F5, Inc. (FFIV) Earnings Call Transcript & Summary

Hi, everybody. Thank you so much for being with us today. We are really excited to share with you our Strategy & Product session. I'm Suzanne DuLong. I lead the Investor Relations efforts at F5, and we are going to get started today. I'm going to take care of a few housekeeping items before we launch at today's program. First, of course, there are the forward-looking statements. Our discussion today will contain forward-looking statements, which include words such as believe, anticipate, expect and target. These forward-looking statements involve uncertainties and risks that may cause our actual results to differ materially from those expressed or implied by these statements. We have summarized factors that may affect our results in our SEC filings. We will also be referencing some non-GAAP numbers today. For our full GAAP to non-GAAP reconciliations, please see the appendix of this slide, which will be posted to our IR portion of our website following the conclusion of today's live event. Our agenda today. We've got some great speakers for you. We're going to start out with Tom Fountain. He's our Executive Vice President of Global Services and our Chief Strategy Officer. He's going to talk about our customers' hybrid multi-cloud and AI challenges. We're then going to go to Arul Elumalai and Kara Sprague. Arul leads our BIG-IP efforts. He's the SVP and General Manager there. Kara's our Chief Product Officer. They're going to walk you through our portfolio transformation and the opportunity we see ahead. We'll then take a short break, about 10 minutes. Zeus Kerravala will join us from -- he's an industry analyst from ZK Research. We'll then wrap up with Frank for the financial recap, and François will join us on stage for Q&A. So with that, I will hand it over to Tom.

Excellent. Thank you, Suzanne. My name is Tom Fountain, and I'm EVP of Global Services and Chief Strategy Officer at F5. Thank you for joining today's strategy and product session. We want you to leave this session with 7 key takeaways. First, our digital world is in crisis. The current multi-cloud ball of fire is untenable. Second, AI is an accelerant that will make the crisis exponentially worse. Third, to capitalize on this new reality, F5 invested early and transformed its portfolio. Fourth, F5's market opportunity is much larger and growing than it was 5 years ago. Five, F5's competitive position is stronger and more differentiated than ever before. Six, F5 is successfully executing land-and-expand motions across our portfolio. And seven, F5 is positioned for sustainable revenue growth and committed to double-digit earnings growth. Before we speak to F5's strategy, I'll start by framing the context for our customers' reality today. Apps power many of the most valuable brands of our time. Nearly half of the S&P 500 are either application-led or digital technology is a key source of differentiation in their business. And even the others, digital technology is a key enabler of business processes. Applications are virtually everywhere in our lives today. They're how we bank, they're how we see a doctor, how we work remotely, how we get to dinner or how we decide to have dinner sent to us. No matter where you look, apps run today's world. It's not surprising then that the number of applications is exploding. IDC and F5 estimate that there are 1 billion application instances in the world today. And over the course of the next 4 years, that number is going to grow greater than 20% annually to 2.3 billion app instances. Along with this incredible growth in the number of applications will come incredible growth in application programming interfaces or APIs. These APIs connect our application components together. And while a typical application today might have only 1 or 2 sets of API interfaces in building the app, we expect this number to also grow substantially over the next several years. Managing this portfolio of apps and APIs is absolutely critical. Starting in the late 1990s, organizations spent over a decade collecting all of the applications from under people's desks and from branch offices and brought them to the data center. Building a traditional data center was challenging by standards of the day, but comparatively, a very simple model and approach: users connected to apps sitting in data centers. As Infrastructure-as-a-Service and Software-as-a-Service rose in prominence, the prediction was that we would move all of these applications from the traditional data center into the cloud. Hybrid cloud was but a transitory state. It was simply a temporary place while we moved everything to the cloud in one form or another. The cloud promised a multitude of benefits: a highly automated environment better suited to the business agility that was required; operational savings from automation and not having to invest for peak demand; better availability of services; and improved security. Yet almost everything about this prediction has proven wrong. Today's reality is far from the single location that was promised. Organizations often find themselves spread across multiple environments. F5's State of Application Strategy forthcoming customer research reports that 88% of all organizations operate across more than one of these environment types. In fact, the average organization operates across 4.5 different types of environments. Most organizations have hundreds of applications, and this page illustrates the distribution of those workloads across all of these different types of environments. Of course, most organizations don't just have one of each of these types of environments. They might have multiple availability zones or they might have multiple data centers or colo facilities per geographic distribution. It's not difficult then to see how the distribution of apps creates complexity. Graph theory tells us that something as simple as the number of connections grows quadratically as the number of environments increases. It's easy to see how these connections become overwhelming quite quickly. The problem, though, is actually even more acute. Public cloud democratized access to infrastructure. Public cloud also helped to accelerate the emergence of modern application development. And in modern application development, we've taken these large monolithic applications and decomposed them into much, much smaller components of work. With that then, we changed the architecture. And we moved from a 3-tier architecture to a microservices architecture, with small containerized components working in combination through APIs. Not only then are the apps distributed, but these app components are distributed. And each one of these app components has their own set of APIs and their own set of data. We at F5 have given this problem a name, and we call it the ball of fire. This ball of fire keeps getting worse. Mind you, an IT organization doesn't have just one ball of fire to worry about. They obviously must be worried and concerned about their ball of fire, but with partnerships, they now need to connect with many other parties' balls of fire. And what, of course, happens when you acquire a business? Suddenly, one ball of fire tries to consume another ball of fire. The result is an incredibly fragile and complex environment. Attackers, of course, exploit this complexity. While the defender must protect every asset every time, the attacker must find but a single point of entry. It's no wonder we read about security breaches almost daily. When it seems this ball of fire, though, couldn't possibly get any worse, enter the dawn of a new era: AI. We expect every new application will now be an AI-powered application. This will further drive each of the factors I've described already: more apps, even more APIs, greater distribution of apps and app components and new and greater cyber threats. To understand a bit about why this is the case, we don't need to look any further than the architectural diagram of a very simple AI application. AI applications are distinguished by 2 specific characteristics. First, AI applications are all modern applications. And as with all modern applications, they're componentized. But even more so than a normal modern application, these applications use APIs to access many AI models and many AI services. Our upcoming State of Application Strategy research concludes that API security is the single topmost issue customers face when rolling out AI-powered apps. The second major architectural shift that distinguishes AI apps is that they require many data sources: data for AI training, data for the app, data for AI inference. Data is central to AI. And since this data is inherently distributed, our multi-cloud connectivity problem just keeps getting worse. AI-powered apps makes the ball of fire even more complex and susceptible to attack. Adoption of AI-powered apps will follow a well-honed series of phases. For many organizations, last year was the first phase. It was characterized by experimentation with AI and starting to create models. The second phase coming this year will shift to building the infrastructure for these new models and for the applications. And in the third phase, we'll begin to see broad enterprise deployment and the start of meaningful traffic volumes. The consequences of this ball of fire are very real: manual tasks, duplication of efforts across many silos, inconsistent security controls. Of course, each one of these environments requires its own technology stack and puts even more pressure on an already scarce talent supply. And of course, there's very real costs associated with cloud deployments. But greater than any of these is really the consequence that it has on the speed of IT and the resulting impact it has on the speed and agility of business. A few years ago, the prediction was that we were an inevitable journey to move every app from the data center to the public cloud. Yet for the vast majority of organizations, that's not their reality. Our digital world is in crisis. This current multi-cloud ball of fire is simply untenable. We, at F5, saw this coming. Let me hand it to Arul to share the transformation of F5's portfolio to address this crisis.

