All righty. Good morning again. This is Jim Fish with F5. Actually, a very unique F5, and Kara keeps teasing me a little bit here, but we have the pleasure of having Kara Sprague and Cooper Werner. Kara, congrats on the recent development, and good luck on your next endeavor.
Thank you.
Great to have you here.
Thank you.
Cooper, you know, about time you got that promotion, right?
Thank you.
Shove, shove Frank out of the way. But, congrats to Frank on, on retirement, and congrats to you as well. So I've got a bunch of questions here we're going to run through. I'll open it up with about five minutes left if there are any questions. But, I think, Cooper, you have something that you have to read.
Yes, I do. Just to get our safe harbor on record, "Please note that our discussion today may contain forward-looking statements which involve uncertainties and risks. Our actual results may differ materially from those expressed or implied by these statements. Please see our SEC filings for more information on these risk factors.
Riveting statements. Anyways, high-level first question here: How are enterprises balancing sort of core work spending versus this kind of need to spend on AI? You guys started talking about data center monetization on your last couple calls.
Yeah, I'd say broadly, what we're hearing from customers is that there is a. You know, they're going through that evaluation process, but they're very focused, at least in early days, in near-term return on investment in driving productivity gains. What we haven't really seen, and we've talked a lot to our sales teams as well, is we haven't seen, like, a significant reprioritization of budgets to fund material AI investment on some of these productivity initiatives. So the budgets pertaining to more workload management and some of the areas that we support have held intact pretty well.
We have actually seen some significant use cases with a smaller set of customers that are investing more aggressively in AI, particular to training large models, and the data ingest going from the storage back into their environment, and that's an area where F5 provides a lot of support in terms of load balancing, and so we're seeing some traction. It's a smaller set of use cases, but it's interesting.
Yeah, and you know, you guys always are one of the first reporters, and you guys started calling out essentially demand stability. I think Cisco recently echoed that, and even Broadcom, if you want to go down the supply chain, started talking about, you know, network non-AI-
Yeah
... network spend stability. So I guess, what's driving the confidence in sort of the demand and the ecosystem that we're at a bottom, you know, maybe 2025 is a better network spend year? Is there a way to think about it between the systems versus the software-
Yeah
... which I know can be hard to, you know, forecast, but?
Yeah. And it's, you know, it's a little bit early in terms of what these trends could mean. But what we saw in our most recent quarter and kind of heading into our Q4, which is this quarter, was some stabilization in the pipeline and starting to see some growth in that pipeline, particular to our systems business. And we've seen our close rates improve. And so as we look forward, we think that those are good signals as to where, you know, demand could trend. But we haven't made an update into our outlook for FY 2025 just yet, so more to come on that on our October call. But to. So we're seeing on both sides of the business, hardware and software.
With our hardware business, what we've seen is that customers have gone through a period of kind of sweating their infrastructure, just with some of the budget challenges that they've had. And one of the things that we track closely is the aging of that installed base with F5, particular to infrastructure that may be kind of five, six, seven years old, where you would typically start to see that refresh. And the attach rates we saw of maintenance on those aged appliances had been elevated over the last year, and we're starting to see that stabilize now. And hand in hand with that stabilization of that aging, we're seeing an increase in pipeline, particular to tech refresh. And so that's where we're encouraged that there are signs that customers are starting to move forward with those refresh engagements.
On the software side, the other thing that we noted was that, for the first time in the past year, we started to see pipeline build particular to new software engagements. And so we'd seen some of these digital transformation initiatives had been kind of stalled out with customers, and these very often are large projects where F5 is a key piece of that project, but we don't have. We're not the full solution. And what we've seen is that that business has started to pick up a little bit. So we're encouraged as we head into next year, but no more to come.
Got it. And a favorite topic of yours and mine is this little thing called Distributed Cloud Services. I like to call it F5 as a service, but I'll let your CMO take care of that. So really, what makes Distributed Cloud Services different than what you can get out there from newer services, and how does that change the competitive landscape for you?
Yeah, so Distributed Cloud Services is F5's portfolio, SaaS and managed services, and it was created by integrating F5's security.. additional security capabilities onto a SaaS platform and making that available to customers, and it's different from what you can get from competitors, and I would argue it's even one of the more newer ones. It's different because it's software-based, and therefore, it's not limited to the POP-based infrastructure that many of these other edge players are constrained by. You can deploy Distributed Cloud Services into an on-prem data center. You can deploy it into your public clouds, any of your public cloud enclaves, and what that does, it will extend the fabric or the mesh into those environments and enable you to run the services locally in those environments.
That's a very, very different value proposition from what you might see from the edge players and the traditional CDNs.
