F5 Networks, Inc. (FFIV)
November 03, 2011 8:00 am ET
John Eldridge - Director of Investor Relations
Mark Anderson - Senior Vice President of Worldwide Sales
Edward J. Eames - Senior Vice President of Business Operations
Erik Giesa - Member of Advisory Board
Cooper Werner -
John McAdam - Chief Executive Officer, President and Executive Director
Dan Matte - Senior Vice President Of Marketing & Business Development
Karl D. Triebes - Chief Technology Officer and Senior Vice President of Product Development
Jim Ritchings -
Brent A. Bracelin - Pacific Crest Securities, Inc., Research Division
John Slack - Citigroup Inc, Research Division
George C. Notter - Jefferies & Company, Inc., Research Division
Alex B. Henderson - Miller Tabak + Co., LLC, Research Division
Matthew S. Robison - Wunderlich Securities Inc., Research Division
Sanjiv Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division
Jayson Noland - Robert W. Baird & Co. Incorporated, Research Division
Tal Liani - BofA Merrill Lynch, Research Division
Unknown Analyst -
Jeffrey T. Kvaal - Barclays Capital, Research Division
Erik Suppiger - JMP Securities LLC, Research Division
Jess L. Lubert - Wells Fargo Securities, LLC, Research Division
Mark Sue - RBC Capital Markets, LLC, Research Division
Good morning, everybody, and welcome. I know most of the faces in the audience, some people I don't recognize and they probably don't recognize me. My name is John McAdam. I'm the President and CEO of F5. I think it's going to be a pretty intriguing day today. We have a lot of good stuff. I feel really good about the agenda. I'm not going to go through it in detail. It's pretty straightforward, but we have the whole exec team here. We have new addition to the exec team that we announced this week with Manny Rivelo joining us as well. And the one person who's not here today, that's Andy Reinland. It's very personal. It's a personal deal. His daughter, in fact, has not been so well over the last couple of days. The good news is, she got a lot better yesterday. So Andy actually had to cancel the trip, but Cooper is going to stand. I don't know if he's up here. Cooper is going to stand in for Andy when he -- his name is up there anyway.
So if you look at the agenda, I really feel that we're in such a really good place right now, the company in terms of the way trends are happening, both business-wise and technology-wise. If you look at the priorities that the CIOs have, a key and probably the #1 priority for just about every CIO that I talked to is that they can build a flexible infrastructure to manage the business. You hear us talking about dynamic data center, the ability to take the resources and provision them as needed, the closures related to that, use a cloud, if necessary, use a private cloud. But really, the whole concept of having that flexibility, because things are changing so fast with mobile data growing like crazy, explosion of applications coming from all directions, you have to secure and you have to operate on as well.
So we sit really right in a sweet spot of that. I've been seeing it for a while, but it's becoming more and more obvious to us as a company. This is a really massive opportunity. If we look at the next year and we look at the next 3 to 5 years, I really think the company has a real opportunity to be one of the key, and I mean one of them very few key infrastructure players in the data center because of these trends. So I think we're just poised so well because of the solution portfolio we have today and what's in the roadmap, and we're going to talk about that.
So a lot of what we'll talk today is going to be not just this year. It's going to affect I think the next 3 to 5 years. I don't think we could be in a stronger position because of the trends that we've got.
If you look at this year coming up, fiscal 2012, and we've caveated a number of things. We'll probably do more to be able the macro economy and if gets worse, who knows? But where we sit today, we feel very good about our opportunity. We have a pretty good quarter last quarter. I talked about the seasonality we expect to see this quarter. But also, that we feel that we're going to have a pretty robust year, and we said about 20% from a revenue perspective. So we feel pretty good about that. We've been hiring aggressively as well. And I think when you see the solution portfolio that we have today and what we're going to have in the future, you'll probably share our enthusiasm.
Specifically, if you look at the application delivery controller market, we think that's going to have pretty robust growth again this year. Version 11 and products like the VIPRION 2400 are really -- sets us up really well to take advantage of the trends I was talking about. We're going to back about version 11 in some detail. Erik's going to do that. iApp, in particular, has functionality that is going to take a little time to resonate in the market, but when it does, it's going to be very, very powerful. So we feel very good about that.
And then -- so what we've been looking at this year coming up is that we think we're going to see robust growth in ADC, the core market. We believe we have a massive opportunity in the future in terms of security. And again, we'll talk about that in some detail. Our application firewall has been tremendous for us over the last couple of years, and it sits where the attack is sophisticated. Application attacks are happening. So we keep adding functionality to that. We just won an award this week because of the -- with the ASM product. A remote access product, APM, Access Policy Manager, has been awesome as well. The field -- there's a lot of activity happening in the field and it's a new way into account, again most stickiness within those accounts.
And then the overall firewall business. You'll hear us talking about the Internet data center firewall, where our products basically can handle massive DDoS attacks, massive sophisticated attacks at the same time that traditional firewalls can't do. So that's really important. Service providers, all is -- we see ADC core is being a real growth area. We see security has been very linked to that business, but incremental as well. And then service providers other areas, we feel really good about. We're making good traction there. We have a lot of stuff in the roadmap for service providers that we'll talk about that is coming during the year and towards the end of the year. So I think we're in really good shape. So we expect to hire, probably pretty aggressively this year and continue where we left off. Obviously, sales productivity is critical to us. Mark Anderson is going to talk about some of the customer profiles, but I think you're going to hear some pretty positive messages from the company.
So with that, I'll move on and Dan Matte will take over. That's the last you're going to hear from me, if not from obviously in Q&A. We have set aside quite a reasonable time for Q&A. So if you don't mind, could you keep questions to the bare minimum during the presentation? So that we can get through them and then get to Q&A at the end of the session. So thanks a lot. I hope you have a good day. Dan?
Great. Thanks so much, John. And it's pretty amazing we are at a cool, cool time in our market. Things are evolving like crazy, and we are in a great place. Things are going in the right direction for F5. We're in the middle of some really, really great trends. So I'll try and explain that why we feel that way to you and some of the opportunities that are yet ahead of us.
So first off, if you look at -- we've been in the data center for some time. We look at sort of the trends that are going on. The old way of doing things was I'd have a -- in app, a specific app, I would deploy specific infrastructure to answer that app. Maybe I'd have a separate infrastructure to answer and deal with people coming in on a different type of device, do mobile optimization or something along with it. So I'd wind up with all of these sets of things inside my data center and it made it very, very complicated. And then you contrast what's going on today. And people's desire is to have a monolithic data center that's homogeneous throughout, just stacks and stacks of servers that are exactly the same, that they can reprogram to do whatever they happen to need for the applications and users that are coming in. And those things are very much at odds with each other and cause lots of strife inside the data center, security challenges. All sorts of things. So it's very much a mess. And as people look and they try -- the analogy of the network as the computer now people are talking about the data centers is the computer type of thing. They need ways to pull all the stuff together in a consolidated, in a fashion that makes sense that's logical. So this mess, people are looking to clean up. And if they make that step and go make it look totally homogeneous. They wind up with a different set of problems out there. So it's not clean, and from F5's perspective, that's actually good news because we can help clean that mess up for them. So what we're out espousing to the market is that our devices and the technology that we provide are these control points that people can deploy inside of their data center, and those control points allow people or provide people with services that they can apply across different applications, different types of network services, different types of security services. So it's really application services, network services and security services that we're doing. That can be subscribed to, reused across different applications as they change within the data center, and it really gives people tools to help coordinate things in a more logical fashion, be much more consistent in terms of how things get applied, be able to audit things much more logically as well. So it's really a way of organizing the data center in a much better fashion than trying to go and deploy these services in each and every application that gets written or on a different type of network device that happens to get deployed inside the data center. It's just a way for people to use these services over and over again, across different applications. That's just a much, much better return on their investment for them, a better way to control it.
So fundamentally, that's sort of what we see going on. So going from all the specific used stuff that had been deployed over trying to move towards this homogeneous data center, but looking for the specific types of services that have to deal with the different applications and different scenarios and we're the thing that allows them to deal with those specific scenarios in a consistent way. So that's really fundamentally what's going on. That's why the strategic points of control that we make and deploy out in the world are so important to people.
And we're seeing now some folks, like industry analysts such as Gartner beginning to recognize that what we do -- and they call it the application delivery network layers, that there's a layer that belongs in the data center to provide these services. It may have started with load balancing way back when, but it's a whole heck of a lot more than that now. It's security. It's optimization. It's offload from the applications. There are whole bunch of different things that it can be used for and it can be applied across lots of different types of applications, deployed in lots of different ways whether it's my own data center or public cloud, private cloud, some sort of hybrid out there, deployed anywhere and across lots of different types of devices too or to deal with different device traffic. So one of the interesting little pictures. I know it's hard to see from the back of the room, but like a power meter there. So one of the things I'll talk about in the presentation is the explosion of types of connected devices out there. So that means more traffic, more connections, more stuff coming into the data centers and people need ways to deal with that. We can help them with those services. So it's a big trend and I think an important one and one that's not going to end anytime soon.
