 TheCube presents KubeCon and CloudNativeCon Europe 2022, brought to you by Red Hat, the CloudNative Computing Foundation and its ecosystem partners. Welcome to Valencia, Spain and KubeCon, CloudNativeCon, Europe 2022. I'm your host, Keith Townsend, alongside Paul Gillan, senior editor, enterprise architecture for Silicon Angle. We are, I think at the halfway point, to be fair, we've talked to a lot of folks in open source in general. What's the difference between open source communities and these closed source communities that we attend so much? Well, open source is just, it's that, it's open, it's anybody can contribute. There are a set of rules that manage how your contributions are reflected in the code base, what has to be shared, what you can keep to yourself. But the, it's an entirely different vibe. You know, you go to a conventional conference where there's a lot of proprietary being sold and it's all about cash, it's all about money changing hands, it's all about doing the deal. And open source conferences, I think, are more, they're more transparent. And yeah, money changes hands, but it seems like the objective of the interaction is not to consummate a deal to the degree that it is at a more conventional computer conference. And I think that can create, you know, an uneven side effect. And we're going to talk about that a little bit with, honestly, a friend of mine, Alice Ellis, founder of OpenVas. Alice, welcome back to the program. Thank you. Good to see you, Keith. So, how long have you been doing OpenVas? Well, I first had this idea that serverless functions should be run on your own hardware back in 2016. Wow, and I remember seeing you at DockerCon EU, was that in 2017? I think that's when we first met and Simon Foskett took us out to dinner and we got chatting and I just remember, you went back to your hotel room after the presentation, you just had your iPhone out and your headphones, you were talking about how you tried OpenWisk and really struggled with it. And OpenVas sort of got you where you needed to be to sort of get some value out of the solution. And I think that's the magic of these open source communities and open source conferences that you can try some stuff, you can struggle with it, come to a conference, either get some advice or go in another direction and try something like a OpenVas. But we're going to talk about the business perspective. Give us some hero numbers from the project. What types of organizations are using OpenVas and what are the downloaders, stars, all those, the ways you guys measure project success? So there's a few ways that you'll hear this talked about at KubeCon specifically and one of the metrics that you hear the most often is GitHub stars. Now a GitHub star means that somebody with their laptop like yourself has heard of a project or seen it on their phone and clicked a button, that's it. There's not really an indication of adoption but of interest and that might be fleeting and a blog post you might publish might bump that up by 2000 and so OpenVas quite quickly got a lot of stars which encouraged me to go on and do more with it and it's now just crossed 30,000 across the whole organization of about 40 different open source repositories. Wow, that is a number. Now you are in an ecosystem where Knative is also taken off and can you distinguish your approach to serverless or FAS to Knatives? Yeah, so Knative isn't an approach to FAS. That's simply put. And if you listen to Aki Vilas from the Knative project, he was working inside Google and wished that Kubernetes would do a little bit more than what it did. And so he started an initiative with some others to start bringing more abstractions like autoscaling, revision management so you can have two versions of code and shift traffic around and that's really what they're trying to do is add on to Kubernetes and make it do some of the things a platform might do. Now OpenVas started from a different angle and frankly, two years earlier. So you know, it kind of led in the space and built out that ecosystem. So the idea was I was working with Lambda and AWS Alexa skills. I wanted to run them on my own hardware and I couldn't. And so OpenVas from the beginning started from that developer experience of here's my code, run it for me. Okay, Knative is a set of extensions that may be a building block but you're still pretty much working with Kubernetes. We get calls come through and actually recently I can't tell you who they are but there's a very large telecommunications provider in the US that was using OpenVas. Like yourself, heard of Knative and in the hype they switched and then they switched back again recently to OpenVas and they've come to us for quite a large commercial deal. So do they find Knative to be more restrictive? No, it's the opposite. It's a lot less opinionated. It's more like building blocks and you're dealing with a lot more detail. It's a much bigger system to manage. But don't get me wrong. I mean, the guys are very friendly. They have their set of use cases that they pursue. Google's now donated the project to CNCF and so they're running it that way. Now it doesn't mean that there aren't phases on top of it. Red Hat have a serverless product, the NY have one. But OpenVas, because it owns the whole stack can get you something that's always been very lean, simple to use, to the point that Keith, in his hotel room, installed it and was productive with it in an evening without having to be a Kubernetes expert. And that is, if you remember back then, I was very anti-Cubernetes. Yes. It was not a platform I thought that was, and for some of the very same reasons, I didn't think it was very user-friendly. You know, I tried OpenVas. I'm thinking what enterprise is going to try this thing, especially without the hand-holding and the support needed to do that. And, you know, something pretty interesting that happened, I shared this with you on Twitter, I was having a briefing by a big microprocessor company, one of the big two. And they were showing me this, some of the work they were doing in CloudNative. And the way they stretch test the system to show me auto-scaling is that they bought up an OpenVas, what is it though? The whale, the whale text that just does the cows maybe. Yeah, the cows, that does just a bunch of text. And it just auto, and I'm like, one I was amazed at is super simple app. And the second one was, the reason why they discovered it was because of that simplicity. It's just a thing that's in your store that you can just download and test. And it was OpenVas and it was this big company that you had no idea that was using OpenVas. How prevalent is that, that you're always running into these surprises of who's using the solution? There are a lot of top tier companies, billion dollar companies that use software that I've worked on, and it's quite common. The main issue you have with OpenSource is you don't have the commercial software you talked about, the relationships. They don't tell you they're using it until it breaks and then they may come in incognito with a personal email address asking for things. What they don't want to do often is lend their brands or support you. Right. And so it is a big challenge. However, early on when I met you, BT Liveperson, the University of Washington and a bunch of other companies had told us they were using it, having discussions with them, took them to KubeCon and did talks with them. You can go and look at them in the video player. However, when I left my job in 2019 to work on this full-time, I went to them and I said, you know, using production, it's useful for you. We've done a talk, we really understand the business value of how it