Thank you, Tom. My name is Arul Elumalai. I am the Senior Vice President and General Manager for BIG-IP. As Tom said, the world changed. And we saw that changing in front of our eyes because we were in that connection that was happening between the end user and the evolving ball of fire. So that is what triggered the transformation of our portfolio to go solve this exact problem, and we are ready to do that math. Back in the day, when you accessed e-mail, you are probably on your computer or what is called a terminal, and there was a server sitting in the data center delivering that messaging experience to you. There was a simple connectivity between one data center and one client called a client service architecture. And that required a set of services. And F5 was already there, providing many of these services. In fact, we even created the category called ADC. But what happened was when e-commerce emerged and the digital transformation started, we saw this journey. When you take your phone out today and do some online shopping, your picture, along with your account information, is being pulled from a central server sitting in an enterprise data center. That's where the master record is. At the same time, your shopping pattern, so the queue that you're creating as you shop, is sitting in a shopping cart application that is in a public cloud. That's the right place for the shopping cart app because analytics are churning on that application, giving the recommendations out to you. And finally, the -- an app that shows the same-day delivery status is being driven out of an edge location, probably close to your home, even showing the real-time status of how the truck with your merchandise is coming to your place. So what has happened? This digital experience has gone from one path to one location becoming 3 different paths to 3 different locations. And what are the implications? The services that were required for that one data path, which I would call the lifeline of a digital experience, now has to be replicated for multiple data paths and locations, and they have to be kept synchronized. And some digital experiences have hundreds of experience, not just 3, applications that I talked about before. And if that shopping cart experience or the same-day delivery status experience that is coming to your mobile phone was a modern application being written using microservices architecture, there's a whole new level of complexity. You need even more services. So what happens is to bring a single digital experience, like an online shopping, you need a full array of services that will connect applications across multiple locations. I want to pause here a little bit on what we have created. What you see here is the lifeline of a digital experience. That is the line through which traffic flows from the app to the user, from one business to another. If one of them breaks, that experience is not delivered. If one of them slows down, the entire experience is sluggish and users start leaving you. And if one of them is compromised, it compromises the entire system across all locations. I'll give you one simple example. Taylor Swift announced the Eras Tour. 3.5 million people, Swifties, as I'm told, registered. And the presales opened up, and 1 million were invited to go and participate in the presale event. The server got 4 billion requests, 4 billion, 4x the peak that the server has ever seen. The site crashed multiple times. Presales could not be done. The real sale or the general availability did not happen at all. The tour was canceled. Why? That one little thing called anti-bot that you see there did not do the job. And I have a story. For every little thing out there: a financial organization losing its assets, users entering from one application in one particular site and thereby using it as an attack vector to go into another site, each of those are controlled by those single things that are there across the string of services. It doesn't matter which industry, which sector, which region. Anybody who has a digital agenda is thinking about this. Anybody who's got users and businesses connecting to them via a digital channel are going and deploying these solutions. As a result, IT organizations are spending a bunch of time tying together and stitching together these different services. Then they're constantly tweaking and configuring them as the world around them changes. And every time, every time there is a single change in one of them, that has to be replicated across all these data paths in all these locations. If you are an IT administrator, that is 35% of the time spent for you and your entire team. And even if you double the effort for you to get it right every time, it's a matter of chance. And that is what we saw happening as this digital evolution took place and e-commerce led to application connectivity across different environments. So what did we do? As we saw this, we saw a need in the layer of application and API. If we take that, end to end, there was a need to offer a comprehensive set of services so that irrespective of what the application is, it could be that traditional e-mail application or the modern shopping cart application. And these applications are sitting in multiple locations. How do we bring them all together over a comprehensive set of services? And we have evolved our portfolio to do that. Firstly, BIG-IP, our flagship franchise. We have modernized BIG-IP and fundamentally re-architected it for the multi-cloud era, bringing cloud-like benefits to deployable solutions. We all witnessed the growth of cloud. It was one of the fastest adoption in enterprise IT. Why did we adopt cloud? Why did customers flock to move their applications to the cloud? It could scale up and down on demand. That was TCO reduction. Its automation was one of the easiest. You've got full-stack automation, and it came with multi-tenancy, where you can isolate application, share the resources and get the best workload running in the right place. But not all applications are moving to the cloud. So what we are doing is taking the benefits of the cloud and bringing it to the on-prem solutions across hardware and across software. Our BIG-IP stack now that is in the market comes with built-in multi-tenancy by default. We have automation to do full-stack orchestration, and that is based on our API set that is already in the market. We had 36,000 downloads of that last year alone. And finally, when it comes to the whole idea of observability, we give a full view of observability of applications, of the tenant as well as the hardware. And that is BIG-IP. We have spent hundreds of millions of dollars over the last few years re-architecting it for the modern era. These products are making their way into the market right now. For example, when it comes to adopting these solutions, a service provider who wanted to do typical capacity expansion in their nonstandard core product hardware. But in their 5G transition, where they wanted a software form factor because they had to orchestrate and automate it because they were virtualizing and containerizing their solution, they pick our new software form factor. And this fundamental re-architecture helped us get that opportunity. So beyond capacity addition and beyond refreshes, this is also opening up new use cases and many of our customers using competitive solutions were also consolidating on us. So that way, in BIG-IP when it comes to traditional application, we have brought in operational simplicity, we have brought in the automation of the cloud, and that is securing our base and even strengthening our base when it comes to traditional applications. And that was our story. In 2019, we saw the rapid adoption of modern apps, microservices-based apps. And much of the net new development was happening with this architecture, and we acquired NGINX. And NGINX was a 2-way win for us. Firstly, NGINX literally inserted us in the path between the user and the modern apps. And that made NGINX a de facto application delivery solution for microservices-based and cloud-native applications, which is where net new applications were coming into the fold. At the same time, we also bolstered NGINX with the F5 application security capabilities. As a result, NGINX became the de facto solution to secure and deliver modern applicants. And this powerful combination across BIG-IP and NGINX gave us a way to secure and deliver modern applications and traditional applications in multi-cloud environments. We did not stop there. To bolster the security portfolio further, we acquired Shape, we acquired Volterra and Threat Stack. These 3 acquisitions expanded our security capabilities in the application security area. But more importantly, it gave us a way to deliver these solutions as SaaS and managed services. So in addition to securing applications, we could now secure APIs. In addition to protecting the applications against humans, it also gave us the ability to protect against bot attacks. And that, when combined with the F5 application security stack that had web application firewall, DDoS and access when it comes to user access from a remote locations, we went and built the most comprehensive security stack. And this stack, the breadth that it offers in terms of application and API security is unique to F5. In addition to that, this also gave us a view into how we extend into the edge. Thereby, these acquisitions became the foundation of what we are bringing together as F5 Distributed Cloud, a SaaS and managed services offering. And it's not just these inorganic options. We went and integrated even more of services and lighted up F5 Distributed Cloud. So today, we are also entering into the world of multi-cloud connectivity, where you have to connect applications across the different environments. So with this portfolio, I could say that based on what we have today, we can secure and deliver any API and application in any location. We have made that possible. But at the same time, our bar is not to make it possible. Our bar is to make it ridiculously easy for our customers to go deliver these services and deliver the applications that are behind that. So the whole idea is to change the paradigm. Why does it take 14 weeks to bring a new application into the environment? How do we change the paradigm so that it can be done in an hour? When a configuration has to be changed to fix a security vulnerability, why does it take multiple days to go and propagate it across a different environment? Why can't we do it in minutes? Therefore, now, we are integrating across BIG-IP, NGINX and Distributed Cloud to build the industry's first Distributed Application Security and Delivery platform. This is a game-changer. Why? Tom showed the ball of fire. With this kind of a platform, you don't have to worry about where applications are sitting and what application architectures are being used. You deploy the application, and all the services are provisioned. You don't even have to think about the interconnectivity of application that is happening in the ball of fire because the whole thing is abstracted. And when you go and set a policy in one location, this platform propagates it into all the locations where it is relevant. And it is not just around building this platform. We are bringing the full power of the AI assets that we have. F5 has had a history with AI. We have had learning models. We do behavior analysis. We have scoring algorithms. We use that in many of our security products when it comes to application security. The acquisitions that we had added to that. Shape brought in AI capabilities exclusive to bot. When we got Volterra, it had AI out of the box for API discovery. And finally, when we got Threat Stack, it brought an AI related to threat detection. We are pulling that all together in order to power this platform. And when it comes to experience, there is a modern SaaS-based Distributed Cloud console through which all our customers will get a single pane of glass to experience these services and synchronize these settings. It could be BIG-IP customers, NGINX customers, Distributed Cloud customers, the experience of a single pane of glass is being powered by the Distributed Cloud console. And that is the evolution that we took. So as of today, with what we have in our product portfolio today across BIG-IP, NGINX and Distributed Cloud, we can say that we can secure, deliver and optimize legacy applications, modern applications and API in data centers, colocation, public cloud and edge and make them available as deployable solution and SaaS. That opens up a new opportunity for us that is much larger than ever. So our addressable opportunity as a result of this portfolio evolution and expansion is not increasing by a few basis points or by a fraction. It's by an order of magnitude. In our earlier days, we started with hardware-based solutions. We saw the problem of that era in the data center primarily with our hardware solutions. The market opportunity was roughly $2 billion. And then when we did the software transformation, we got entry into the public cloud, and our software solutions grew along with the growth in public cloud. That expanded our market opportunity to $5 billion. And then when NGINX was acquired, that inserted us in the path for modern application security and modern application delivery. That made our market opportunity $11 billion. And now with Distributed Cloud, we can do SaaS-based delivery, we have a presence in the edge, and we have a much broader portfolio that includes multi-cloud networking. That makes our addressable opportunity $16 billion. You would notice that this is a much larger market, but there's a point beyond that. It is growing at a pace that is of the order of 17% over the next few years. And if I have to dissect it in a slightly different way between the addressable market for our deployable apps and our SaaS apps, our deployable products, namely BIG-IP and NGINX, that market opportunity that is $11 billion today is growing to $16 billion. That's a 10% CAGR. On the other hand, if you look at the SaaS portfolio, Distributed Cloud that unlocks for us, that addressable opportunity is less than 1/3, and that's going to be more than a half. That is a 26% CAGR. So that's the opportunity that we are looking ahead of us as we look into 2028. How is our portfolio well positioned and differentiated to go capture this opportunity? And how are we executing against that? I'll pass it on to our Chief Product Officer, Kara Sprague, to break it down for us.