Now interestingly, from F5's perspective, this is a slide out of the way back machine, circa end of 2004 when we launched version 9. So we've been talking about our stuff as a platform to provide these services for a long time. We view what we do as a way for application, network and security groups to collaborate, right? So the old way of doing things would have been an application developer goes and develops an application sort of in a vacuum. They jack it into the network. Then the network side of the house says, "What the hell is going on? Why am I flooded with all this traffic?" Or "Why do I have these security holes all of a sudden? And that's just not a good way to do things. And as part of our development process for version 9. We went out and tested this notion with people, and we'd invite folks from the application team, security team, network team all to get together and we sort of joke, "Hey, let's get together and argue about this and have a fistfight." And no matter what language we were doing it in, which country we're doing it in around the world, this notion resonates with everybody. So that's a real problem that every company around the world runs into, and they are looking for a better way to do things, a better platform to have these groups collaborate. So that's a big opportunity for us and I think, over time, the more successful we are with getting people to recognize that, "Hey, having people develop things into the application all the time is not the best way to go." That means bigger and better market opportunity for F5 over time. So we can help give them services, give the application team services that they can simply subscribe to. The network team can control them, and it winds up being a better relationship, faster time to market for their applications. And in fact, we've seen more cutting-edge companies over the years start to organize themselves differently. So instead of having the silos with application network and security, they're sort of jamming the teams together and saying, "You're going to be an application delivery team and all of you must collaborate in order to deliver this application." So instead of meeting very high up in the organization, they're collaborating together much, much earlier on and using our technologies as one of the main ways to get that collaboration done. So we believe in the platform story. We've seen it work out there in the marketplace.
When Erik Giesa comes up after me, we'll start giving you examples of how the sort of platform story is coming to be and sort of make it more real for you. One of the things that we've launched in our version 11 is this notion of iApps. And iApps really is a way to make what we do more specific to a particular application, make it easy for people to deploy this stuff and speak the language that the application team is familiar with. So Erik will go through an example on Exchange 2010, and I think you'll be blown away by how we're able to reduce what is usually a very, very complex deployment down to something that is amazingly simple. And from that perspective, we think with that simplicity, people will see the -- increasingly see the value of what they are able to do and what they're able to deliver and in turn deploy it more and more widely. So this notion of iApps and bringing the power that we've got inside of our platforms and making more widely available across different groups within an organization, we think, is a very, very important thing and will provide huge advantage to F5 in the marketplace.
So the powerful trends. We actually talked about this last year, but they continue. There's no end in sight to this stuff. We still see people -- liquid data centers trying to virtualize everything. Like I said, the desire would be to have data centers that look exactly the same throughout and they can reprogram on the fly. So that trend continues. We continue to see more and more mobility, right? More devices deployed out there. People doing -- demanding more out of their mobile devices in terms of the apps that they're accessing. Traffic continues to increase, and the browser being the application. So let me delve into each one of these little bit more.
So first of all, on the connected devices. So we have estimates that today, there are about 4 billion devices connected to the network out there in various forms, looking out to 2015 going up all the way to 15 billion and then stretching out to 2020 estimated at about 50 billion devices. So you think about those electric meters and sensors and -- so it's a lot more stuff than just mobile phones that are being connected to the network. And each one of those devices, again, is generating more traffic, more connections. It may have needs for increased security. They want to have those secure with things like SSL. All good news for us. We like traffic, and there's going to be more and more of it, thanks to all of these devices connecting out to the network over time.
The other trend that's going on is servers becoming more and more powerful. So when you look at what's going on today and Intel is saying in 2018, which isn't all that far away, that servers will be about 125x more powerful than they are today. So what does that mean for F5? Well, you're probably going to see more and more virtual instances installed on each physical server. So don't get confused by deployment of physical servers versus traffic or number of IP endpoints inside of a data center. That's still more traffic, more apps, more stuff for us to manage. So we like virtualization inside of data centers. We think that's a good trend. So the more power that servers have out there, again, the more capability there's going to be in the data center, the more demand there is going to be for things like us. The services that we're able to provide in front of them. So servers are becoming more powerful, also a good thing for us.
Traffic on the Internet. Again, no end in sight. So from Al Gore to 2009 and then since then, there's been traffic since that period. And we talked to our mobile carrier customers and terrestrial carrier customers, and they're still seeing traffic rates doubling every 6 months and stuff like that. So we see demands from video. We see all sorts of things continuing to drive that traffic over the network. So again, from F5's perspective, that's more connections coming through, more throughput, more encrypted traffic. I know Karl will be talking about that trend in the marketplace. Again, all things that benefit us from a technology perspective, deployment perspective and the problems that we can solve from our customers. So again, it's a big trend that benefits F5.
This picture. Does anyone remember Quake? The game Quake? Anyway, it used to be -- it's a shoot 'em up game that was really, really popular sort of end of the '90s, early 2000s type of thing. Recently, there are some guys from Google that took that game that used to be -- get on floppies or whatever you did an install on the machine and run it. So it was sort of self-contained and then a big sort of advanced and sort of a band of network administrators everywhere has all of a sudden -- people figured how to network this game. So you got a multiuser stuff going on and it saturated people's networks all the time with this Quake traffic. So anyway, it was a popular game. So why do I have this up here? HTML 5, I've talked about -- it is the browser being the app. Recently, there are a couple of guys that took this game, Quake, and took it out of its sort of standalone delivery mechanism, and they ported it over into a browser using HTML 5. So using just the browser, you're able to run around and shoot people and get all the blood and guts that the game is known for. But it's sort of a cool thing because it really represents the capability of taking lots and lots of different types of applications that have either been pure client/server or just pure client types of things, big fat applications, and being able to do them in the browser.
So what does that mean for F5? Well, if you're able to do that and do more browser-based stuff, again, that's going to be connections driven back to a head-end data center. It's going to be people doing it from -- using applications from lots of different types of devices. There's more mobility. Again, it just represents more traffic from F5's perspective. So this thing, this experiment or this proof of concept that they did, they rolled out in the past year -- but it's really sort of cool precursor to what I believe is going to become a much, much bigger trend in terms of people taking apps that had been standalone and being able to run them in a browser, thanks to tools like HTML 5.
So why are we different? And what can we do to deal with all these trends? Over time, when you look at what's gone on in the network, you can really plot devices and along that spectrum of the red arrow. The trade basically is I make something that's really, really fast but it's dumb. Or the other end of the spectrum, it’s really, really smart but it's slow. So down at the fast and dumb end of the spectrum, a layer -- 2 layer 3 switch for example, it's job, take a packet in place, spit it out in another place as fast as possible and do as little to it as I can. Or just make that connection happen really, really quickly. The other end of the spectrum, an application proxy, right? Infinitely flexible. You can program it to do whatever you want, but you'd pay a big, big speed penalty in terms of deploying that thing in the network.
So what makes us different with TMOS is that when went in and originally architected TMOS and put the challenge to our development team that came up with the answers, we wanted something that's really smart. We see all these needs from enterprises and service providers and others out there, but man, we're not willing to make that trade and be really, really slow at the same time. So luckily, they were able to answer the challenge and came up with something that is really smart, very malleable through things like iRules, you can program it, iControl, you can interface with it, but delivering network speeds that people demand. So in the face of all these trends, increased traffic, increased encryption, increased connections, all that sort of stuff being able to be smart as well as fast, gives us a huge opportunity to do things in the market that no other company in the planet is able to do.
So how does that translate into what's going on with customers, right? We'll see them deploy us for one purpose. Maybe they start off with just load balancing. But because of the capability of the platform and the performance, they're able to do other things with us in the same place and leverage that strategic point of control. So maybe, they start experimenting with security or more optimization things or authentication, any one of the myriad of things that we're able to do in our platform. So that experimentation is something that we certainly encourage people to do. We try and help them along and explain to them about the services that we can provide inside of their data center and let them make use of that. And the only reason that they're able to turn it on and do these other things is because of the power of that architecture, that TMOS architecture that we've got. Without it, we would bog down. We'd be too slow. It wouldn't be worth doing it.
The other thing that we've seen is that along with that experimentation, people are looking for ways to help control and give access to their mobile clients out there. So for a while, actually, we've been doing this but initially through our SSL VPN product, but giving people a way to secure and give access to corporate resources to things like iPads and iPhones and Android devices and all sorts of stuff coming in. And the interesting thing there is that: a, it's a control piece; b, it as a security piece. But also, it's an optimization piece. So if somebody connects through one of these devices using our Edge client coming through, they'll actually get better performance than if they're coming in some other way native without the acceleration capabilities that we're able to do. And we just gave it away for free so people can deploy that and it just connects to an F5 head end out there. So again, that sense of experimentation, once we have the beachhead in there, we can extend and provide lots and lots of benefits to our customers along the way.
And sort of proof point to that is if we look at our customers over time and our top 50 customers, it's a pretty amazing trend. So when they get in and we start doing things with them, that sense of exploration, that sense of discovery of "What are the other services that F5 can provide to me and where are the other places in my data center or other places in my native network that I can deploy F5", really ring true? So we'll see over time our top people or top customers deploy more and more of our products over time. Now, of course, the challenge for us is, don't let it take 7 or 8 years to get up that ramp. We want to compress the ramp as much as we can. But it's an interesting proof point that when we do get in and that notion of us being a platform and being able to provide these services, it does ring true with people. So it's pretty powerful stuff.
We've also been asked a question by people over time, "Hey, F5, you guys are all hardware and that's all you ever talk about." Well, we do provide hardware and we think the world's best hardware out there from our product category standpoint, but we also have the most rich set of virtual additions of products of any company in our category. So just like we've always done at F5, we want to give our customers choice. Whether they want a physical implementation or a virtual implementation, "Great, how about it?" But also, we think that ultimately, the world needs both of them. So just having one solution or the other isn't the right way to go. So when we look inside of people's data centers, there are definitely scenarios where you want to deploy just a virtual edition sitting in front of an app. And talking to some of our partners like VMware, for example, maybe it would be useful to have that virtual edition travel around the data center with the app so we can provide those services no matter where that application happens to wake up or travel from -- within the data center or data center to data center. But also, it makes total sense to have hardware providing a common set of services, sort of more at the head end of that data center. So the collaboration between the 2, we think, is vital. And when Karl gets up and talks about things like our vCMP, our ability to not only scale up but also scale out, you will have a much, much better appreciation for how that collaboration between the different flavors of deployment takes place and how we can address all the needs that our customers have in this evolving data center environment. So the world needs both, and we've got them.