So how are you thinking about packaging or bundling on DCS, especially as you start to think about, well, does API security, for example, require a WAF or not, and some of that debate? Like, first off, how do we think about, does it require that for the blocking and tackling, or not? And then how are you thinking about that packaging approach?
They are different capabilities, and we offer customers the option to buy them all a la carte, but we are also offering full packages or bundles for the web app and API security suite, which includes web app firewall, API security, distributed denial-of-service protection, as well as anti-bot. The packaging is quite flexible, depending on what the customer needs. Where we are going with this, if you look at what we have with Distributed Cloud Services, we now have a SaaS based consumption model for many of our best security services. That is a good complement to the deployable consumption that we offer through our hardware and our packaged software.
And you can imagine over time what we will be moving towards is offering packages of, for example, a WAF that can be deployed either on-prem through a deployable form factor or a SaaS. It doesn't really matter. It's just a WAF, and you can apply that WAF to any application you want.
Got it. And, Cooper, last week, we had the chance to chat a little bit around AI, and, you know, what ways could F5 benefit, both from the hardware and the software side on AI? And I know it doesn't necessarily work like this, but just trying to dumb it down a little bit. But is there a way to think about like, for every one load bal- like, one load balancer to X amount on the GPU side, like, and-
Yeah, and so there's opportunity for F5, both in the hardware and software side, and I'll let Kara expand. But there is a relationship in terms of the GPU cluster, you know, how that growth translates over time and the use for F5 hardware. That relationship is something that we'll get a better understanding of over time as we start to see more real-world models. But really, it's about F5's ability to do what we do best in our kind of legacy with the managing workloads and doing the load balancing work, and really, we're trying to just help customers drive the efficiency up of that investment in their GPU cluster.
Cause as we all know, it's a very expensive investment, and the efficiency right now is not where I think customers want it to be, long term. And so anything that we can do to help improve that investment for our customers and drive higher utilization is something that's gonna really resonate well. On the software side, I think this is longer term, probably where the wider opportunity is within our customer base, is customers are deploying AI more kinda classic efficiency and productivity use cases. That's where you're gonna see a proliferation of AI workloads that communicate to each other via APIs. And the API security opportunity for F5 is pretty compelling, leveraging our F5 Distributed Cloud Services platform.
If I might expand just a little bit.
Sure.
So Cooper mentioned that AI is an opportunity for F5, both in the hardware as well as in the software, and I wanna share a little bit of some of the opportunity there, so when it comes to AI applications, traffic management or load balancing is still a really important function in any AI application architecture, and so that includes doing data retrieval for RAG-type of use cases, scaling across AI factories, load balancing across AI factories, providing access and high throughput access to storage tiers, and also doing request distribution for inference, and so all of those are places where traffic management, load balancing, and application security capabilities have insertion points, and already we're seeing early wins in customers in many of those scenarios.
Got it. How does the shift towards AI and sort of cloud applications change the need for API security or your security suite generally?
AI applications are a form of modern application, meaning they're generally microservices-based, and often times those microservices might be distributed across different environments, and as Cooper was talking about, those microservices talk to each other or communicate to each other through APIs, and so it is not disingenuous to say that the application security for AI apps is fundamentally about API security. Those two are very, very tightly related, which is why we do see a big opportunity when you start talking about, you know, more and more applications becoming AI-powered, and over time, those applications will drive a proliferation of more APIs. We believe that there's a gigantic opportunity in that space for API security.
And last year or so, you guys have brought it up a little bit more on the calls, your sort of legacy competitors. How do we think about what's coming up for renewal among, you know, your largest competitor there on the private side? How big that opportunity could be as we start thinking about back half of this year. I know you guys are fiscal year end September, but then into kind of next calendar year. Like, think about any programs in place to take advantage of that, maybe from the go-to-market side?
Yeah. So I'll put some parameters around this. In our deployable business, so the business of our hardware and our packaged software, in that ADC space, F5, you know, plays with about 40% to 45% market share in that space. And our next largest competitor, Citrix, is about half that size in terms of market share. Now, about 12 to 18 months ago, Citrix made some changes to their go-to-market model, which involved removing the option for customers to purchase in a perpetual model, which is still a healthy business for F5, because customers still have some customers still prefer that. And equally, they also implemented a number of pricing changes, which for some customers by almost an order of magnitude. And that has driven a number of customers to seek alternate solutions.
And we have benefited significantly in terms of taking, you know, customers that were very long-term customers of that particular competitor have come over to F5, and we're seeing a steady flow of those customers coming in. Now, to put that on a time horizon, oftentimes, the deals that are under discussion with these players are on a three-year window. And, granted, if they made the changes 12 to 18 months ago, there may be some customers that just didn't have the time to prepare, and respond in terms of architecting differently. But we believe over the next, you know, several years, there's a big opportunity for us to capture more of that share.