Thank you, Arul. So what does this mean? You heard Arul say before that F5 is the only solution provider that can now secure, deliver and optimize any app, any API, anywhere. And I want to talk about what gives us the confidence when we say this. And I'm going to do that by going through a number of different competitive sets that we play against and talk about what F5's differentiation is. So let's start with the traditional ADC and security players. These are players that F5 has competed with for many years, in the case of Citrix and A10, as well as players that are in the software ADC space like VMware Avi. And what we see from those players is their foothold and their strength continues to be as a deployable product in an on-prem or colocation environment. That's why we've lit that up in the ball of fire. And with F5's portfolio today, we are truly differentiated from these players. For one, we have a true hybrid multi-cloud offering versus what you see here with a very limited reach. And so we extend into all of these other locations, the public cloud, the SaaS environments, the edge, whereas they do not. There's another big important differentiation against, at least, the couple here that have gone through change of control, which is F5 has been investing and innovating. You heard Arul talk about the hundreds of millions of dollars we've invested into BIG-IP innovation alone, let alone what's going on with NGINX and Distributed Cloud versus these other players have had very limited innovation over the last few years. And certainly, going forward, with their change of control, the innovation will become even lower. And then the last difference here is that F5 is offering deployment and consumption model, flexibility to our customers. What does that mean? That means that we will continue to offer our customers hardware-based solutions. We continue to offer them packaged software. We now have SaaS and managed services. And when I say consumption, it means that we will continue to offer our customers perpetual, subscription and utility-based offerings, whereas these other players, and especially those who had gone under the recent change of control, have changed their customer playbook and are now very much constraining their customer choices, and that's very much to F5's benefit. So that's the traditional ADC and security players. The next group I'll talk about is the hyperscalers. So these are the large public cloud players. We have offered -- we highlight 3 of them in our ball of fire. But here, I'm lighting only one because the hyperscalers don't really extend into the other hyperscalers' environment. So technically, if you're going all in with a hyperscaler, you're very constrained to that hyperscaler's specific environment and the limited reach that they might have into other places. And so the F5 advantages against these other players, when we're talking about hybrid multi-cloud challenges is, again, F5 is truly hybrid and multi-cloud, whereas these other hyperscalers have very much implemented security and networking capabilities that are specific to their own cloud. And when you talk to customers about their hybrid and multi-cloud challenges, you heard Tom highlight the operational silos. This is an example of what creates the operational silo is because the security and application delivery paradigm in one hyperscaler is different from the next. A second piece that makes F5 differentiated versus these is the environment-agnostic. We are truly infrastructure-agnostic, whereas these other players do not have the same reach that we do into SaaS and into the edge. And then finally, F5 brings our heritage, which is our strength, with on-premise deployments. And again, the public cloud players, while they have made some attempts to reach into customers' environments, and they do have some select offerings that do that. For the large part, when you talk to a customer and ask them what's running in their on-prem environment, it has nothing to do with what's running in the public cloud. The next competitive set that I'm going to talk about are the edge and CDN players. And again, I hope -- I know this might be getting redundant, but what you can see here is that the edge and CDN players, they have lit up their own edge and CDN environment, but they do not have any reach into the public clouds. They don't have any reach into the SaaS players. They don't have any reach into on-prem environments either. And so for example, if you're a customer that wants to start taking advantage of these application security and delivery services from an edge and CDN player, in a lot of cases, you actually end up hair pinning your traffic from your on-prem out to them and then back, which is highly inefficient. So what are the advantages of F5? Again, we are hybrid multi-cloud, whereas these other players have very, very limited reach to their own infrastructure. And secondly is what I just talked about, which is we have much more opportunity for efficient routing with customers because of the flexibility of where we can be deployed versus the inefficient traffic routing that you see happen with them. The next competitive set are the multi-cloud networking players. Here, what we have is you have a Cisco who's kind of like the big giant here and a handful of private companies. And F5 has a number of advantages consistently across those players. Firstly, and I know this is quite nuanced on the page, but we have a focus at F5 on both the networking infrastructure, so the infrastructure across these distributed environments, but more importantly, connecting the applications that sit on top of that infrastructure. The other players do not reach up into that application layer. And so that's what we mean when we talk about OSI Layer 3, 4 through 7 for F5 versus these networking players are only covering the OSI Layers 3 and 4. And then the second big differentiation from the multi-cloud networking players is F5's emphasis on security. Arul talked about our best-in-class application security stack. These other players simply do not have it. They have nothing close. The next group I'm going to talk about are the multi-cloud app platform providers. And here, really, the one to highlight is VMware/now Broadcom. And the F5 advantages against these players is, again, the fact that we are truly hybrid and multi-cloud versus these other players that lack the multi-cloud networking capabilities. So they might be offering customers an opportunity to have a consistent application environment, but they don't have the networking layer as well. And F5 also, again, there's another distinction here in terms of our best-in-class security, security offerings from the multi-cloud app platform providers is not there when you start talking about application security. So another competitive set there. And so I just went through a number of them, but I hope folks get the point now around why we feel very confident when we say that F5 is the only solution provider that secures, delivers and optimizes any app, any API anywhere. And that is a differentiated message and a differentiated capability from all of these other players that I just went through. So that's today. Now I'm going to talk to you about where we are going and how our differentiation is only going to continue to get bigger. We are building the industry's first Distributed Application Security and Delivery platform. And again, I'm going to use the ball of fire to talk through what that means. And first, I'm going to start with our security capabilities. A key capability of this platform is an ability for a security team to basically secure all of the apps and APIs they have no matter where they are with a security policy that is consistent. Check. That is what we are providing. And it will be a bit nuanced here, but you'll see the security elements disappear out of the ball of fire. The next thing that we are working on is offering connectivity for every user and application. We get that through our secure multi-cloud networking capability that we already have today in the F5 Distributed Cloud services offering. What does that mean against the ball of fire? It means the hairball is gone. The next thing, F5 now has the capabilities between BIG-IP and NGINX and the Distributed Cloud to address all of customers' applications, all of their application architectures, the traditional, the modern, the AI-driven applications, all of them. And so what does that mean? A single platform can do this for customers, regardless of where those applications are deployed. Boom, more simplification. And then the last area that we're working on as part of this platform, or at least the last piece that I will highlight, is what we're bringing around the data and analytics, these green indications inside the ball of fire. We are providing a platform with F5's AI data fabric that now gathers the telemetry and insights from all of the F5 product families to give customers a central place for visibility, analytics and control. More simplification. And as Arul shared, all of this will be accessible via the F5 Distributed Cloud console so that users have a single pane of glass for all of this capability. So that's what we mean when we were talking about building the industry's first Distributed App Security and Delivery platform. Well, what does this mean? And I want to echo back to what Tom shared in the overall context in terms of the major issues that customers have around the ball of fire. He talked about manual tasks. He talked about inconsistent security controls and operational silos, lack of available talent and cloud costs and inefficient traffic routing. With this platform that we are talking about, this Distributed Application Security and Delivery platform, you go to having automation of all of these manual elements. You have security policy that is consistent and operational policy that is consistent. You don't need silos anymore because you have consistent settings across all of the different environments in which you're running. You have optimized talent alignment. In the old world, you had to have specific security skills for the AWSs, for the Azures, for the GCPs, for your on-prem environment. With the F5 platform, you only need security talent that is capable of one thing, and that's securing with F5's application security stack. And then finally, in this new model with this platform, it offers an opportunity for cloud savings and much, much more efficient traffic routing. That is what we mean when we talk about delivering for our customers ridiculously easy application security and delivery. All right. So I'm next going to talk about where we're going with this from an AI perspective. We announced 3 things this week, and I'll just -- I'll hit on those very briefly and talk about how they play into this platform. The first big announcement that we had this week is that F5 is going big on API security. You heard from Tom that the AI security challenge is API security. And with F5's recent acquisition of a company called Wib, we have the most comprehensive set of API security capabilities in the market. We have the most comprehensive AI-ready API security solution. Why do I say that? Well, with the combination of Wib, F5 now has an API security solution that spans both build time and run time. We do API code scanning, we do API code testing and analysis, we do traffic analysis, we do protection and enforcement all in one platform and one solution. No other vendor can do that. Another announcement that we made this week was around the AI data fabric, and I talked about this a bit earlier before. What is this? Well, it's a capability for customers to stream all of their telemetry from their BIG-IP assets, from their NGINX assets, from their Distributed Cloud services, all into a single data lake so that, that data can be used to enhance the services that the customers are consuming from F5 in terms of app security and delivery. That means improvements in the efficacy of their WAF, improvements in the efficacy of their anti-bot solutions, improvement in the efficacy of their API security solutions. That is what we're building with the AI data fabric. And then the third announcement we made was around an AI assistant. And this is an AI assistant that we're making accessible via the F5 Distributed Cloud console. The idea for this AI assistant is to provide customers with a natural language interface so that they can interrogate their app delivery and security data and also get recommendations about how to best manage their environment. So we'll answer questions such as, can you tell me across all of my apps and APIs which ones are not covered by a WAF or an API security solution? That's really, really valuable information that most companies cannot answer today across their portfolio. Or can you please provide recommendations on how do I reduce the number of WAF signatures that I need because this thing is sucking up too much of my CPU? It will help them figure out how to consolidate and rationalize the different signatures and rules that they're applying in any of their security solutions for a much more optimized offering. Or hey, can you give me a recommendation about this new threat that I'm seeing? Do I need to do something to cover my apps and APIs because of it? We will provide an answer assessing their existing apps and APIs and saying whether that threat actually applies to them. That is where we are going with AI. The next thing I want to talk about is what kind of progress are we seeing within our customer base as we talk about this portfolio convergence and having customers enjoy and get value out of multiple solutions across F5's portfolio. So I'm going to talk about the land-and-expand motions that we are executing and what is the impact that we are seeing. I'll start with NGINX. In just the last 3 years, we have basically doubled the number of customers that are both a customer of BIG-IP and NGINX. And what we see today is half of all NGINX customers are also BIG-IP customers. So we've seen great success in cross-selling NGINX into our BIG-IP base. Distributed Cloud. Again, over the same time period, what we see is that we have more than doubled the number of customers that are purchasing F5 SaaS and managed services that are also BIG-IP customers. And in fact, 63% of all of our SaaS and managed services customers are also BIG-IP customers today. So another very, very positive signal about cross-selling leverage and capability that we have. But let's blow this out and look across our entire portfolio. How many of our customers at F5 actually are consuming multiple product families, regardless of what the product families are? Let's start with just the top 1,000. If you look at the top 1,000 customers, what you see from F5 is incredible success having those top 1,000 customers adopting multiple product families from our portfolio. We've reached 44% in 2023. So big success in the top 1,000. Okay, well, F5 has a lot more than 1,000 customers, right? Yes. We have almost around 20,000. And this is nuanced and then the graph looks the same size. But what we're actually seeing is if you look across the broad base of F5 customers, we have made great traction, but we're only at 7% penetrated in terms of our customer base that has adopted multiple of our product families. What does that tell me? That there's tremendous upside and growth to go from that. So I hope it's clear from the stats that we've just shared that we're seeing great success already in the land-and-expand motions in terms of cross-selling from our BIG-IP base into NGINX, into Distributed Cloud and in terms of looking at the traction across our customer set of having customers really buy into and get value out of this combined portfolio. So with that, I am going to call us to a break. We have 10 minutes, I believe.