So it's been said that if you're serious about software, you should make your own hardware. That's an Apple-ism. And from our perspective, we believe that to be true. So we designed everything from the ground up. We have control over what goes into our devices. We have quality control processes and development processes around them that nobody else in our industry matches. So it's really interesting. When we go up competitively in the marketplace against somebody that's getting a motherboard from some OEM, and who knows how quickly the components on that OEM motherboard are changing underneath and the quality process and the rigor that they apply to the overall design. At the end of the day, the customer feels that, right? And where our stuff gets deployed, it matters. When John goes out to customers or I go out or anybody on the exec team goes out, a very, very frequent refrain that we'll hear from people is, "Do you guys know how important you are to us? You may not be our biggest budget line item in our data center but damn it, if you guys fail, it's catastrophic." And we realized that. So we make sure from a hardware perspective that we design quality in right from the get-go. And at the end of the day, when customers are considering us versus other alternatives, that makes a huge difference.
So also this morning, we'll talk about some other areas that we're pushing in to, and security being one of those. Back in September, we went out and asked about 1,000 people around the world, "What do you think? Can something like an application delivery controller address some of your security needs in the data center?" And it was actually sort of overwhelming. Sum up the top 3 bars, about 92% of them said, "Yes, there is actually security stuff that you guys can do for me." And interestingly, too, I mean, there's also a good segment of people saying, "You know what? We're already using you for that. You may not know it, but we're already deploying you for that." So when Erik presents and Karl presents, we'll talk a lot more about this notion of security, what we can do today, how people are buying it today. Mark will cover that piece and then give you a peek into the future in terms of what we believe people can do as we move forward. And it all goes back to the platform. Why can we do this stuff? Why can we do the security things that matters to people, deal with more advanced attacks. It's back to the platform. It's back to that TMOS ability. And without that, we wouldn't really have a leg to stand on. So from a competitive advantage standpoint, an addressable market standpoint, again, we think we have the strongest foundation of any company out there to go and tackle these things in the marketplace.
So we've got lots of stuff hitting the data centers, things going -- just more and more and more of stuff happening. We've got the technology. We've got DevCentral. We've got the community. Now people are going to start trading on things like iApps and think of the deployment of iApps. I think it will take off in the same way that iRules took off out there in the marketplace. Jim will talk about what's going on with our partners. And we think we have the, again, leadership position with the biggest software partners on the planet. So again, good advantages there. And then as I said, people use our stuff for more and more things over time. We're giving them the tools they'd be able to do that. So that all adds up to more opportunity for us. So let's put some numbers to it.
In the application delivery controller market, right? So a lot of people say, "Hey, F5, that's your market." Well, that's part of it. So let's just look at that as sort of the starting point. So the inner ring is numbers for 2011, so Gartner's forecast there. They're saying about $1.45 billion for that segment in the market growing to just under $3 billion in 2015. So that was their most recent revision to their forecast. We, of course, play the biggest part in that red portion of the circle, the advanced ADC portion. But also, we play in almost every other segment up there. And in case of the prints too small, so there's virtual. There's virtual leases. There's platforms for mobile devices as well. The only one that we do not play in is the one that's at $184 million in 2011 shrinking to $59 million in 2015. So anyway, we can let our competitors have that one. But when you look at the CAGRs on the market, overall, 19%. The advanced portion -- the biggest portion of the market is growing slightly faster than that. Some of the smaller pieces there are growing yet faster. They're sort of in the 40% piece. So our core market is very healthy and growing well. So from our perspective, we think that alone presents some really good opportunity for us.
But that's not it, right? That's the beginning point, where people deploy us and start expanding from there. So when you start adding all these other services that we do, optimization, remote access, file virtualization, application level security, into there and how the sort of a bigger view of what Application Delivery Networking is, where the platform, the services that people want in their data center, then you get to about a $5 billion number in 2011. And then that gets -- in turn stretched by those trends that I talked about earlier. And again, more deployment scenarios, carriers doing more stuff with us, people leveraging the identity in access management through our Edge and APM and other products that we have out there, just lots of different things. When you add up the portions that we can address of those markets, again, it gets much bigger and turn into about an $11 billion market in 2015. So we get asked about TAM and hear, "Are you guys saturated?" and all that sort of stuff, not what keeps us up at night. We have so many places to put this technology around the world. Mark will go and talk about our penetration in Fortunate 500 companies. We have lots of data points to prove that we are so far from saturated. It's not even funny.
So we have lots and lots of things coming from a technology perspective to address these different segments of the market. And I think with that, I'll turn it over to Erik to give you more insight in terms of what's happening with version 11, more insight into why iApps matter to people and why we feel good about being able to hit all these different segments of the market. So thank you very much.
Thanks, Dan. We don't take this lightly when we say it's a revolution. What we're doing in application delivery and networking is incredibly significant in moving forward and mimicking this desire and enabling this desire for a dynamic data center. Like John said, it encompasses everything from virtualization to even cloud. And the question is, to truly be dynamic and adaptive and take advantage of the business opportunities that an organization faces, but to do so, understanding all those trends and pressures against IT is an incredibly difficult task. And one thing, that significant trend, you might not be aware of. Does anybody know what the unemployment rate is for a security architect in IT? Probably not, 0. For a network architect in IT, it's 0.2%, 2/10 of a percent, okay? These trends are also pushing against the notion of how do I design for this. As I'm going along this journey and looking at things that I've got physical infrastructure and I'm deploying things like VDI, which gives my users access to their desktop and applications, personal applications. So this notion of self managing and multisite data centers so we can truly run in active environments, and the whole reason for that is not only to have a really good disaster recovery posture but also making great utilization of the assets you have. Nobody wants to run things in active standby. Standby is an asset that is not being utilized efficiently.
So how do you enable that as you go along? Or do you -- like Dan said, do you want to introduce a new device as you're going along the spectrum here? A new appliance, whether it's virtual or physical. Do you want to design it in the app? Or do you run it out in the cloud? And then what are the security controls? Do we need different security controls? Or do we want predictability and consistency regardless of where you're at along the spectrum? Every single one of our customer says, every single one, "We want a consistent, repeatable and common architecture that's accessible. It meets me where I'm at, and as I'm go along the spectrum or this journey, I've got the tools and technology to address my needs regardless of what the market demand is."
Why is version 11 so radical? Number one, recognizing the importance of being able to tie together these application delivery services with the back end applications themselves for rapid provisioning, predictability and consistency. We'll get into that. We know that iApps can make organizations 10 to even 100x more efficient and I have proof points of that. The new scale in architecture -- because none of this means anything given the trends Dan was talking about, scale. How do you scale to meet this demand and do it cost effectively? Don't want to break the bank. We got to make it operational, and we've got to provide that consistent and common predictability. Remember, again, Dan said this do well. Our customers say to us, "You might not be the biggest line item, but boy, if you guys go down, that's horrible." So we've got to be able to scale and provide elasticity and resiliency and, of course, continue to innovate in new application delivery services. Now we won't be able to go into all the application, the new application delivery services. I'm going to be focusing more on the top 2 architectural elements, and then I'm going to give you some use cases to show you the power of some of the new services we're delivering in the entire product portfolio. Karl will get into greater detail on a number of these, as well as the roadmap and how all that fits in.
But it's pretty compelling. And what you see here is what an Exchange administrator would view. Not a network administrator, a Microsoft Exchange administrator. They talk in terms of access roles. They talk in terms of mailbox server and workflow and document sharing and enabling things like that. Then they've got their different ways to authenticate and authorize. Now F5 pioneered this notion of application delivery networks and also providing the prescriptive architecture for how you would deploy our entire product portfolio in support of something like Microsoft Exchange. Now what you see here is a section of our Exchange deployment guide for the Access Policy Manager. Now -- and again, it's world class. Nobody else is doing anything like this today, and we're the only ones with any technology like Access Policy Manager. But as good as this is, it still requires just the Access Policy Manager for Microsoft Exchange. It requires 56 different configurations sets, okay? 56 ways to potentially make a mistake. Remember, we've got a girth of IT talent. We don't have enough. We've got to bring services to market much more rapidly, iApp. It goes to 4 questions that an Exchange administrator, not necessarily network administrator, but they certainly will understand this -- can understand in -- oh, 6 if you want to authenticate and be the enforcement point for access to that resource.
This is the power of iApp. We begin to operationalize the network, the application delivery network, in a way that mimics the application, that makes organizations much more efficient and consistent and predictable. Now you saw this chart from Dan, the IT organizations are under so much pressure to deliver. It really truly is the era of the application. You'll hear people talk about the consumerization of IT. That's certainly true, but it's creating a traffic explosion not just in connections, but types. Karl has a great slide we put together on the API diversification, but the point is it's nonstop. And the traditional approach of deploying yet another network device or a virtual service over here, new security functionality in a different point of the network over there, a new access technology, does not help the situation. Remember, going back to the maturity model, customers want a consistent, repeatable architecture. It's reusable. You're not going to get it by approaching it, and IT organizations recognize this extremely well because they live it. And this is why you see over time, when we engage with a customer, they tend to buy more and more of our products and the diversity of our products. The biggest problem that this creates, and perhaps the greatest threat to any organization why you're going to see F5 focusing more and more in getting louder and louder about security is because this complexity is the enemy of good security.