Makes sense. And so maybe within your own base, how in terms of renewals and visibility that you have, so what's the breakdown of the expansions you see with software between upsell or increased capacity and cross-sell? Is there any impact from customers moving towards flexible consumption over the traditional term license?
Yeah, absolutely. So you mentioned flexible consumption. So just to kind of level set, this is a program that has been our most successful commercial model. We call it the Flexible Consumption Program. And really, what this is, is it's a model for customers to contract with F5 for multiple years. It's typically a three-year cycle, and it allows them to contract for an agreed upon value, but they don't have to have line of sight as to exactly what they're going to be deploying with F5 over the duration of that contract. And so what it allows them to do is not have to have perfect visibility into how their applications are going to perform over time, where those applications are going to reside, and make a call upfront as to exactly what product they need.
Instead, they have the flexibility to deploy what they need, when they need it, where they need it within this contract, and then we will measure that, the value of what they're consuming over time, and then we will uplevel the contract to the extent that they're overconsuming their initial commitment. And so it really provides a lot of protection against stranded capital for customers, and it also reduces the friction of deploying new product because they don't have to go through that procurement cycle. And the reason it's been so successful is because it has taken that friction and that risk out of the model for customers, and what we've seen is that that has really been one of the primary facilitators of expanding what those customers are doing with F5. And back to your question, it's coming in both factors.
It's expanding in terms of increased capacity of what they've already contracted to use with F5, and we're seeing a lot of growth within applications, and so they're effectively buying more capacity or using more capacity with F5 under that model. But then, more importantly, we're seeing a wider adoption of what they're using with F5. So the initial trend that we saw was an increase in usage of NGINX. So we launched this program, it was BIG-IP initially, and then we added NGINX into the scope of the program, and we started to see a lot of customers that were adding NGINX upon that renewal, and now we're starting to see, in some cases, customers that are using NGINX, having SCPs that just have NGINX.
And so it's a similar model where they've got the flexibility as to what they're going to consume over time. And we expect to continue to see that widespread adoption across the full portfolio. At our strategy and product session in February, we outlined some statistics where customers are provisioning multiple products from F5 product families. And what we've seen is that growth within our top 1,000 accounts has gone from around 3% in FY 2017 to about 40% in our most recent fiscal year. So these are customers that are using multiple product families. But within the overall 20,000plus customer base, it's a much smaller rate of adoption still.
So we've seen evidence that customers will go down that path when they have the flexibility with that program, and yet the opportunity in front of us is still quite large.
So you guys have been going through this, you know, little transition. I even call it a transition within a transition, on the SaaS piece, too. And you guys also, not this past quarter, but two quarters ago, talked about sort of a, you know, roughly double-digit growth for software next year, but you guys clearly outperformed in Q3, so we'll see how you shake out here shortly. But you're now roughly two-thirds coming from the renewal base within recurring software. Is that what's driving the confidence in essentially a potential re-acceleration of software as we start thinking about fiscal twenty-five? And additionally, I don't think everybody's been aware, but you guys have really emphasized, you know, fiscal second half weighted-
Yeah
for fiscal 2024 and fiscal 2025. Is the renewal timing having a huge play on that, or is it something to do with sort of the SaaS business in terms of when you guys expect it to come back? Can you walk us through that?
Yeah. No, you're spot on. The renewal base, that's an area where we've got really good visibility, both in terms of the timing. Like, this is business that we already have under contract. We know when it's due for renewal. We've got pretty good history in terms of what those renewal rates and expansion rates look like, which have been really strong. And so as we look ahead into next year, we've got a view onto our overall opportunity, but also the shape of, you know, when that, the timing of that opportunity is. And it's something that we called out in our Q2 of 2024, similarly, that we were going to be a little bit back-end loaded on software, but it was tied more to the timing of those renewals.
And so we just wanted to get in front of that, as we head into next year. But yes, to your question, it does give us that confidence in that inflection in software growth for next year, just because we've got the really good visibility as to where a lot of that growth is going to be coming from. And that's really kind of the majority of it. And then, as I said earlier, we've seen some pickup on some of the new business. We'll see how that plays out over next year. And then as we kind of go through the year, we're also balancing that with our SaaS business, where we're undergoing a transition on some of the legacy products.
That's a little bit of a near-term headwind, and all that balance kind of goes into our thoughts on software growth.
Got it. Circling back on sort of the security element and around bot manager, it was maybe the one thing that we could maybe pick on from last quarter. You guys called out it as a little bit weak. What's going on there? Especially as competitors are saying bot manager's been really strong.