Kara, we're actually going to -- we're running ahead of schedule.

Okay.

I know. It never happens. So we are going to take a little bit of break. We will resume the schedule at 2:00 p.m. Pacific or 5:00 p.m. Eastern.

Excellent. [Break]

Ready with the next part of our program. I am really happy to welcome to the stage Zeus Kerravala, who is going to give us an expert perspective as a third-party analyst.

All right. Thanks. All right. Thanks for the intro, Suzanne, and certainly glad to be here. By the way, do I have a little remote for -- oh, I need that. Thanks. I thought it was like mind control, some kind of AI thing, so yes. Just a quick intro on myself, I'm a longtime industry analyst. I've been running my own firm over 12 years. Before that, I was actually the Chief Research Officer of the Yankee Group for about 10 years. And before that, I was actually in corporate IT. I held a couple of CIO positions. I was in a [ VAR ] for a while. And from an analyst perspective, my coverage here is fairly broad, although I tend to focus only on trends and technologies that are highly disruptive to the status quo, right? So right now, obviously, it's a lot of -- everything is AI, obviously. But then I do look at things like private 5G and the impact to hybrid work and the whole -- the impact that -- in fact, one of the trends I'll talk about is the shift in cloud that's happening right now. But it is a vastly changing industry right now. It's a lot more complicated than it used to be. And one of the interesting things for me as an analyst is the absolutes at which the industry seems to always talk about, things like everything is moving to the cloud, right? And everything is going to be mobile or whatever. When you think back historically, that's never happened. We've never had a technology come in and swoop in and get rid of some legacy technology overnight. In fact, I think it was just a couple of years ago that AT&T finally retired its X25 network, right? So these technologies do live on a long time. And because of that, the job for the IT pro has grown increasingly more complicated. Now I think one of the things that's somewhat misunderstood too is the definition of cloud is changing, right? We've been talking about cloud in the analyst community for the better part of 3 decades, right? And if you think about the first phase of cloud, it wasn't even really cloud. It was just hosted applications. It just took the infrastructure off-prem. And that lasted for a long time, right? And then we moved to this model of centralized public clouds, right? And so for a while, we used one public cloud provider. But this was really the era of multiple clouds, and there's a big distinction between that and multi-cloud. And the way I'd describe it is multiple clouds are simply multiple centralized compute models that are managed and run independently. The application environments are completely different. But you can just think of it as multiple silos of cloud. Now the big change in the industry, and this has been happening for the last few years and has kind of grown in complexity as it has grown, is the shift to hybrid multi-cloud. It's also known as Distributed Cloud, super cloud. I know a lot of work with SiliconANGLE Media, and that's what they call it. But it's this concept that my application environment now is going to span -- by the way, can you start the timer so I know when I'm done? Because I tend to talk a long time. So it's an environment that spans public clouds, private clouds, edge locations. And that, in fact, even with edge, when I looked at the F5 ball of fire, right, if you were to take edge out of that, it's still kind of this complicated mess, but not nearly as complicated as when you introduce edge. Once you introduce edge -- because everyone's got -- telcos have an edge, there's enterprise edge, there's IoT edge, things like that. It does get significantly more complicated. In fact, I would argue, exponentially more complicated. And I think that's the transition we're going through right now is this world of hybrid multi-clouds, where companies are able to leverage the type of cloud resource they want, where they want. A big part of this driver is, from a customer experience perspective, being able to move data to where you want it, and so you're closer to the user. Now from a definitional perspective, I talked about most of this, but it is comprised of different types of cloud infrastructure. I think AI pushes this even further because they're -- instead of moving the AI to the -- the data to AI, you want to bring the data as close to the user and as close to the computer infrastructure as you can. I think it does enable smarter, better analytics because now you have one set of data versus these disparate ones. And I think a lot of this -- what's interesting, too, with this is a lot of it is microservices, API container-based, right? So the service has become a lot more of ephemeral in nature. When you think of a decade ago when everything was largely virtual machine-based, these workloads you'd spin up would live in perpetuity, right? Now you might spin up an edge service that runs for 20, 30 minutes and then gets deprecated. It doesn't mean you need -- you don't need a lot of the supporting services and security around it, right? It just means it's a lot more complicated to deliver. And from an app complexity standpoint, that goes way up, right? So if you think of when apps are built, right, you've got all the supporting infrastructure around -- much of which F5 supports, you needed that in the data center, right? And then you need it in the cloud. And now you need it at these edge locations that, like I said, can be ephemeral in nature. So you need to spin it up quickly and deprecate it. But then you need some kind of common management plan to make sure that the policies you push out are -- because this is across those, right? And so not only is the app development environment more complicated, so becomes the job of securing it and delivering the necessary services to make sure it runs optimally. Now the -- a lot of the -- and this is a forecast I've done recently, looking at just how cloud spend is shifting over the next -- until 2029. And you can see, last year, edge was a very small part of it. It's growing to 17% of total cloud spend out in 2029. The legacy on-prem application is about 1/3 today. That will continue to shrink down. It's not going to 0, though, right? And that's the key, right? And there's a lot of prognosticators and people I've collaborated with over the years that tend to think that, that number is going to go to 0. And it's certainly not, right? And so a lot of the edge growth is going to be stolen, I think, from private cloud and public cloud, but it is a form of that itself. And if -- there's no bigger proof point for that, other than the fact that the public cloud providers all now have their own edge plays and private cloud plays, right? And I remember when Amazon announced their private cloud stack at re:Invent. Andy Jassy was still the CEO of AWS then, and I asked him in the analyst Q&A, they've been the poster child for everything in the public cloud for years, why so sudden this pivot? And he goes, "Because our customers wanted it," right? And so if the customers want it, they're going to give it to them. And so he recognized the fact that there is that level of complexity that they have to figure out how to manage within their own environment, but they're certainly not going to go manage that within the Azure environment or the GCP environment, right? And so that's where a company like F5 can actually have a role in trying to normalize that. Now along with that evolution, the application delivery controller, which, I think, is a term that is well understood, although, I think, needs changing because it's more than just application delivery today. There's a lot of security there. But it, too, has also evolved, right? So traditionally, we've had the hardware appliance, which is optimized for performance, was deployed in your traditional data centers. It's done a great job over the years. The role of this box historically was to be what I've characterized as the Rosetta stone between applications and networking and now increasingly more security. And so something's got to play that role. And it's funny, over the years, the networking vendors have continually tried to buy their way into the space. Cisco tried it 3, 4 times. I remember, Juniper bought Redline. Riverbed bought a company. And it's not just apps, and it's not just networking. It's a combination of both, which is why I think the barrier to entry in this space has been so high historically. Then the virtual ADC came out, and that became more optimized for agility. So if I move in a workload from one place to another, I need to move all that supporting infrastructure with it like an ADC. And so it allowed me to be able to take those services and move them as they move the server. But again, that was really deployed in a traditional data center, a hosting center, even public cloud, to some degree. Then we moved to this containerized ADC and the API-level ADCs, and that really helped support the cloud-native environment. And even within the containerized ADC, though, it's important to understand there's a difference between an ADC that's been containerized, where each individual service can be spun up as a container, versus a lot of the early days where people tried to take the entire ADC stack, push it into a container, but you really didn't get the speed that containers brought, right? So -- and then, of course, within -- today, we're talking API level, which is really more for those distributed environments. They become programmable, and they become part of the coding environment. And last year, I ran a survey looking at form factor and feature requests in ADCs, right? And so if you look here, obviously, the traditional on-prem legacy ADC is very widely deployed, 87% of customers. But you can see there's a -- all the other form factors all the way down to containerized are seeing traction as well. I think this is simply a proof point that the different form factors are needed in different places. And then on the right side is the features people are looking for. The #1 feature -- and this, I was a little surprised. I thought automation would be a little higher on the stack, but it was a choose 3 type of answer. I think everybody needs better automation. I think, historically, not picking an F5 or peers like you, doing a lot of the tasks of spinning up virtual instances, adding virtual IPs and things like that was pretty administrator-heavy. It's gotten a lot better over the last few years. But the more automation in IT, the better. Analytics, I think everyone is looking for better analytics. This concept of observability across the full stack has become a lot more widely accepted across IT. You have to have people to be centrally managed. And then fourth, though was security capabilities. And I think this is a part of F5's strategy that hasn't really been replicated by a lot of their competitors. Security is a part of this tool set now. And I think as -- that's one of the changes in the industry. Historically, this product category was a technology sold primarily in network administrators. Even the security capabilities like WAF were tools that network administrators used. But more and more, it is SecOps that's looking at these tools. And so eventually, 1 day, we'll have SecOps and NetOps come together and DevOp, maybe. Certainly, the large enterprise have been averse to it. But it does show the breadth of form factors as well as features continues to grow, and that's -- this is necessary to support people's digital initiatives. Now from an F5 perspective, it's an interesting position the company finds itself in because in a way, François, I heard you speaking on stage, you're kind of a market of one, right? While there's a lot of point product vendors that compete with you at these different locations and for different services, F5 is really the only one that's remained independent and had the opportunity to go build a platform like this, right? And so if you think of the world -- if -- so there's a few fundamental beliefs you have to have. If you believe multi-cloud -- hybrid multi-cloud is going to be the way forward, then you also need to believe that application development gets more complicated. And then the third requirement is that -- belief is that you do need to have that single service fabric, if you want to call it that, that delivers app services, securities across that multi-cloud, right? F5 is really the only company that can deliver that today. And part of it, I know it was a good strategy, good luck. I mean a lot of the competition, like I said, that was competing with you years ago have gone away. And part of that is just mismanagement by their acquiring companies. I mean Cisco is a company that like got to 4 shots at this with different companies and eventually threw the towel in, that they couldn't do it. And again, it's not something -- you need more than network knowledge to play in this space. And so I do think, over the years, F5 has had a bunch of competitors pop up. But through, like I said, good luck or good execution, they've gone away. So -- but I think what that gives them is the ability to address all the apps and services across the Distributed Cloud environment. And one of the things to think about from an investor standpoint is, if you believe that AI is going to be the driving factor for competitive differentiation moving forward, then the moat that F5 has created for itself actually widens. Because if administrators are going to use AI to do things like discover vulnerabilities and to be able to create new AI rules or to understand where their app infrastructure perhaps needs an upgrade or where the security is weak or things like that, then that becomes not just AI prowess but also data, right? So data is the underlying competitive edge that companies will have when it comes to AI. Because you can -- there's lots and lots of models to use and companies can pick and choose. But the ability to take all that data, aggregate and create a single set of data is something that the breadth that F5's offerings have today gives them that, I think, is very unique in the industry. And I'm not sure how we've replicated today. And so to me, AI is the most transformative technology that I've seen in my life as an analyst. And I think the feature and innovation acceleration gets faster and faster the better the data that you have. And in data science, there's an expression that people say, "Good data leads to good insights," right? And so the risk for our IT pros that try and do this through some kind of point product approach is silos of data leads to fragmented insights. And fragmented insights, I would argue, are worse than no insights because it's going to lend you to make -- lead you to make decisions that perhaps are wrong because it didn't have a full understanding of that entire application surface area. So I think, from that perspective, this concept of the ADC's platform actually is in line with the way the industry is heading. So now one of the other questions I get from buyers is, why can't I just use the cloud provider tools? AWS has got great tools, Azure has got great tools, but they're not ever going to address hybrid multi-cloud. They could, but it's not in their DNA for Microsoft to go on to support -- to go to support Amazon or support Google, right, or vice versa. And so even -- and even they would admit that they're going to provide a core set of tools for their customers to work in their environment. If you want something more advanced, then you go to a company like F5, which is why you're available like in the AWS marketplace, right? Because they're going to create really kind of a very basic offering than anything more advanced. And that's across our entire portfolio, right? From contact center to storage, whatever, they provide a basic set of capabilities and then you can go up a tier and use some of their third-party partners. Because frankly, from their perspective, what do they care? You're spinning the meter, right? And so from their perspective, they're making money either way. So it's not really in their best interest, I think, to go try and take the business from a lot of their partners. But it does give customers a consistent operating model, which is not something we've ever had in corporate IT. I think AI allows us to do this a lot simpler. I think the strong security portfolios works to their advantage. And like I said, there's just a lack of viable competitors today. And I think part of that is just the way this industry has evolved over time. Lots and lots of companies have tried to jump in the space and make it part of a portfolio where it was really kind of a square peg in a round hole. So anyways, that's the end of my presentation. This is my contact info. If there is anybody that wants to get ahold of me, you can e-mail me, you can go through the IR team or just find me on social media. So thanks.