Now some people would have you believe, "Hey, if I want a dynamic data center and address this, all I need to do is virtualize." Well, I don't believe -- I'm not that naïve. I know better. That's simply not true. Virtualization is absolutely essential. It is a cornerstone of a dynamic data center. But don't ever believe anybody that would say, "That's all you're able going to need is just cheap servers and you'll virtualize everything and you're good to go." That's a recipe for disaster. What's required, and this is why CIOs around the world, the latest Gartner research, have raised the priority level for an agile infrastructure. Do you know why? Because with virtualization, we can take a bare metal server in an application that's been virtualized and have it spooled up and running in minutes, something that might have taken weeks, if not months, with previews processes, to provision the server, apply the OS, the patches, test the application, all that, done. That's no longer the case. It's about, "I've got a virtual package, bare metal server. I'm up and running." But -- and they've done all this heavy lifting. What about provisioning access to that resource and applying the acceleration and security and availability and DR policies for that? Just because I can spool up a server to a running application doesn't mean it goes into production or it's ready to comply with my organization's security requirements. That's why this is now a #1 priority. There's this awakening to say, "Oh, it's more than just server virtualization or desktop Virtualization." This is something F5 has been working toward forever. We were the first networking company to say, "Really, that we're important." But at the end of the day, the thing that matters is the application.
The first to do that. We knew with TMOS and version 9, we needed to create a very rich application data plan that would be programmable so we could adapt to these changing traffic diversification flows, and we knew then, too, since we were a much greater participant without user to application interaction. We have the scale. So we invented clustered multiprocessing and the VIPRION architecture. I do love that quote, "We are a systems company." You cannot -- unless you're making your own hardware and you got control over that, you are going to be limiting your software. And Karl will talk about that in his own session. He's got some good proof points of that.
In version 10, we brought it all together, okay? We brought all the modules, Access Policy Manager, WebAccelerator, Application Security Manager. And there's a reason behind this because we knew that if we could begin to unify these services in version 11, we'd change the game entirely. The intellectual property to do this, the architectural work that this has been built on since 2002 creates massive barriers to entry. But more importantly, it creates massive value for customers. How so? We create a framework, a consistent repeatable framework regardless if you're running a web app or it's a SIP service or it’s a network firewall service, whatever. Consistent, repeatable architecture that supports your physical, your virtual, your multiside and even your cloud desires. Repeatable, that gets us cost effectiveness. And so the vision has been, think of F5 and our entire product portfolio as a suite or pool of resources to be reused over and over again whether it's a Microsoft app, it's a custom app, it's HTTP, or it's leveraging HTML 5, coming from Oracle, CRP, it doesn't matter, or it's a SaaS app. Again, we want a consistent repeatable architecture. But the question became that we needed to unify these things to make them operationally efficient and to almost get the network as rapid to provision as it is to spool up a virtual application on a bare metal server on the back end. That creates consistency. That creates repeatability. That creates the dynamic nature of a dynamic data center.
F5 is striped at every tier, network, storage, application, virtuals, server. The services need to apply everywhere. So think of us -- again, application delivery services. So we know we encrypt in the F5 application delivery network. That becomes a service that all applications use. We do the caching and compression or the web acceleration in the application delivery network. That's what all applications use regardless of where they're coming from, which vendor are they written, okay? This is what our customers love about us because it's leverage. They deploy once, it's extensible and they expand.
Now like I said, iApp and scale in, the new scale in architecture are critical to this. So as I was saying before, our application guys really helped operationalize and these referencize [ph] -- and again, we're the only ones doing this type of prescriptive guidance. But we take what used to take days or hours now down to minutes to create this predictable, repeatable environment. But more importantly, we see -- and Dan had mentioned this about the unification of application, network and security teams. It's an opportunity to bridge the divide, okay? Application people do not tend to speak network. They don't know necessarily well TCP, window sizing or the different network layered DoS attacks. And likewise, the application -- the network guys don't understand the intricacies and why SAP's HTTP is not quite the standard to HTTP and how that would behave on the network. But iApp allows us to codify and unify the teams and speak in a language that both can understand. So like Dan said, we become a platform for collaboration and that collaboration again is around these application delivery services. A common set of repeatable, reusable and it encourages the adoption of more of our technology, whether it's the adoption of new products, like we exposed Access Policy Manager. One of the things I didn't show you but that Exchange iApp that had Access Policy Manager. When you deploy the whole Exchange iApp and if you have it provisioned Access Policy Manager on your device, it will recognize that and tell you, "Oh, by the way, you could be getting more out of your F5 device if you provisioned Access Policy Manager." And we make it easy for you to do. So think in terms of repeatable services. And every network vendor out there still, to this day, tends to think in terms of physical or virtual appliances and their configurations and objects. It looks like this. You create virtual servers over there and you don't know what the policies are applied to them, and the profiles might be different and the monitors. How do you associate and understand the context of this? You can't. So what we've done is totally turn it on its head. It’s a new paradigm. We no longer manage physical, virtual devices or appliances. What we're doing is managing services and they're associated with the applications they're supporting. And because we can do this now, we can auto generate and automate the definition and the creation of these services. This is not a neat little pamphlet. We're talking about fitting into things like workflow. We're talking about things like unifying and collaborating among teams. And because of this, it gives us some incredible power not only to be portable so that once these policies get applied, they can be shared between other F5 devices. And I'll get into some other key architectural elements that make us very powerful. But again, the same analytics that I might have employed here are the same analytics -- and this is for Microsoft Exchange. I want visibility and I want to capture some analytics. That's the same module that I might want to use for my SAP application or my custom application. I create a common set of repeatable reusable services over and over and over again. This is what makes -- and this is why we say it's a revolution in the way networks are going to be designed in the future. Now -- and because we can create these constructs and unify these services across our product portfolio, we can now start to provide really interesting context and visibility.
I apologize for the size here, but what this shows is all the services that are provisioned within an F5 application delivery network and the relationship to one another. And in this case, it's for SharePoint. So there's a TCP optimization profile. There's a TCP optimization LAN side, WAN side. There's a compression profile. There's a persistence profile. All these things that would stripe across all our different products now unified in a single pane of glass, and I can manage it from here. This becomes operationally efficient, 10 to 100x better. And it also encourages the use and the depth of more of our technology. So what we see -- just to be consistent here, in Exchange, we see a 95% reduction in deployment cycles. That's massive. Same with 84%. It's 95% for SharePoint. And it's predictable and it's auditable. I can go in there and see what was deployed and who deployed it, and how effective was it.
Now it's not just applications, and I picked this one particularly because it's a very interesting use case. The federal government recently came out with some new standards for security controls, NIST 800-53, okay? It's a 237-page document, hundreds and hundreds of requirements. And now this isn't frivolous government work. This is actually incredibly sound policy in security controls. And what it is, it's prescriptions for what are the necessary security controls for any network device in your environment, things like to ensure a strong password length, encryption, the logging and auditing of the device, all these elements. Now to really understand this, just one section, IA-5 authenticator management, out of that drives one little paragraph 5 different requirements. Now the objective here of this type of prescription is very sound. It's to create a better, stronger, predictable security posture. However, could you imagine if I don't have enough IT staff already and I've got somebody probably spending, not only to understand this and translate it into requirements and then translate it into actual feature settings or functional settings. That's laborious. But on top of it, I have to apply this per device, dozens of hours. And then what happens if somebody makes a mistake? What happens if they leave? Okay? You can't easily address this. Well, we looked at it, we said, "Hey, that's a great application of iApp." We read the document, pulled together all the requirements and in about a day, we had a NIST 800-53 level compliant iApp. What does this mean? Efficiency. 5 to 8 weeks of work. Now it goes down 5 minutes predictability. I have a consistent way to make every F5 device NIST 800-53 compliant. Nobody else can do this. Nobody else has anything like iApp and the customization and scriptability of this.
One of the cool things about this too, as we learn of these opportunities, we publish iApps to our ecosystem partners on DevCentral. We ship with over 20 in the box and since version 11 and actually released, we released 12 more. In fact, actually, I think it's up to 15 now. We're creating an ecosystem of best practices to make our customers successful. Okay?
Now the infrastructure work that's been done, and it's probably been in work for 2, 2.5 years to enable things like iApp are massive. Okay? There's a lot of things under the hood that go on here to make this simple. Simplicity is perhaps the most difficult thing to achieve when you're dealing with advanced technology like ours. It's not something you just slap and put a gooey on. There's a lot of infrastructure value here.
Now what's interesting is in some of our most popular are for example, our VDI, Virtual Desktop Infrastructure iApps for both Xen, such as XenDesktop, Citrix XenDesktop as a well as VMware View. Why is that? And it's a great proof point. Because it goes back to a maturity model, right? I want to common repeatable architecture, and it goes back to the static data server. I don't want a different implementation for that specific function. I want a common access architecture that applies for VMWare View, as well as Citrix Desktop or Microsoft as well. Oh, by the way it will support your portal applications.
The last thing customers want to do is deploy a very specific access, security and high-availability device, virtual or otherwise, for just VDI. They want that common architecture that will apply across all their IT assets, and that's why these VDI iApps are so popular right now. And another element of this, too, remember when I was talking about network and application tools being unified? iApp gives a framework for collaboration, especially in a multinational organization, where you might have people in our technology that are superior in their capabilities. It gives them a way, instead of documentation, which probably never gets done. They can codify their best practices in an iApp and share it around the world within their own organization. So an ecosystem isn't just the public DevCentral. So that ecosystem also is within the enterprise or organization itself.
And now because we can unify these services, described in an iApp, provide the contextual relationships of all these services, now for the first time, we can provide the visibility to them. We can show you the relationship of the services to the application performance. You see how all of these pieces fit together and how they're different.
The value here now is, I can start to do things to provide better capacity planning. What really is going on? What is the server-side latency for my Exchange or SharePoint or my custom application that's now NIST 800-53 compliant? But none of this would mean anything if it didn't scale, okay? And going back, F5 was the first to introduce this notion of clustered multiprocessing and a unified chassis architecture called VIPRION. In fact, it's still best in class.