saves you time. I haven't got a way to fund it and it won't exist unless you help. The like sucks to be you. Wow, that's brutal. So, okay, let me get this right. I remember the story, 2019, you leave your job, you say, I'm going to do open fads and support this project 100% of your time. If there's no one contributing to the project from a financial perspective, how do you make money? Like, I've always preached open source because you're the first person that I've met that ran an open source project. And I always pitch it to them, people like you who work on it on their side time, but they're not the K-natives of the world, the SDOs that have full-time developers sponsored by Google and Microsoft, et cetera. If you're not sponsored, how do you make money off of open source? This is the million dollar question. Really, how do you make money from something that is completely free, where all of the value has already been captured by a company and they have no incentive to support you, build a relationship, or send you money in any way? And no one has really figured it out. Arguably, Red Hat is the only one that's pulled it off. People do refer to Red Hat, and they say the Red Hat model, but I think that was a one-off, and we can kind of agree about that in a business. However, I eventually accepted the fact that companies don't pay for something they can get for free. It took me a very long time to get around that, because you know, Open Source Enthusiast built a huge community around this project. Almost 400 people have contributed code to it over the years, and we have had full-time people working on it on and off, and there's some people who really support it in their working hours or at home on the weekends, but no. I had to really think, right, what am I going to offer? And to begin with, it would support existing customers weren't interested. They're not really customers because they're consuming it as a project, so I needed to create a product, because we understand we buy products. Initially, I just couldn't find the right customers, and so many times I thought about giving up, leaving it behind, my family would have supported me with that as well, and they would have known exactly why even you would have done. And so what I started to do was offer my insights as a community leader, as a maintainer to companies like we've got here. So Castin, one of my customers, Cystic, one of my customers, Rancher, our DigitalOcean, a lot of the vendors you see here, and I was able to get a significant amount of money by lending my expertise and writing content. That gave me enough buffer to give the adopters time to realize that maybe they do need support and go a bit further into production, and over the last 12 months, we've been signing six-figure deals with existing users and new users alike in enterprise. For support. For support, for licensing of new features that are closed source, and for consulting. So you have proprietary extensions also that are sort of enterprise class, right, and then also the consulting business, the support business, which is a proven business model that has worked. Is a proven business model. What is not a proven business model is if you work hard enough, you deserve to be rewarded. You have to go with the system. Winter comes after autumn, summer comes after spring, and it's no point saying, why is it like that? That's the way it is, and if you go with it, you can benefit from it, and that's what the realization I had as much as I didn't want to do it. So you know this community well. You know there's other project founders out here thinking about making the leap. If you're giving advice to a project founder and they're thinking about making this leap, you know, quitting their job and becoming the next Alice, and I think this is the perception that the misperception out there. Yes. You're well known. There's a difference between being well known and well compensated. Yeah. What advice would you give those founders? To be, before they make the leap to say, you know what, I'm going to do my project full time, I'm going to lean on the generosity of the community. There are some generous people in the community you've done some really interesting things for individual like contributions, et cetera, but that's not enough. Look, I mean, really you have to go back to the MBA mindset. What problem are you trying to solve? Who is your target customer? What do they care about? What do they eat and drink? When do they go to sleep? You really need to know who this is for and then customize a journey for them so that they can come to you and you need some way initially of funneling those people in, qualifying them because not everybody that comes to your student or somebody doing a PhD is not your customer. You need to understand sales. You need to understand a lot about business, but you can work it out on your way. You know, I'm testament to that and once you have people, you then need something to sell them that might meet their needs and be prepared to tell them that what you've got isn't right for them because sometimes that's the one thing that will build integrity in a relationship. That's very hard for community leaders. It's very hard for community leaders to say no. Absolutely, so how do you help them over that hump? I think of what you've done. So you have to set some boundaries because as an open source developer and maintainer, you want to help everybody that's there regardless and I think for me, it was taking some of the open source features that companies used, not releasing them anymore in the open source edition, putting them into the paid, developing new features based on what feedback we'd had, offering support as well, but also understanding what is support? What do you need to offer? You may think you need a one hour SLA for a fix. Probably turns out that you could sell a three day response time or one day response time and some people would want that and see value in it. But you're not going to know until you talk to your customers. Well, I want to ask you, because this has been a particular interest of mine, it seems like managed services have been kind of the lifeline for pure open source companies, enabling these companies to maintain their open source routes, but still have a revenue stream of delivering as a service. Is that a business model option you've looked at? There's three business models perhaps that are prevalent. One is open core, which is roughly what I'm following. Then there is SaaS, which is what you understand. And then there's support on pure open source. So that's more like what Rancher does. Now, if you think of a company like Boyant that produces LinkedIn, they do a bit of both. So they don't have any closed source pieces yet, but they can host it for you, or you can host it and they'll support you. And so I think if there's a way that you can put your product into a SaaS that makes it easier for them to run, then you know, go for it. However, we've opened fast. Remember what is the core problem we're solving? Portability, so why lock into my cloud? Wow, Alex. Take that option off the table, go ahead. It's been a long journey and I've been a fan since your start. I've seen the bumps and bruises and the scars get made. If you're an open source leader and you're thinking about becoming as famous as Alex, hey, you can do that. You can put in all the work, become famous. But if you want to make a living, solve a problem, understand what people are willing to pay for that problem and go out and sell it. Valuable lessons here on theCUBE from Valencia, Spain. I'm Keith Townsend along with Paul Gillan. And you're watching theCUBE, the leader in high tech coverage.