Thank you so much. I appreciate it.

[indiscernible]

Only if you like it. So look, Zeus, thank you so much. Really, really appreciate you sharing your insights on the changing dynamics of our core markets. We truly appreciate your attendance. I'm Frank Pelzer. I'm the CFO. It's always hard to be the last person up here and give you the financials when you've had so much excitement with everything else that's already happened before me, but I'm going to do my best and try. So Tom started today by telling you that the ball of fire, which illustrates the new reality for our customers' application infrastructure, is untenable. And AI is only adding accelerant to that fire because it exponentially expands the number of attack surfaces from apps and APIs that need protecting. Kara and Arul explained how F5 has transformed its product portfolio through product development, acquisitions and acquisition integration so that we are offering the only solution that combat this ball by delivering, securing and optimizing any app, any API, anywhere. And now I would like to share with you the 3 core financial pillars that will drive our long-term success. First, we believe that the market opportunity and the product portfolio that we have built, that Tom, Arul and Kara discussed, will allow us to sustainably drive mid-single-digit revenue growth for the foreseeable future. We also believe that we can gain operating leverage by growing our cost of goods sold and our operating expense less than the revenue. And finally, we will continue to return cash to shareholders by using at least 50% of our free cash flow for share repurchases. The combination of these 3 core financial pillars will drive double-digit non-GAAP EPS growth on a common annual growth basis, our financial North Star. Now let's start with that first pillar, mid-single-digit revenue growth. We've talked about that in several ways. We've talked about we did 4% in FY '23. We were going to be flat to slightly down in FY '24, but we were going to grow mid-single digits in FY '25 and beyond. Now that's a combination of a couple of things. First, our product revenue is actually going to grow more than that. And we have signaled to you in the past that we do expect our services revenue growth to start to decline down to low single-digit growth. However, I want to -- I can't underestimate or I can't stress enough the importance of our services to our customers and to the financial health of our company. Over the past couple of years, we have grown that services revenue by 4% on a compounded annual growth basis. And you can see on the right hand -- on the left-hand side of this chart that over 95% of that service revenue is recurring. Our global service revenue growth reflects the cumulative impact of consistently high attach rates, industry-leading renewal rates and the expansion of new services. We had a particularly strong 7% growth from FY '22 to FY '23, reflecting the value that customers see of our services revenue in the renewal rates as well as the price increases that we introduced in FY '22. What's equally impressive is, through rigorous operating discipline, even with investments in new capabilities such as customer success, we have delivered strong services gross profit of close to $1.3 billion in FY '23. At the same time, we have grown and maintained exceptionally strong gross margins of approximately 87%. Now this strong gross profit provides the investment engine needed for building our Distributed App Security and Delivery platform, enhance our NGINX services and introduce the next generation of BIG-IP. Now I want to zoom down on 4 key financial operating metrics that we track to demonstrate the strength of our service business. If you start over on the left-hand side -- well, for each of these charts, you're looking at FY '21 compared to FY '23. And you'll see on the left-hand side of the charts that the initial attach rates for our services are consistently very high at 98%. When we take a look at our 7-year trailing renewal rates, we are at an industry-leading 76%, and that's up 2% from FY '21. This reflects the value that customers place on our services as well as demonstrates what we've been talking about is the recent sweating of our assets. The duration, the third chart, reflects very much the same. In this, we're looking at the average age of our installed base under maintenance, and it's now 51 months. That's up 4 months from 47 a couple of years ago. Again, this measure affirms the value customers see in our service, and the longer duration reflects what we believe is that temporary sweating of assets. And finally, we wanted to highlight the expansion that we see in our services revenue, particularly with our top 250 customers. You can see here that the compounded annual growth from '21 to '23 has actually almost doubled the rate at 7% of all of our services growth of 4%. So our largest customers like us a lot, and they are willing to spend dollars on these services. They are very important to them. Now all of this factors into the FY '24 and FY '25 outlooks that we shared with you in October. Let's start at the top line. In FY '23, as I mentioned, we delivered 4% growth, and we expect FY '24 to be flat to slightly down (sic) [ flat to low single digit decline ]. We've guided FY '25 revenue growth to return to mid-single digits. I'll remind you that normalized for the $180 million of backlog headwind in FY '24, we would be growing revenue in mid-single digits. When I take a look at the non-GAAP gross margins and operating margins, we will continue to increase those from FY '23 levels. In FY '24, we are reaching 33% to 34%, as we have guided, largely due to the component cost decreases in relation to what we had in FY '23 as well as the reduction-in-force lapping period from April of '23 to now. When I take a look at FY '25, gross margins will largely still see some effects of component price decreases. But gross margins will also increase because the mix of the revenue that we will get from our product revenue is probably more weighted towards software, which has a higher gross margin associated with it. We are also investing right now in IT initiatives that are going to improve our processes across the whole organization. And we are piloting the use of AI technologies to drive efficiency, specifically in our services, in our product development and our sales and marketing areas. Going down one level to tax. As I mentioned before, we do have a bit of a headwind in FY '24 for our effective tax rate in comparison to FY '23. Taking into account that headwind, we did raise our outlook in -- a couple of weeks ago, from 5% to 7% growth to 6% to 8% growth, of non-GAAP EPS. But if you normalize for tax rates, we actually will deliver over 10% growth on a tax-neutral basis. In FY '25 and beyond, we expect to sustain double-digit non-GAAP EPS growth on a compounded annual growth basis. And finally, we will continue to use our free cash flow to return capital to our shareholders via share repurchase. In fact, over the last 3 years, we have returned 83% of free cash flow, delivering on our commitment of $500 million in FY '21 and '22 and overdelivering on our commitment of 50% of free cash flow at 58%. We started FY '24 well ahead of that 50% commitment by using close to 100% of our free cash flow for share repurchase. And as of the end of January, we still have over $770 million of share repurchase remaining under our authorized program. I will now turn the stage over to François, who is going to summarize and recap our key takeaways as well as start the Q&A session.