In version 11, a key part of the roadmap was the scale out of resiliency aspect, so the ability to virtualize within our own device, but one of the most powerful things that makes us operationally efficient and allows us to segment services effectively, the vCMP, the device service cluster into them. So you need more capacity? Got a device, whether virtual or physical, to a cluster, and you increase capacity. So it gives us flexibility to scale up, as well as scale out, which gives us elasticity, as well as resiliency. It's kind of how you can get your cake and eat it, too, at the same time.
We have some competitors that will do virtualization and they call that clustering and it's not really. And here's why. When you're running in a cluster, you have to be aware of the capacity of each individual component in the cluster, and you also have to understand the workload that's being requested of that, and if there's a problem, you have to be able to adjust the workload based upon the capacity of that individual component within the cluster. This is close to rocket science. This is not easy to do, and it's been accomplished in version 11. This is, again, why we say, it's a revolution. And it not just applies to our chassis, but our appliances, as well as our Virtual Editions.
Everything is cluster, device-service cluster capable. And this is why we say it's an application control plane, because the cluster isn't isolated to a particular data center, it can span the LAN. So we create a consistent repeatable architecture that can stand the physical, virtual to the cloud. I apply the same application security that I do for my SharePoint app running in my physical data center, whether it's been virtualized and running in the cloud. It's truly the world's first application control plane. And one that can be operationalized and unified and provide the visibility through things like iApp.
So the traditional approach is even if all the announcements around virtualization, all you've got really are a bunch of new ADCs, smaller, maybe they can scale up when you do a license key, but it's still a lot of little ADCs, and they're not aligned or associated with the application. And all that gives us at the end of the day is a headache, especially with the problems we face with finding network architects and security professionals, even in this type of economy, in F5, because of our capabilities, version 11's architecture. And really, the forethought that it is all about the application, is a revolution.
So I'm going to briefly go into -- that's the architectural elements of version 11. Now, of course, you've got a very rich product portfolio with version 11, all the products get new features and functions and those features and functions are driven off of market desire, market requirements, from our customers or we're anticipating needs.
And you might recall this time last year, we talked about service delivery networking, and F5 as a Converged Services platform for IP and that's been good for us this year. We've seen growth in service provider, and the message is resonating, that there is an architecture, a better alternative for carrier-grade IP and unifying services in a common platform environment. And just carrying that forward in version 11, support for DNS64, IPv6, 6-4, support.
The problem was in the past, you would need all this different infrastructure to support dual stack, IPV 4 and IPv6, and you need an ADC to do load balancing between those services. Costly, okay? I need twice the infrastructure I need. Complex, I've got to manage this environment. Well, we've always had our IPv6 gateway. We had solved this NAT64 problem for quite some time, traditional -- or legacy and newer ADCs have recently jumped on that bandwagon. But one of the interesting things, what we codified in version 11 is the support of DNS64. So we can shrink the infrastructure, you don't need dual stack. You just light up the service on your BIG-P Local Traffic Manager with Global Traffic Manager. This is cost effective, okay?
Now it's also in the same location where we've probably already been deployed as a high-performance Internet-facing firewall, okay? And to enable this capability is to license BIG-IP Global Traffic Manager. So what we end up doing then is creating a unified architecture for the successful delivery of IP services within a carrier environment and we reduce the infrastructure costs.
Now when we talk about application security, and especially on the enterprise side, WhiteHat estimates, and they should know because they're the security scanning standard, an average of 230 vulnerabilities per application, per Web application out there, and it crosses all verticals, some, more than others, but everybody is affected by that.
And if you go to Netcraft, and you see how many websites are out there in the world, and there's a lot of silly non-important websites, so you don't want to count those. But if we just looked at those that are doing encryption, there's 1.7 million sites out there that are doing encryption. So we figure, "Hey, those are ones that matter." I mean, if they're doing the effort to encrypt, they matter. So simple math, 1.7 million times 230, average, you've got -- there's 396 million vulnerabilities out there estimated. And that's probably being conservative. You just don't have the time, you don't have the money, you don't have the expertise, that's just the fact. So we live with this and that is suboptimal. So in order to address this problem, we are working toward a solution.
We partnered with WhiteHat, and we say, "Hey, you guys are great at finding the vulnerabilities. What if once you find them, you automatically create a policy, an Application Security Manager?" Now remediation not only becomes possible, the impossible, possible, but it becomes practical.
This is a dynamic data center, when you create an ecosystem like this, and you've got integration and you're focused on the application, and you're focusing on real-world problems customers are experiencing, and you think, there's got to be a better way. And that's what F5 is all about. In fact, we keep chugging along and we've made some really good progress in WAN optimization, from a data center-to-data center perspective. We know that increasingly people are interested in this, and to scale is one of the biggest limiting factors from a data center-to-data center perspective.
And so with version 11 and some of the WAN Optimization Manager, and also the new BIG-IP 11000, we can get 5 to 10x the scale at about half the price versus the traditional players in this space. So we're very confident. Again, it's another service that's layered on top of F5's application delivery framework, so I've got a consistent repeatable architecture. And the WAN Op functions can be incorporated into, for example, an iApp, okay?
So all these things add up to tremendous gains in efficiency. We're changing the game. It's no longer a physical or virtual appliance world. It's an application services world. That's what creates true dynamism in the data center. The scale out capabilities, the resiliency that, that brings, the flexibility to design failover, not only within a data center but between data centers, creating a true application control plane. And then with all these new services makes F5 very unique, and this why I, personally, after 11 years at F5, am still so excited to be working for F5.
And the point here is, as customers are going along this journey, F5 can meet them at every step of the way. There's investment protection there, and we're really looking out to how we can make them operationally efficient, creating a predictable, repeatable architecture, a reusable -- whether it's physical, virtual or on the path to cloud.
And with that, I'm going to turn it over to Karl who's going to get into a lot more detail around the technology that enables the execution of this vision. Thank you very much.
Karl D. Triebes
All right. Good morning, everybody. I'm going to be talking about today the technology and roadmap for F5. Let's get started.
A great thing about living in Seattle, Seattle fans are not only fans of soccer, but let's drawn with say, football, but they're big fans of F5 and version 11. Actually, I'm just kidding. It turns out, that actually was a game, one of my engineers was at over there, and one of the players, Steve Zakuani who had been injured, broken leg 2 weeks prior, they're honoring him, so all of our little version 11 signs, and we probably had about 150 of these who're now plastered around the offices. But -- and you're right.
I do want to recap a little bit on some of the highlights from last year. BIG-IP version 11 and John talked about this, I think, on the conference call, is our biggest release since our original release of version 9 back in 2004, a very large number of engineers contributing to this. Over 150 major features, and these features span multiple markets, including service provider, kind of our core ADC markets, security, cloud and a number of other areas. So we're very proud of this release. We had an extended beta, over 8 months, which I think contributed well to it being quickly received, well received, I should say, by our field as well as our customer, so very proud of that.
Also 2400, a new VIPRION. Internally we were calling it Victoria, but the model is the 2400. We shipped a record number of the -- actually, we exceeded our internal expectations by shipping these right out of the chute, so very excited about that. It's very differentiated, and I'll talk more about that little bit later.
We've won a number of awards this year, which I'm proud of. The 2400 did win best of show at Tokyo Interop. BIG-IP Edge Gateway won best -- the Gold Winner for the Best Secure Remote Access Product by SearchSecurity.com, and I was really happy with that because the biggest player in that market only won bronze, and I wanted to send them a congratulatory note, but it seemed like it might be a little disingenuous. On ASM, this has been consistently winning awards over the last few years for best application firewall. We just announced this one, Five-Star award from SC Magazine, so very proud of that as well.
Fiscal year '11 also represented a great year for us in terms of the security market, both Dan and Erik spoke about this, and made a lot of progress there, and I'll talk more about that and the opportunities we go through the slides. Another thing, too, is we've been growing as a company. We grew significantly last year. I don't have the overall numbers off the top of my head, but one of the things that we've been doing is expanding the company and down in San Jose, we had a rather large data facility. But we were growing out significantly, a great talent pool is down there. And we actually tripled our force these, great new facility.
We also acquired Crescendo's intellectual property, and with that actually, we also hired a number of their engineers. This is over in our Tel Aviv facility. And it brings some great talent, especially in the area of hardware acceleration, so we're really pleased with that. Okay.
So inflection points. I really like this quote from Andy Grove because all technology companies experience these, but only the successful ones are able to take their internal technology and align that with market opportunity and execution. And I think F5 has done a great job with doing that.
And so Erik kind of highlighted some of these, but by far, the biggest, I think, one of the biggest inflection points in the company was when we released the original version of -- I should say, version 9, which is our original application proxy. And it was funny, I can't remember who it was who's asked me about this, "Why is this so differentiated per se, one of the other competitors are doing?" And truly, what was innovative about this was the notion that you had this true double-sided transparent proxy that you couldn't see from the client-side, one other client looks like a server and from the server side, it looks like the client. But we're able to actually manipulate and do things with the data on a per connection basis, and we had this very scalable programmable language called iRules that allowed to actually do these very unique things at that level. And so that was very different. So we came up with that. We did some other things with the hardware as part of that.
But the next big innovation was along the lines of how do we scale this thing, right? So we got this great modular proxy called TMOS, and we want to scale this. So the bet was on Moore's Law. And we said, we're going to scale this in multiple dimensions, but in terms of the core proxy capabilities, we're going to focus on these new things called multicore CPUs, which were just emerging at the time. And hence, we released CMP on 8400, it actually didn't show up first on the VIPRION, it actually was on the 8400. And really prove out that we can linearly scale on a small number of CPUs.
