and the boards that I'm on are the ones that I've talked to about this, it's really process system audibility. The technology is actually a much smaller piece of the overall thing. Yeah, I'll ask you one last question because I know we're running short on time, you're busy. It's kind of a crazy world these days. Microsoft loves Linux, open source is winning, I can get software anywhere on public clouds and like how do you talk to CIOs when all the rules that we used to know, the swim lanes we used to know for 10, 20 years are kind of going, I mean is there ever been a better time for the customer to say I want to dictate how vendors and technology can help me? Like how do you help people make sense of all these things being kind of crazy in gray areas? Well man, that's one of the fascinating things. So I think people are beginning to recognize more and more open source is a development model and for certain types of software because of user-driven innovation and the Googles and Facebooks, it's a phenomenally powerful innovation model. That doesn't mean there's open source and there's proprietary, right? There's so many solutions ultimately or a mix of those things in every company including Microsoft is contributing to open source and leveraging it as part of solution. So I think there was a time when people thought, okay, a Red Hat versus Microsoft and one has to win and one has to lose because it's either going to be an open world or it's going to be a closed world and what we're finding over time is, check the box, open source is winning at the infrastructure layer, whether that's at Microsoft or anywhere else. But that doesn't mean the whole world is going to become a bunch of Red Hats and so understanding exactly the power of open source, where it fits, how it resides, you can't say I'm not going to use open source or you couldn't run a data center. At the same time saying I'm going to do everything that's open source, you're going to limit yourself to vendors and so recognizing that it's going to be kind of a mixed hybrid world is something everyone needs to get familiar with and therefore ultimately understanding what open source is and isn't. The development model versus how you consume software fundamentally different things. Yeah, great. Jim, last question I have for you. Just organizationally, as Brian said, there's so many changes going on. How do you balance the, keeping certain products and communities going, starting up new environments? You've had a couple of acquisitions you've made, the growth of the company overall. It's a really tough thing to balance. Red Hat in general, our biggest issue is we have too much opportunity, right? We have a model, this production system and ability to then build product out of that for mission critical workload that is extensible in a lot of areas. We could be in big data, we could be in SDN. There are a whole lot of areas that we're not in today that we could do more in. And so for me every day it's a constant balance. Are we doing enough without doing too much, right? Because more companies fail from indigestion than starvation, right? So most companies try to do too much. And so it's an art every day to make sure that we are putting enough wood behind the arrow or enough resource time and attention to make sure that we reach the full potential of the things we're in without missing too much. And I don't know if we have that line right or not, frankly. We obviously have existing core businesses around the core JVOS franchise and RHEL that are kind of relatively mature. But if you think about we're funding a whole set of things we're doing around hybrid management, OpenStack, containers, orchestration of container storage. And so we're already doing a lot. And so the question is, should we be doing more or less? Hopefully we're kind of hitting the right mark in that but we look at it every day. And obviously acquisition is one way to help us with that where we can kind of bring in new people who already have a set of expertise. All right, well, Jim Whitehurst, president and CEO of Red Hat, also the author of the Open Organization igniting passion and performance. Lots of passion here at Red Hat Summit. We'll be back with lots more of our three days of wall-to-wall coverage here. You're watching theCUBE.