Well, thank you, Frank, and my thanks to all of our presenters who will join me shortly for our Q&A. I just wanted to recap a few of the points that you heard today. First, you heard that the evolution of app distribution for large enterprises has really truly created a crisis. It isn't just incremental, it is really untenable. We call it the ball of fire, but we're seeing across our customers this challenge grow more and more complex by the day. You've heard that AI will accelerate this phenomenon because AI workloads will be more distributed across more locations that will need to be protected, and AI workloads will also make heavy use of APIs. So that will accelerate the phenomenon we're seeing in the ball of fire. We've invested in our portfolio to be ready for this opportunity. If you recall, 5 or 6 years ago, we had already started discussing and talking about hybrid and multi-cloud as what we perceive to be the future. And that's what led us to make the acquisitions and the organic investments that we've made in the portfolio and the integrations we've done over the last couple of years. As a result of all of that, we see a market opportunity for F5 that is growing. That is, of course, much larger than where we were primarily -- when we were primarily an ADC hardware company. And we think that our market opportunity is not only going to grow but accelerate over time. We now have a competitive position. I think Zeus touched on that a little bit when he said we are a market of one. We are in a competitive position that we believe is very strong, both in our traditional ADC and application security market, but also in our ability to solve holistically for the ball of fire, which we don't see. Any other player really attacking in a holistic way today. The result of that is we're seeing acceleration in our expansion and cross-selling into a number of our customers. And that's giving us confidence for a sustainable revenue growth over time. So those are the key messages from today. We're now going to move to our Q&A, and I'm going to invite Tom, Kara and Frank back on stage. And I will also invite Chad Whalen, who is our Global Head of Sales, to join us on stage. Thank you. Take your seat, and we will start taking questions. I think Suzanne will be routing questions to us.

First of all, thank you, everybody. We are going to go to Q&A. [Operator Instructions]

There is a question in the room with Meta here. Okay.

All right. Great. Meta Marshall, Morgan Stanley. I guess on the -- is very impressive, the penetration of multiple products within the top 1,000 customers. Do you think that, that's because those guys have the most complex environments or are trying to tackle them heads on? Or why do you think that the penetration rate is so much higher with your large customers than it is as you go into the rest of the customer base?

I will start with that, Meta. First of all, generally, F5's target customers are large enterprises across all verticals. So they're typically companies that have hundred millions of dollars of revenue or above $1 billion or above -- within our largest customers, the chart we showed with the top 1,000 customers, where we now see a penetration of 44% for customers that have more than 2 products. They typically have environments that are more complex. And they typically have both hardware -- sorry, both traditional and modern applications or they are modernizing traditional applications. And that's what's causing them to deploy the BIG-IP that they already have NGINX, or in some cases, they've started with BIG-IP, but they have some environments that were not protected and when they want a SaaS solution. And so we're seeing that in our largest customers because they have environments that are more complex. However, there's also a go-to-market. So where our go-to-market resources are also more concentrated are on these top 1,000 customers. And so I think with time, you will see that we will be able to have a stronger penetration in the other customers as we educate our partners on the ball of fire and as they are able to also execute on these land and expand motions that we have started to execute on our 1,000 -- top 1,000 customers. So there's a -- there's just a -- the number of resources that we can put in front of customers to execute these motions is somewhat constrained. And so with time, we'll be able to expand that beyond that. I think that's the other factor why you see more penetration there today than the other customers.

Maybe just as a follow-up to that. Is that all about refining the partner and channel education programs? Or are there kind of either prepack -- not prepackaged solutions, but almost a recipe card for how that they can kind of sell or an easier sale that they can make to that segment of the market.

So it is -- and I'll take a first stab and Chad, if you want to add to that. The -- so it is first and foremost, expanding the education across our channel partners, extended value proposition to all geographies, all segments and enabling more of our partners in the field to be able to do that. Over the last, for example, just over the last 3 months, we have trained over 1,000 partners at F5 on Distributed Cloud to really accelerate the motion. That's an important part of what we have to do. The other part is creating the right product synergies that enable this cross-sell. So if you look, a lot of the penetration that you see that we have achieved here, has been primarily, I'm going to say through commercial synergies, meaning we have created licensing programs that make it easy when you have one of our products to buy another one of our product and you don't have to go through an entire new procurement exercise with all the friction that is associated with that. That has helped this penetration. But in the future, Kara mentioned that from a single pane of glass console, you will be able to experience your BIG-IP, say, on-prem solution or NGINX and your SaaS solutions. And so when we do that and we make it easy, we remove friction in the product experience, that will also accelerate the cross-sell penetration into the customer base.

That's very comprehensive. I would just add kind of the partner receptivity to this has really accelerated. Francois mentioned the amount of trained engineers that we've got down -- we'll eclipse 1,500 by the end of this quarter, which is fantastic. The amount of new activity and what we call new PIO, which is partner initiative opportunities is coming in a better part of 40%, 50% of the activity that we're seeing in the field. So we're expecting that to be a high-volume motion for us as we move forward.

A question from Ray.

Ray McDonough from Guggenheim. So maybe for Kara, you mentioned that there's now 1 console in distributed cloud that can manage BIG-IP NGINX and other assets. And I'm assuming that's part of why you're retiring the Silverline console now. But how recent has that changed? And how much work is left to be done to bring together all of the functionality and the capabilities into Distributed Cloud or at least to be managed by that Distributed Cloud console.

Yes. There's still quite a bit of work. We do have a Distributed Cloud console today. That is the console through which customers are consuming Distributed Cloud services. If you have captured any of the other sessions here at AppWorld, you'll see that the NGINX team showed how they're bringing together their NGINX One offering, unifying the management of all NGINX data planes within the Distributed Cloud console. That's the first step. And you will start seeing evidence of BIG-IP. Now consolidating more of the Big-IP capabilities and observability into the distributed cloud console, but that is still work to be done.

Maybe just a quick follow-up on the Wib platform. I think you guys highlighted and did a good job highlighting the unique capabilities inside that platform. But when you look across the environment, there's a lot of competitors talking about API security in general, right? So who do you think specifically addresses the API life cycle closest to what you're trying to accomplish here? Is it the observability vendors? Is it some of the acquisitions we've seen from endpoint security providers? Is it Akamai and CDN peers? Like who would you think most closely kind of provides that life cycle for API management and security?

The closest that has -- the closest in having coverage is a startup, 1 startup specifically. When you start mapping and we do have a map of the capabilities of the various players in API security, you're exactly right, there's a lot of, I would call them specialists, so they're very specialist API security players, that's all that they do. And so they're able to go out there, and that's all that they talk about. And then there's some companies, and you mentioned Akamai, CloudFlare, who as part of their web app and API protection suite will say that they have API security in there. And regardless of if you're looking at those point solutions versus more of the platform players. The F5 API security solution with the combination of Wib is more comprehensive than any of those players. And again, the 4 things that we look at for comprehensiveness for API security is, does it do kind of build time API security? Which is the code scanning, the code testing and analysis. And does it do the run time protection? Which includes the traffic analysis and discovery. And does it do the actual protection and enforcement. Many of the other vendors, especially the point solutions have to actually partner with a company like F5 that sits in the line of traffic to end up doing the enforcement. And with F5 solution, you do it all in one thing.

Just to add to what Kara said about platform versus point solutions. So to be very clear, our belief system is that API security will be consumed as part of platforms. Point solutions, API security, we don't think are the answer or we don't think are the winners down the road. The problem is, today, you have had to choose between API security solutions that are point solutions, but closest to being comprehensive or platform players that have just basically good enough API security solutions. So the disruption that we're bringing to this is bringing API security as part of a platform, but the most comprehensive API security solution in the market. Now why that's important today? Because we're seeing all these apps being distributed. It's going to be even more important in the near future because when you think about AI workloads, they are going to make very, very heavy use of APIs because they have to access data that is in different places. They have to access services from other workloads and different models. And so we think probably the most critical building block of security for AI workloads is going to be securing APIs. And that's why we have accelerated our investments in API security, both organically and through acquisitions as part of our platform.

Maybe a follow-up question. You talked about it briefly, but you have a combination of network buyers, security buyers, kind of DevOps folks. Just -- where are you finding the most traction? And where can you kind of find the right inroads to make sure you're talking to the right person or have the most success finding the right person within the organization.