Next big innovation was the VIPRION architecture. That they released mid-to-late 2007, and we brought a number of technologies together to make that happen. CMP extended across the blades. We leveraged FPGAs in order to actually manage the traffic and distribute it to the platform, as well as break a lot of bottlenecks that you see with traditional server architectures. We leveraged the Ethernet switch fabrics to move things around in the box, and then we tied that altogether with TMOS, okay? And so VIPRION. What's interesting about VIPRION is that, not one of our competitors has even able to come close with replicating a similar architecture. So we're very proud of that and it's been a great driver for us. It's one of the things, too, that really got us a footprint in the service provider market. Okay.
So now going back to 2004, we started acquisitions, and one of our first was uRoam for SSL VPN and then magnifier for application security, later Swan Labs for WAN optimization or Web acceleration, and then finally, getting into the storage virtualization market with Acopia. And the strategy all along has been to take these acquisitions, the technology from these and integrate these as part of BIG-IP to create a footprint of higher value, and where we sit in the data center. And that's a hard thing to do as it turns out, because not only do you have to actually have the right operating system and the right platform to build off of. But many times, you actually have to get in and make some real changes to the intellectual property you've acquired to actually go off and do these things efficiently.
We, as of 2009, we've done that. We've actually integrated everything except for the Acopia piece, and that will come in the future. But in every case we've integrated it, we've made it significantly more perform at a lot of new capabilities by virtue of being integrated TMOS. So that task is to me, is another major inflection point of how we've been able to pull things together.
And then finally, Erik spoke a lot about this, I'm not going to spend a ton of time here, but just the BIG-IP version 11. The notion now with VIPRION, we could go big, and now we can go wide with version 11. Okay. And speaking of this, I could say, with VIPRION architecture, one of the tenets of that was the notion that we can scale very nicely vertically. That means, add blades, you add capacity, you don't change configuration. Very unique to the VIPRION architecture, and not one of our competitors has anything similar to that.
With version 11 that we started introducing, this notion that we can scale out. So we've had Virtual Editions for quite a while, so those have been available. But with these CMP, or essentially, clustered multiprocessing as applied to virtualization, meaning that we provide multi-tenancy on the platform and on our chassis-based platforms. So that you can now dedicate resources, hardware-based resources, to a specific version of BIG-IP. So on a current 2400, you can do 16 vCMP instances, and then the upcoming Centaur Blades that are coming for our next generation of blades for the larger VIPRION, you'll be able to do 32, and we'll be continuing to improve that density as we go forward in the future.
And one of the other things I do want to mention was scale out resiliency. We're able to actually cluster with version 11, multiple standalone platforms. So we can actually create essentially, a single configuration to be pushed out to a cluster of platforms, and then they can essentially share that config and then scale horizontally with the traffic. Okay? And we call that in-way clustering. All right? Okay.
So in terms of roadmap, what are we focusing on for the year? When I talk about where we're focusing on, I'm trying to apply the 80% rule, because there's a lot of stuff going on, but there's really 5 major areas that we're trying to focus. Probably 80% of the efforts of the development team that's working on new features.
So one of the big areas is firewall security, both Dan and Erik mentioned that. And we have a project called UNITY, that I'll speak more about here in a moment. Service provider or telco mobile, whatever you want to call it, that's been a big focus area, that's going to continue to be a focal area for us. Now another big area, too, is that we want to continue to build momentum of the centralized management capabilities that were part of the 11 and I'll speak to that. Virtual environments, cloud, dynamic data center, all that, again that's a major focus area. And then hardware, and our hardware offload capabilities, we want to continue with that. So those are the big areas that we're focusing on. Okay?
So let's talk about a little bit about security. Now today, when you look at what we have with BIG-IP, we have 4 different modules associated with security. We have our Application Security Manager, which is a Web application firewall. We have our protocol security manager which applies essentially protections for protocols such as HTTP or DNS or SMTP or other things. But we also have, 2 kind of access-oriented security modules, our Access Policy Manager and our Edge Gateways. So to provide essentially centralized, either, where you can consolidate your access controls with APM and then remote access with Edge Gateway.
However, with TMOS, we actually inherently have a lot of security functions baked into it, such as DDAs. We can do with things with packet filters. In fact, this goes back probably about 4, 5 years ago. I was in China of all places, talking to a customer that was going to rebroadcast NBA basketball. And the biggest issue they had is they needed to run it at 10-gigabit rates. So no one had a firewall on the market that actually ran at those rates in those days. And so they were using BIG-IP to do that, and it's because we can do packet filters. We can do a bunch of things effectively. We could implement all the things that staple firewalls does, except we just didn't have the rules language, doing ACLs and things like that. So --
But in any case, over the last couple of years, we've seen more and more. And this last year, especially, we've seen a lot more -- especially, Fortune 500 customers actually replacing their traditional firewalls, just using BIG-IPs and we'll talk more about that.
So let's first talk a little bit about application security. I think this is really interesting because APIs, there's 6 years ago, there was about 500 APIs out there in the wild. Today, there's close to 2,800. And you can just see the type of traffic that's happening because of these things. And what's really interesting from a security point of view of APIs, is that APIs done wrong or a hacker's delight. Because an API typically has access directly to your database. So if you don't have a good strategy around how you're going to protect that, then you're exposing yourself, and that's one of the areas that we see. Plus, just the nature of the traffic in the data center has changed, because now you have more of a nodal flow versus kind of a classic client servers. So just applying network-based protections in these environments really can't stop the level of attacks that are happening, types of attacks.
Just to show you some of the statistics, Web vulnerabilities, this is climbing. There's been some very high profile and expensive and embarrassing exploits over the last year. You saw Sony, for example. This is all published in the public, where they talk about the PlayStation network was down for several weeks, they talked about $1 billion, I think, in terms of losses associated with that. We hear about others where content, subscriber contact was taken off the site and then sent out to the wild. So and It's all from these types of attacks.
Well, ASM prevents these types of attacks. We've had these for years, it's just now. There's been much more, I think, public knowledge based on these attacks, especially with things like the WikiLeaks attacks, some of the other things that have happened in the last year.
BIG-IP, ASM version 11, we did some substantial changes to data, as well as part of the 11. Mainly, the focus was on Web 2.0 and cloud -based applications. So we could support AJAX apps or JSON and a number of other things. We also did some things with it to increase its performance, and we some on the 11000 platform, we showed some exceptional numbers. And also one of the other things, we created a Virtual Edition of this, and I'll talk more about that why that's important in a moment. Okay.
And so here it is. So one of the challenges with security is how do you create a policy and manage those policies? That is especially for Web applications, because you don't want to know necessarily all the details about the Web application. It's very difficult to do that, Web apps change and how do you manage that? And so what we have what we call a Policy Builder that allows you to actually look at traffic, and based upon that, create a trust profile and then apply that, and there's other ways to do it as well. But with our Virtual Edition now, you can actually share policy from, say, you see an x plate in 1 data center or you see an x plate on 1 group of servers, and we're blocking that -- and based upon that, you can take that policy then and apply it to any other profile or to any other ASM that's located in your infrastructure. So it really makes it easy to quickly deploy and update your data center, okay.
And further making it easy, and Erik touched on this a little bit, this is notion of closing the loop on security. With a scanner, you're able to go and figure out what your risks are, and kind of look and see where the holes are in your infrastructure. While if you take, say, WhiteHat, we're partnered with them. It can actually create a report, we can generate a policy from that, we can apply that policy, they can run it again and then prove that we closed those holes. So it's very powerful, being able to actually say, "Here are your holes. Here's how we've closed your holes and here's proof of it."
So I mentioned that we have customers now, major customers, that are outleveraging us in essentially 2, 3 place traditional security appliances, such as firewalls. And one of the things -- which is great, and we're getting even more and more pull on those directions. Some of these recent high-profile attacks have really exposed -- why is this happening? Well, because these recent high-profile attacks have put a spotlight on the vulnerabilities with the traditional security approaches, okay? And one the big changes is that, these attacks now really focus on the application. In fact, WikiLeaks really showed that in general that, that it doesn't take a lot of resources to go off and do a denial of service attack against the Web server.
Slowloris was a specific vector that prove that. It would just steadily consume all the resources of the server, and then what would happen is eventually, either the servers would die because they couldn't get -- they had poor consumption or the firewalls will tip over for concurrent sessions. Okay? So firewalls were ineffective, IDS devices wouldn't stop it because it looked like a valid client, and the Web servers thought it was valid, so they tipped over.
So what you really need is something at the application level, and understands the application was valid and is able to manage that. And this just shows that there's actually several different types of attacks, but they're all targeted right at the server and the application itself. And customers, we have some major customers that were experiencing these attacks, but because they're running BIG-IP, which is a session-level device, which can manage the massive concurrency, and because ASM understood the valid state of the Web apps, we could actually block the attacks and ensure a really good high put, or high good put through their network.
So we want to build the some of this momentum and really try to unify, talk about how we have all these different security features and TMOS, and then we have these different application security modules. We really want to unify all this to make it much easier to deploy kind of a stacked security policy. And our focus right now for 2012 is we're actually getting traction today with customers, and this is kind of the Internet firewall market. Obviously, we'll expand beyond that in 2013, but our focus for now with this project, is to really go after those large accounts where, I guess we're already seeing traction. Okay? But the notions very simple, consolidated layer 3 to layer 7 security. And then being able to have a common management framework, where you can actually see violations at different levels and report on those, have alerting, consolidated alerting, reporting and management as part of that. Okay. Now one of the things that we also have in the 11 here coming shortly, and I believe it's already in the works from ICSA, but is to have ICSA certification for BIG-IP version 11. Okay.
So by doing this, the idea is very simple, is that we can protect all layers of the stack, right? Everything from layer -- really layer 1, if you think about it all the way up through layer 7. And then across that vertical slice of it, you provide things like PCI compliance, full denial of service mitigation. And then also, being able to apply there any things like IP intelligence, so you can create blacklists or white lists, based upon the types of exploits or what you're seeing at the various layers. Okay. And what that provides then is this notion of a unified security framework.