Yeah. So F5 has the best high-end bot protection point solution available in the market. This was a capability that came to F5 through an acquisition a few years ago, and in the highest end of the market, for the companies that have the more sophisticated and very sophisticated bot problems, it is still the go-to product for them to go to. Now, when customers are under attack and they're seeing their existing bot solutions are not cutting it, they are also coming to us for that. That said, we are seeing the majority of our current customers are renewing with us on that very high-end offering.
But we are seeing a few customers that are opting for a lower-end, bundled type of offering, which is more for the lower, lower end of the market, because they're you know, perhaps trying to save, and they're not seeing particularly sophisticated attacks at this time. So that was some of the detail that we offered as part of the discussion last quarter.
Yeah, and Cooper, you guys announced a little bit of an incentive change. I don't think you guys are incentivizing on
Right
... the services, the multi-year services. Why is now the right time? How do we think about potential free cash flow impact?
Yeah, so you know, what we've seen is that our renewals business for maintenance has been very, very strong, and we talked about the aging, you know, where we've actually seen elevated aging over the last couple of years, but the reality is that we have such a compelling support and services model with our customers, that we don't feel like we need to incentivize customers to book multiple years in advance. That risk around churn on our maintenance business is not high at all, and so there's no reason for us to be giving away value to drive those renewal rates, and so the cash flow impacts are actually not that pronounced, because in most cases, customers that did renew for multiple years still are invoiced annually.
There are some that will pay all upfront, but broadly, it's not a huge impact to the cash flows. But you do see it showing up in the deferred revenue, where we've seen it really kind of flatten out, because we're seeing less of those multi-year renewals. And over time, you'll see that start to come back in as those single-year maintenance renewals come back up for the next round of renewal.
All right. We've got a little less than five minutes left. Are there any questions out there? Otherwise, I got one. Go ahead.
Yeah, for you, you know, we've talked about API security is really in the early innings, and a lot of times you guys have to educate customers why they can't just use their WAF to block some of these attacks. So can you help us understand what's going to be the catalyst to help customers understand, we actually need this product, we can't just go with WAF. Do we need an attack to happen, or is this just going to be a longer-term sale in educating customers, educating the market, and eventually in the 2025 to 2026, do you see kind of a catalyst around that?
I think it is going to be continued education, and I'll offer some of it here, which is already, when you look at application-based attacks, API security attacks are the top number one kind of attack. And so they're already the largest threat, largest exploitable point for attackers to go after. Second point I'd offer is, API security is different and cannot be protected by a traditional web app firewall, because a lot of the API-oriented attacks go after the application's logic, meaning signature-based web app firewall simply will not catch it. And so, many customers don't-- You're exactly right. Many customers don't really understand the distinction between those two things.
But you do need a specific kind of protection, and you also need a specific capability to discover all of those APIs that you have lying about out there available to the open world, in order to have a holistic API protection capability.
So there's a little debate tonight, going on, I guess, but, really, the crux of my question is, around the Fed. You guys have, you know, a decent-sized Fed business.
Mm-hmm.
I know you're involved with some projects here and there. So, how do we think about Fed spending as we enter a really big Fed-sensitive quarter? What are they using you guys for, those types of things?
Yeah. So of course, we wouldn't comment on the current quarter, but in general, this is the larger quarter for Fed spending. It's their year-end. We are installed in most of the major federal agencies, and we've got a really good position, particularly around hardware use cases where, you know, data, you know, having governance over where the data resides is critical. And then also around security, where there are mandates around zero trust, and general app security, and authentication. And so we've got security offerings with our web app firewall that really address that. And so, you know, we feel like we're really well positioned within Fed. So, you know, we'll see how the year finishes out.
But broadly, our adoption within that space is very strong.
Just generally, you guys have raised prices in the past. I think you're trying to move more towards rSeries at this point on the systems side. What sort of pricing power do you guys have left, especially if you know the legacy competitive environment is getting more and more favorable?
Yeah. No, I think we do have good pricing power. And to your point on the legacy side, there's been some practices in the marketplace that are beyond what we would ever consider. And so it does, it'll give us permission to explore, are there opportunities for us to adjust our pricing, commensurate with the value that we're delivering? Cause we're we feel like we're the only player that's really continuing to innovate in this space. And so that's something that we'll, you know, evaluate over time. But also, as more and more of our business is coming in the form of software, just kind of adjusting our practice to model kind of typical subscription-based pricing practices, is something that we're evaluating.
And then the third thing that we're hyper-vigilant on is our discounting practices, and making sure that we're rewarding the customers that are doing the most with F5, that are expanding what they're doing within F5. And so as we you know continue to have a disciplined approach to where we do our discounting, we think that represents another opportunity for increased price realization.
Wow, that was spot on the time, the shot clock here, so-
Landed.
I think with that, we're going to wrap it up. Really appreciate it. Congrats to both of you on your recent promotions.
Thank you.
Great. Thank you.