Yes, that's a great question. Obviously, we're servicing multiple persona. And we have a lot of gravity with the ones that we've done for a long time, which is kind of network center and security center. But since the acquisition of NGINX, we've been in the platform teams. We've been in the DevSecOps teams. We've been in the SRE team. So we've had access to these types of individuals for quite some time. And what we find is, is that when we get into these discussions, especially with the large part of the market, which is what we covered earlier with Kara, they're actually bringing in their cross-functional partners because the problem is so complex, they need the help. In fact, in many of these large entities, when we go in, we're meeting with sometimes 6 different functional groups at the same time for these very reasons. And so that's one of the major reasons Meta, that we're able to actually get to the right buyers that own that opportunity is really even from the folks that we have gravity with on the network side as an example. Francois [indiscernible]

No. That's great. Thank you, Chad. Suzanne?

Francois, we do have a couple coming in on the web. The first one is, if F5's total available market is growing at a 17% CAGR, why wouldn't the top line growth be in double digits?

It's a great question. Okay. So I think we are -- I'm going to answer this in 2 blocks. So first of all, when we -- we've talked about our growth rate we've only talked about FY '24 and FY '25. And that's -- you could say that's relatively short term. And that is based on what we see current activity, current pipeline, of course, we look at the growth rate in the market, but we look even more at our bottoms-up forecast and what we're able to see. The -- when we look now, let's talk about our market growth rate. And we haven't given guidance for our growth rate beyond FY '25. But of course, the market growth rates that we have given extend well beyond 2025, they go into 2028. So 2 factors there, whilst we see -- when you take the market, it's deployable in SaaS, right? Deployable growing at we say 10% CAGR, SaaS growing at a 26% CAGR. The reality is you know that SaaS today is roughly 7% of our total revenues. So we are, of course, way more heavily exposed to deployable that has the lower growth rate. And even within the deployable space, we have a heavy weight on ADCs that have a growth rate that is less than the 10%. It's closer to the low to mid-single digits. So our growth rate in the near term is, of course, heavily marked towards where we have the biggest way. But we do believe that over time, as more and more of our exposure and position shifts to these faster-growing areas there's an opportunity for us, of course, to accelerate our growth rate down the road. But at a minimum it gives us confidence that we can sustain and that's the point I think Frank made very well that our mid-single-digit growth is a very sustainable growth rate. That was 1 of 2.

There are a couple. We'll do one more here and then we can see if there's anywhere in the room. So diving a little bit deeper into that. There's a request, wonder whether or not we could give him perhaps a little more color on the high single digit product growth that we're expecting, specifically color on how to think about it in terms of systems and software.

Yes, do you want me to start on that one?

[indiscernible].

So again, what we have talked about is FY '24 and FY '25. We've talked about FY '24 in our software as being modest growth from what we did in FY '23, but growing to double digits in FY '25. And that growth is really driven by the renewal cycle that we see in our term subscription agreements. And we have a lot of visibility on that. We really love what we've seen in terms of that growth. I do believe even beyond FY '25 that we will continue to see that software growth be the core driver of where we are going to sustain higher than mid-single-digit revenue growth on the total base. Even mid-single-digit revenue growth on our base is more revenue than a lot of, I would say, mid-sized companies do in a year. And so it's impressive growth, but it will be accelerated by the software side of the business.

Thanks, maybe for Frank. And I can appreciate if you don't want to turn this into a financial disclosure. But maybe you can help us understand, you just talked about the renewal cycle on your term business, right. And obviously, you're early on in terms of those cohorts that are starting to renew. And I think it was maybe a quarter or 2 ago, you mentioned there was a net expansion rate of about 120%. Can you help us think through the components of the term business, whether that's coming from BIG-IP software attach or NGINX? And how sustainable do you think that 120% net retention rate is? Going out to fiscal '25 and '26.

No, I appreciate the question, Ray. Look, and I tried to emphasize that it's not perfect data for us because we have to convert term into a ratable framework, and that's not really what our systems were equipped to do. And so the rate I see is actually more than 120%, but I felt comfortable saying 120%. There is a portion of that, though, that is those early terms, where we probably did not necessarily get it right in terms of sizing. I think Chad's team is doing a much better job in sizing it right out of the gate. And I also think that we've seen -- as -- part of this is NGINX, part of it's BIG-IP. The NGINX side of the equation. We have seen some customers that probably started in low 6 figures and have turned into 8-figure type opportunities for us because it was attached to the right application that just saw massive atmosphere growth. And so those opportunities don't happen across every single contract, but we do see that happening within that customer base. On the BIG-IP side, with the things that we've talked about of BIG-IP next and the next generation of BIG-IP, I see even more opportunity to expand that. And so I am really excited by entering the third term or the interim of these and just having that waterfall effect of those term agreements build upon each other. And more and more of that revenue coming from the renewals as opposed to new business that gives us just that much more visibility.

That makes sense. And just maybe a quick follow-up. I completely understand SaaS managed services, 7% of revenue. But obviously, you have, I think it's $65 million or so that some of it that's going away, some of it that you hope to transition to Distributed Cloud. But when we strip out the potential churn, can you talk about what you're seeing on the gross renewal side of the SaaS business itself?

So we have not split that out in terms of disclosures. I'm not ready to do that now. We are tracking that metric internally. But again, it's relatively early in some of these cycles. We are happy with the renewals, the gross -- the GRR that we're seeing across most of the base. There are still some products where we'd like to see some improvements in those areas, but more to come.

Maybe piggybacking on that and a question I asked earlier, just you've had a lot of success with these term agreements of at least gain people to try out multiple products and I guess, Cisco has had a lot of success bringing kind of ELAs and term agreements further down market. Just how have you guys thought about that? And is that one of the ways to kind of increase the penetration down market? And what are some of the hurdles to kind of introducing that further in that market?

You want to go -- go ahead?

Yes. It's a fantastic framework for us. That continues to have immense kind of customer traction across the board. Obviously, we started this in the top of the market because that's where we have a lot of gravity. But we've been very successful at taking it down market, and we'll continue to do so. It's -- from a motion or a go-to-market motion, it's one of the strongest motions that we have across the global organization. It's widely accepted in every theater across the globe, which is fantastic. Obviously, we started first, [ Harriet ] had a lot more gravity in North America. But every single theater is participating and participating in volumes. And so our volumes in terms of the numbers that we're doing continue to go up quarter-on-quarter, year-on-year measurably. Clearly, the size and capability of these -- constructs are going to change as you go down market, right? So rather than 8-figure deals or 7-figure deals, some of them are smaller. And we're finding that right mix to bring the value to the customers. What I would tell you though is that even when we go down market, the customers are finding tremendous value. And they're getting that realized value out of these instruments, and we're continuing to get expansion into other opportunities. Some of the new platforms that you heard about with Distributed Cloud, we're just getting going in this motion. So I have a high degree of confidence that we're going to be very successful at attaching it to the contracts that we already have and then establishing new contracts with that framework in place.

And a couple of -- thank you, Chad. A couple of -- just building on the point Chad made to bring to life that it is very early days still in this cross-sell motion. So Distributed Cloud, for example, we shared at the -- on the earnings call in October that we had over 500 customers. None of these customers were [indiscernible] with Distributed Cloud being part of our flexible consumption programs. That was only introduced in the last 3 months, where now anybody that has a flexible consumption program with F5 can attach Distributed Cloud into that consumption program. So the friction in cross-selling into that has just -- we've removed a big chunk of it, but only in the last couple of months. That's point 1 about the evolution of the cross-selling vehicles. Point 2 is when we shared with you that we have 7% of our total customers that have more than 1 product that have 2 product families at F5. The thing that's interesting is if you want to think about expansion, yes, we can talk about it going to more customers and eventually going down market. That's going to be one of the motions. But even within the 7%, the vast majority of them -- they had a product from F5. And then they did in the last, say, 12 months to 24 months, their first implementation with a second product, which has very low penetration. There are a number of customers who are here at AppWorld who have taken Distributed Cloud in the last 12, 18 months, and they'll tell you, yes, we now have Distributed Cloud fronting 20 applications because we wanted to get used to it. But we've got the next 500 applications to roll on to this thing now that we have familiarity with it. So even within those customers that have 2 product families, we think there will be substantial expansion of usage of the second product family they've just taken on.

Can I add one additional thing, which is Francois talked about the expansion and coverage of the number of apps with Distributed Cloud, but equally, it's an expansible platform. And so we're expanding the number of service. So the 2 that we're focused on right now, we have 2 big use cases, web app and API protection, which includes a suite of 4 functions within it, which is web app firewall, distributed denial of service protection, anti-bot and API security, there's a lot of customers we have of the web app and API protection, that just have 1 of those 4 things today. And so that's 1 of the 2 use cases. We have a second use case around multi-cloud networking. And again, there's 2 sub offers within multi-cloud networking an opportunity to cross-sell there. And then on top of that, we have a growing array of other capabilities, including now a generally available CDN offering as well as a DNS offering as well as an app stack offering for managing distributed apps. So we're going to continue adding more services.

I have a good follow-up from the web on this thread. What is the greatest limiter or governor for F5 Distributed Cloud services adoption?