So it's very unique. Instead of customers having to deploy say, a device that, okay, I got now a perimeter firewall, and now I'm going to put an IDS, and now I need to apply, put this like some sort of application firewall. Now they can provide these essentially all in one footprint. Again, this is very focused at Internet, kind of the Internet firewall market to the large data centers.
Now one of the other things, too, with UNITY, we're actually building as part of this, a classification engine, okay? And we talk about -- you hear about this as applied to DPI, and I'll talk more about this because the technology that we're building there has very definite applications as part of our service provider strategy. But what's interesting is when you start looking at how it can be leveraged in the enterprise, there's a lot of different applications running around, and what's very valuable, though, is to be able to look within the apps, the flows of these applications, and actually do take actions based upon some of the content.
So, for example, I just show you here, we've got a file transfer in SharePoint, you wanted to identify the file, say, a binary format if it's true, you need to redirect it to a virus scanner. So it's very powerful because if you look at say, some of the other security vendors in the space, that do DPI-like classification, they can't redirect or resolve. They can report upon it and say, "Hey, guess what, there's this." And maybe they can block it. But we can actually steer the traffic to be appropriate server or resource to go manage that, and then take actions based upon that subsequently. And so it's a different approach. Okay.
And then looking forward as part of this, it's very simple. TMOS again, like we said before, firewall modules is kind of the basis of this, and then you start putting in pieces like our application visibility and reporting, so you get the analytics and the violations and the alerting. Classification again, is that foundational technology to identify content and manage that, make decisions based upon that. And then being able to apply security policies, both at the network layer all the way up through the application layer. And also providing secure remote access is part of this overall solution in unifying the management. So that's the vision of all this, you'll see a major cut of this coming up in our coming release late this year. And then obviously, we want to continue to work with our third-party partners in that whole ecosystem there. It's been very successful. We'll continue with that. Okay.
All right. So I talked about security, let's talk little bit about service provider, what we're doing in those, in that realm. Erik showed this slide, and it's a great because I think it really kind of articulates kind of our position. We do a number of things. The challenge that we've had still with service providers is that things tend to be very project oriented for our products. We go in there ourselves and very real problems. We may get put in for say a carrier-grade NAT issue, or we may be scaling some AAA infrastructure or a partner with folks for content optimization. So we do a lot of things in there, and really our focus as we look forward is, how do we get repeatable sales? How do we create enough critical mass, so that it becomes a repeatable sale and consistent whenever we go into accounts. And so there's some critical functionality that we're focused on right now to help create that critical mass, and that really is talking about DPI and traffic classification. And we actually spun up a team, actually out of our San Jose office about a year ago to go focus on this, because we believe it was a critical and so foundational, that we wanted to go ahead and get that moving. And again, like I said, for security, as well as for service providers.
So with this, we'll be doing traffic classification, subscriber policy management, so subscriber awareness. Providing all the analytics and then also, working with the different charging interfaces like the GX DY, the PC RF infrastructure. Okay.
Another big area is again, Internet firewall. The search providers have the same problems the Internet firewall guys or the large enterprises have. And how do you protect your infrastructure without doing a bunch of box replication. In fact, we have a number of service providers using as just in this capacity because the cost savings of the BIG-IP is significant because far less boxes are required to process the same amount of traffic.
Another area that we are very focused on is LTE. One specific aspect of this is Voice over LTE, and that's another important area for the service providers, because with Voice over LTE now, they can converge their voice and data networks, and that's a significant cost savings to them and we can help enable that. So that's part of it.
Multi-tenancy and virtualization is an obvious piece. And then also just continuing to enhance ourselves with the core infrastructure and the routing infrastructure. We've done a lot with iRules, interestingly enough. Because iRules, again I talked about a lot of the things being project-based. Well, a lot of times they have some very specific issues they need resolved, iRules have been instrumental in helping solve these issues. And so with that whole partner ecosystem, customers or our partners and our sales force has been able to go in there, and essentially get ourselves put in. And so we've been able -- we've been actually enhanced significantly the types of iRules that are available, especially like in diameter or set of other areas that allow for that flexibility and programmability at those accounts. Okay.
And then finally, like I said, VIPRION is one of the things that really got us leveraged into the service provider accounts, going back several years, and we're continuing with that. We were one of the only folks that has high-performance carrier-grade NEBS hardware that scales. Okay.
All right. So just a little bit more in classification and kind of some of the timelines. We actually are going to be releasing a trial version of this coming up in this quarter. This is going to be just more of a test version. We're going to get it out there. It's going to be limited to a certain customers, but it's really kind of that first step of saying, we're really moving quickly into this space with this functionality. So -- but we will have a full version, really trying to address kind of the core DPI market requirement integrated on top of BIG-IP, and those always are -- it's policy enforcement, the analytics, traffic steering and all the optimization capabilities. So, and look for that late this year. Okay.
The one thing I just do want to mention, what we're building -- one of the things like I said, is that we wanted DPI to be fully integrated with BIG-IP and all the capabilities that BIG-IP brings, and that's exactly what we're doing, is building it right into the guts of our TMOS-based operating system. And with that, then we can ensure high performance, but also, we can ensure that a common configuration as well, is being able to bring to bear all the other capabilities that a BIG-IP or TMOS brings as part of being in that footprint. So going forward.
Again, just real quick, these are just again, some of the features that we expect to have, so basic app classification. We'll able to have -- this is for the trial version that's coming out this quarter actually. And then you'll be able to have some -- we subscriber awareness, reporting and then also some of the iRule folks for being up to do things.
All right. Centralized management. We talked about this for a while, this notion of the control plane and Enterprise Manager. We don't talk about this much I know with these things. But an Enterprise Manager, we launched it about 4, almost 5 years ago, as a means to control and configure array of BIG-IP devices. And the protocol it uses today is iControl. We'll show you well it scales nicely, the push software, got statistics, using performance monitoring and all that. But as we go forward, as part of the 11, the notion was to take that and really make it much more dynamic and interactive, in terms of being able to manage clusters of BIG-IPs and provide much more information.
And so, for example, iApp, Erik talked about iApp quite a bit. I tend to think about it a little differently in some way, a little different perspective. One of the reasons I was really excited about iApp was that, it provided a new way to extract applications and objects within the data center. And what that meant to me was, we've created iControl years ago, so that the application administrator could affect events within the network, without having to know about the network. Well, iApp allows the network guy now to manage and affect things within the applications, without having to be the application expert. So, and if you take that concept and start to apply that across a broad data center or a number of data centers, then you can see the value of the vast simplification of management you get, especially when we start talking about virtualized data centers or clouds. Okay.
Anyway, moving forward. So a centralized management, like I said here, the idea is that iApp now becomes kind of data center control plane management application as we go forward. And that doesn't mean that it's the end-all be-all, because we will continue to work with third-party applications, right? So D center DCO or some of the new systems that VMware's working or with Matrix or other management system. So what we provide then is that glue in that context, for putting these applications together, and giving us essentially this control plane construct to manage these things, okay.
Enterprise Manager is changing, because we want to have flexible deployment options. It's now available to Virtual Edition appliance, and ultimately, we'll have it available as a cloud version as well. And I'll talk more about how it's going to be structured as part of that.
Critical to v11 was this notion of centralized management. And this is the infrastructure that allows us within v11 to essentially create these clusters or device groups. And its hierarchical in nature, and it interacts with EM, in a way that EM helps configure provision and manage these clusters. And again, it's unique because we're able to create essentially a trusted domain, not only within a data center with these clusters, but across multiple data centers. So it allows us to scale locally or broadly across major geographic areas.
Also within, in terms of being able to support our third-party ecosystem, we've created a new API, it's kind of a next-generation version of iControl, and that would be coming out this year. It's JSON-based. JSON is a common protocol for the data center, machine to machine. You want it readable, you see it a lot, but it's great for what we're trying to do here. But really, the end notion is, that when we look kind of in the future, is that we want to provide essentially this single-pane glass of view -- single-pane of glass view, I guess, of the application infrastructure, and these elements are the things that are the building blocks to go off and do that. Okay.
Device groups. This is again the thing that allows us to cluster devices, and it's very unique because again, these devices form a trusted group, and what that means is you no longer have to protect these things somewhere in your subnet behind firewalls or other security devices. These things can happen, they could be across data centers, they could be geographically dispersed, it doesn't really matter. And today, we can support 5, 6 of these units within a group. And so if we go forward, there'll be 50, hundreds into the future. Okay.
All right, so unfortunately, there's a build here. I'm not going to go through all the details of this graph. And, yes, I could, but I'm not going to do that. My colleagues have started to calling it the golf course graph. But really, the message here is, that it's a complex environment. You can see like, say, one thing it does look like a putting green, is that you could see devices like GTMs spread across multiple data centers, but they be able to be managed with a common configuration. And the other piece of this is, is that enterprise -- and this is not through a typical scenario in terms of the types of environments that we see out there at large customers. But you can see, too, that Enterprise Manager now can form essentially a hierarchy to truly scale the configuration, and then bring back statistics and provide essentially, that single-pane view of your infrastructure. So it's very powerful. And you can see, again, that it's not a simple thing to go off and do. Okay.
All right. Virtualization cloud, very important to us. Dynamic data center, we've talked a lot about that, Erik did. We're going to focus on that. One of the challenges that with the notion of the liquid data center is now absent become mobile, right? In the years past, you configure a server, you'd IP it. You do a very minimal of your OS, then you'd run the app and then you promptly hopefully forget about it until it was time to upgrade. Well, with virtualization apps come and go, and that's changed how apps have to interact with the network and how apps have to interact with the users, okay? And this has been a big driver of our growth because the thing that BIG-IP inherently does well is connect users to the applications, regardless of the infrastructure that it's working over. And so that's been a big -- it's been a growth area, we're going to continue to focus on that.