That's a great question. Okay. So I would say I'm going to start, but I may have some additions from the panel. I would say, probably the first one is awareness in the market. And we are at AppWorld with hundreds of our customers and partners here this week addressing this awareness issue. But I think a lot of the market when thinking about F5 including some legacy customers of F5, think of F5 as hardware and software. But if they really want to have a SaaS solution, we're not necessarily the first partner that comes to mind. That's the first thing that we need to address. So I would say awareness is probably the biggest governor. Probably the second one is the number of trained resources in the field, whether they are F5 or our partners. And by that, I mean technical consultants, technical sales folks who are able to engage in an opportunity very quickly and share our differentiation, demo the product. I think that's a second governor, and we're addressing that through a lot of training. The third one is probably scalability and presence. We have several dozen POPs today around the world, but there are a number of geographies where we don't have point of presence. We have sales team screaming for us to put these points of presence in place very quickly. And I would say the how rapidly we scale the platform is a governor. And then fourth is probably, as Kara touched on, the number of services on the platform. And I think as we grow the number of services, there will be more use cases to get customers. Probably, I would add a fifth one, which is the road map that Kara talked about, which is pretty soon, we are going to be able to have BIG-IP, existing BIG-IP. So we have 20,000 customers, as Kara said today, we're going to be able to have any BIG-IP or NGINX customer being able to experience BIG-IP and NGINX through the distributor cloud console. When that happens, it's going to give them visibility to all these SaaS services without us doing anything really to all these SaaS services, and I think that will be potentially an accelerator of both awareness but also usage and buying Distributed Cloud. So I came up with 5. I don't know if they're in the right order, but those are kind of the things that we are working on that we think will accelerate the.

And maybe just one more. So Francois, it's been maybe what, 2 or 3 years before you made a real large acquisition. I mean, you've done a couple of tuck-in acquisitions to add services and things of that nature. Is there anything within your portfolio at this point of solutions that you think you're missing where you really could accelerate either adoption or your go-to-market strategy with a larger purchase?

Well, what you've seen us do over the last -- so when we bought Volterra, this was a very substantial bet for us because we bought a company that had virtually no revenue. But we did it because we knew that we needed a SaaS platform to address the ball of fire. And when we looked at a number of companies in the space, we really truly wanted an architecture that was entirely defined in software so that our ball of fire platform could address any workload, not just workloads that would run in our points of presence, but workload that would be in public clouds, on-premises, in private clouds at the edge and any edge, meaning not just the edge of a point of presence of a niche player, but the edge of a manufacturing floor or a critical care unit or a moving vehicle. And the universal incredibly powerful capabilities of this architecture caused us to say we're willing to put $500 million into a company that has no revenue because on that architecture, we can bring a lot of F5 intellectual property and bring a large book of services. and that architecture is going to serve us over the next 20 years. Now what you've seen us do since that acquisition is we haven't made other major acquisitions, but where we have seen opportunities to accelerate some service offering on that existing platform. We have done so. Kara mentioned earlier, the acquisition of Wib, which is API security, which is immediately going to be integrated into a Distributed Cloud as an API security offer. We acquired a CDN company because a number of customers with security [indiscernible] a company called Lilac we acquired a while back. Today, Arul and Kara mentioned our data fabric, which is going to ingest telemetry and insights from all these services and leverage AI to really make it way easier for customers to manage their applications. That data fabric came from Threat Stack. It was a core part of why we bought Threat Stack because the DNA was there to do that. So we have done these tuck-in acquisitions, and I would expect that there would be other opportunities to integrate small companies into our growing platform. Now that's not to say that we may never do acquisitions of the size that we've done before. The space moves quickly. There may be areas in security where we feel we have to buy. We will always do a build versus buy analysis. We've been very disciplined on that. We've done a lot of building over the last few years. I think we've got more building to do. But I never rule out that there may be things where we want a bigger jump, a bigger leap forward that needs to be inorganic.

You mentioned partners earlier. How has your partner strategy evolved as the portfolio has evolved?

That's a great question. This has been actually in-flight since the NGINX acquisition, right? And so we've done a real concerted effort across the globe to make sure that we're bringing in partners with the right capability sets to take us to market into the right opportunities. And what we've seen over the last number of years is kind of a change of that dynamic, right. And so you've seen the large high-scale partners throughout each of the globes really acquire technology capabilities so that they can be full suite offers. So that's number 1. Number 2 is that it's an enablement aspect. And so we've done a very tightly integrated set of offers that is kind of built by nurture with our partners in all of the new offers, which is critical to keep them involved into customers as they go through the buying cycle. And that is something that we've done. And so we have purposely rationalized out our partners. And we've moved from a business that is largely rewind 5, 6 years ago, a transactional business to a continuous selling motion, right. And in that selling motion, you have to have partners that are with you in this continuous selling motion, and we've evolved our partner network to do that.

Maybe expand on the role we see for partners as we move into this asset managed services?

Yes. We are a partner-first organization and will continue to be a partner first organization. In fact, here at AppWorld, we have hundreds of our partners that have flown in from all over the world as well as the ones in North America. And the attendance that we already have for taking this on the road is already quite high from our partners and our customer community. And so our go-to-market, they are the route. They're going to continue to be the route, and we're designing our offers to be complementary with that route. And so -- you will see more of that with our partners that are engaging very, very deeply in their own training and onboarding so they can have a continuous loop of value to the end customers and stay in the engagement along the way. That is part and parcel to F5 is. That's our route, and we'll continue to embrace that even with the SaaS-based offers.

And you said it earlier, Chad, but I think it's worth repeating that when we look at the hundreds of customers that are already on Distributed Cloud, over half of them are opportunities that were initiated by our partners in the field. So we are actually quite happy with the way that our partners are embracing the new value proposition. We've put the right incentives in place for them to be rewarded with these new models. And we think that's going to accelerate with more integrations going between BIG-IP, NGINX and distributed cloud.

I've got one more from the web. Given your commitment to return cash to investors, have you considered instituting a dividend as opposed to sticking with share repurchases?

Would you like me to start?

Yes, please?

So we have talked about it at the Board level, but still believe that with the current laws that are in place, cash is the most tax efficient way of returning capital through share repurchases and having double taxation on the dividend is not the necessarily the most efficient way of returning capital to our shareholders. That's why it's been a primary focus of ours. And that's why we continue to look at share repurchase as opposed to dividends.

Question from the room.

I do have one more, just for Frank. And again, I don't want to turn this into something you don't want to disclose financial -- more financial focus. But your commitment to double-digit EPS growth is obviously -- everyone appreciates that. But when we start thinking about the cash flow side of things and free cash flow, you talked about the term renewal base compounding and becoming a lot larger. Are there any guardrails to think about how your free cash flow margins can scale from here and where a steady state would be? I mean, is it appropriate to look back in time and say, that's where we should benchmark our free cash flow margins, say, in fiscal '26, '27, '28. Any kind of guardrails you'd put around that?

We have not guided to free cash flow. And so I'm a little has since sort of get into a longer-term outlook, Ray, on what that means. It is a critical focus of ours. We do have a dynamic with the terms where revenue is upfront and cash comes in, in the back. And so that's just going to be a natural course on how the model evolves. Eventually, that will level itself out, as you said, as more and more gets to a normalized state in that regard. Also, it will get more normalized when the SaaS component of the revenue base grows to be a much more significant contributor than the 7% it is today. And so I do think we're maybe in that time frame where we're starting to see a normalization rate, but we will have some fluctuations until then, just given the dynamics of term when revenue comes in versus cash collections.

I have one more from the web. You've quantified the growth you've seen in Distributed Cloud in the customer base. Can you add some qualitative color to what you're hearing from customers?

Yes, of course. Do you want to -- Chad?

Go ahead and start.

Okay. All right. What are we hearing from customers? So number 1 is, the vast majority of customers who have started using Distributed Cloud today use it for security. And Kara mentioned that actually a good proportion of them only have 1 or 2 services of a much larger security bundle. What we're hearing from them is probably the most resounding feedback is ease of use -- is you have made it way easier for us to create and deploy policies to secure applications. We've had a lot of customers who are under attack and within ours, the attack was stopped, their applications were fronted with distribution cloud the fact that it's streamlined their operations and have more time to do other things. So making things easier is -- was the goal and the feedback from customer is, you have done that, which is what also gives us the confidence that once they start using a service and they see how easy it is to use the platform, they are going to use the next service and the next service. And perhaps that's the other thing we're seeing from the early customers is when we're starting to see them vote with their wallet in their use of it. So where we've seen early customers, meaning those who say, started with Distributed Cloud in fiscal 2022. And maybe signed up for a 1-year term, and we've had a number of them who 6 or 9 months of the term come and it's a substantial expansion because they want to put more applications in front of Distributed Cloud or they want to expand the services that are in front of it. So I would say, ease of use and security efficacy are today the 2 probably big points of feedback from customers.

Yes. And I would say the ease of use is -- has really been a fantastic pivot to the expansion. In fact, as early as we are in the process, the customers that are growing the services is a significant portion. It's not -- it's double digits that every single quarter are expanding the services. And it's because they're becoming familiar with what's available and how easy it is to use. So if they start out with just a web application type firewall use case, they'll extend it into API. They might extend into DNS. And that's what we've seen is because of ease of use.

Well, thank you all for joining us here in San Jose or dialing from a number of other places and spending the last couple of hours with you. We hope we've given you more insights into our strategy, the evolution of our product portfolio, what's driving that evolution. What's -- what we're seeing in the market were the challenges that large enterprises are facing and continue to build on our confidence and hopefully sharing with you our confidence that our double-digit earnings growth journey and mid-single-digit double revenue growth is durable and will be fueled by all of these developments in the market and in our portfolio. With that, thank you very much, and we will close the webcast.