Another thing is the hybrid cloud. You have kind of pure-cloud environments, but really what we've seen, the traction, area's attraction is this notion of the hybrid cloud, that a lot of times customers, yes, they'll run the Virtual Editions, but also, they need the physical hardware because they either need the performance or the scale that it gets. They need that flexibility, and our goal here is to provide essentially just that, is to provide essentially a common management framework, a common way to control that abstract software that is a real or virtual environment. All right.
And then just another area is of honorable mention here, is that extra cloud extender for supporting multiple clouds. And that storage tiering we've now supported, I think, at least 5 different public clouds and probably there's more coming. But we want to extend that notion of being able to extend the cloud not only for storage, but for applications as well. So we'll see more of that as we go forward to the future. Okay.
I just want to mention, we have most of our modules today are available as Virtual Editions, and have been for almost a year. With version 11 we brought forward a couple more of ASM and APM. And as we go forward, we'll have these for all of our modules. Okay. And what are we doing here also. We're simplifying some of the licensing to make it easier to work with a cluster of these.
Performance. We always want have better performance and reduce memory footprint. We also have today, lab versions of Xen and Hyper-V, which are the other 2 hypervisors out there. And more production versions of those are coming, of course, obviously, decentralized management. And then look forward to some public cloud versions as well.
All right. Platforms. All right. So I wanted to speak to our hardware a bit. Erik and Dan both spoke to why we build it, and it's been great for us in that we started out actually years ago, essentially using off-the-shelf PC-based hardware. And the evolution has been, it's been moving to a full vertically integrated stack, where we do everything from bare metal board design to our own FPGAs to our own operating system to our own drivers, all the way up to stack. And the reason we do that, like Dan mentioned, is that it allows us to control quality. It allows us to select the technologies that best or suited for our future roadmap. To provide the best optimizations and performance, as well as other areas and functionality. And we've been successful with that, and it was a big differentiator for us. And a big part of what -- the benefit of doing this is, that we have deep partnerships with major component vendors in both of the server, as well as the networking space. So not only do we get visibility into those 2 markets because of the component vendors we work with, but we help drive the technologies as part of that. So they actually listen to our inputs and on their future roadmap, they have -- roadmaps, I should say, they specifically include features that we have asked for. So it's great. Plus, again, like I said, we really understand what's coming on the server side. We actually understand really well what's coming on the networking side, so it also allows us to make much more intelligent decisions on how to build our own roadmap.
We're going to continue on hardware offload to accelerate performance, either FPGAs, NPUs in some cases, other types of devices. Again, like I mentioned, we acquired intellectual property from Crescendo and we actually hired some of the key individuals over there that were doing a lot of this work on hardware acceleration. So things like security or other areas that we're really hoping really crank up our performance. Okay.
And then we're going to continue to enhance things like vCMP, with scale and density as we go forward as well.
All right, so this just kind of shows, just schematically, what a box of ours looks like. And it's kind of interesting, we hear a lot of people say, "Well, why are you just using off-the-shelf motherboards or why aren't you just buying servers?" And the problem is, that there's always compromises with doing something like that, right? There's if you're just using some of the newer NIC technology, well, you know what, they've got packet performance issues. That is when you start getting down the small packets, they start having issues. Well, that's not acceptable, because when you're doing high connection management, you need to be able to process small packets very fastly. That's why we have an Ethernet switch, that's why we have our disaggregation hardware as part of that. Right?
The other thing is, you need to be able to efficiently, once you got these packets in your system, you got to be able to get these things efficiently into the processing subsystems, right? And you've got to be able to direct them efficiently without software having to get into the middle of it all. And that's exactly what our high-speed bridge technology does, is it bridges the packet world with the processing world. So when we talk about being able to be -- make intelligent decisions really fast, these are some of the enablers that allow us to do that, right? And then we have various technologies that allow us to assist this processing. Everything from security all the way to classification, then obviously, then we leverage Moore's Law-based Intel x86-based CPUs, then to do a lot of the heavy lifting for, say, like our TCP stack and other types of functionality.
You put this altogether, you get a very high performance platform and you can do other unique things, because since we control everything, now we can go build chassis. And that's exactly what we've been able to do, because we own the architecture straight up all the way through the chassis. Okay.
Now FPGAs. We don't talk -- we haven't talked a lot the technologies behind these, but they're a core component of our system, and again, like I said earlier, it's one of the things that really enables us to add unique functionality and glue together the entire system, and really optimize both packet performance or offload in certain areas. Like for example, we can offload things like layer 4. So for example, it's the thing that got us to 160 gigabits on a Victoria platform, and we do that without the CPUs having to intervene. So others aren't able to do this because they don't own this type of technology.
Now so what's an FPGA? Well, It's a piece of programmable logic, and what does that really mean? Well, if you look at the evolution of what FPGAs are doing, they follow Moore's Law just like the CPUs. So the amount of logic that you can cram into one of these things, it's an exponential. Or the amount of memories that are in these things, or the number of these high performance high-speed interfaces called SerDes, serial deserializers. And then the speed of these things. So these things absolutely, are obeying the same laws same Moore's Law. So not only do we get the benefits from the CPU world, but we're getting benefits from Moore's Law when it comes to being able to have these customizable logic, that's embedded deeply into the core of our system.
It's also interesting, too, and most people don't realize this, you look at the types of technology to get leverage there. These guys are further up that process curve in terms of having to have density of silicon or density of transistors than even the Intels of the world. So, for example, the new Stratix devices, 28-nanometer really tiny geometry, 3.9 billion transistors. And then just to give you a little bit of comparison here, Sandy Bridge 4-Core CPU from Intel is less than 1 billion. So these are very high density, very state-of-the-art devices. And we've done a lot over the years to develop the capability to leverage these things, both from the hardware side, as well as from our software side to take advantage of it.
Another thing that's -- another trend just to mention that drives the hardware is this HTTPS. Encryption everywhere. The thought configuration for Facebook is if it hasn't yet, it will come shortly, it'll become default, it'll default over to encrypted connection. That's a big impact on their servers, because it takes a lot of the heavy lifting for 2 KTs in terms of the hardware, and if we're just going to push this off here to your CPUs, you're burning a lot of CPU horsepower without a lot of benefit. But these are just an example of everyone heading over there. And in fact when I use Google now search, it automatically defaults to an encryption, to a HTTPS profile. So. And this trend is going to continue.
Today, we support we have a number different appliances, everything that goes from our 1,600 1-gigabit, all the way up to 42-plus gigabits with our high-end 11050. One thing we haven't talked about, we have some special variants of these platforms, SSL performance options where you can essentially, with a special -- with some additional hardware that we provide as part of the SKU, you can get up to a 3x performance in transactional throughput for the 6900, 8900s. In fact we have a new one, a new card, a new variant of the 1150 that will be coming for the 11 series, that will be able to work 10x improvement in your transactional value. And that's to really to help address that trend of HTTP, of encrypted traffic with SSL, as well as the larger key sizes and that's part of our roadmap.
We'll be introducing some new appliances in the next 12 to 15 months. There's 3 platform families, the 1600 which will replace the 1600 all the way up to the 8950, where we'll be leveraging some of the next-generation CPUs. Also with obviously, these will also have hardware offload vis-à-vis our FPGAs. And then also, we're able to leverage that kind of that next generation of SSL hardware that's just becoming available right now.
The 3 families are Stratos, which again is our one new appliance. That thing will be a 7x improvement in performance, based on, it supports the current generation, it will also support 10-gigabit ports. The Whitethorne. Whitethorne is kind of getting towards that midrange. It will have 1U, 2U variants. It will have, again, same type of performance improvement 7x, up to 7x. It will have some SSL performance options as part of that. And again, it will support multiple 10 Gb ports. And then Treadstone, which is 2U appliance. It's kind more of that mid to upper end. It'll be about a 4 to 5x performance improvement over the 69 or 8900 platforms. And it will be able to have these plug-in options for SSL hardware. And then again, we'll be doing hardware offloading. And then each platform because of the FPGAs will in excess 80 gigabits of L4. And then also, we plan on supporting natively on that platform a 40-gigabit Ethernet port, as well as 10-gigabit ports. Again, over the next 12 to 15 months, these will start to rollout.
VIPRION 2400, again, we talked quite a bit about this. There's -- it's been a great platform, well received by the field, I'm very happy with that. Just like our big VIPRION, there's going to be multiple generations of blades for these things, and we already got the next-generation in development as we speak. So that's moving along. I don't have a time frame today for this, but expect it to be on this order of our typical release cycle in our current VIPRION, which is anywhere from 12 to 18 months in terms of the updated blades.
So on our chassis roadmap, we are very active there, we have a new blade coming for the big VIPRION and you'll see that next quarter and it will double the performance of the existing blades. So if you look at that, that will give us 320 gigs of L4, 6 to 160 gigs of L7 in a single platform. And again, we'll be doing some offload there with some other things with our next generation of our disaggregation FPGAs and new high-speed bridges. You'll have hardware compression and some other features.
The next one is our VIPRION, our new P8 chassis, which will be an 8-slot box. Same Centaur Blades will work in that box, it will double the performance, so you'll go from 320 gigabits to 640 gigabits of L4, and you'll double the layer 7. So we basically double everything. What's great about that box, is it's really designed specifically for telco and NEBS environments, front-to-back airflow, some other things that we've been asked for. So that was actually more of the impetus to go build this thing, than necessarily just the performance parameters. But again it really gives us nice credibility and street cred, if you will, in the service provider environments.
And then finally, talking about our next-generation platform, this really gets us to that next level, it's in design now. Where as we start going hundreds of gigabits of performance per blade. Really to get to that multi-terabit class kind of capability, and a part of the reason we see this as important is, as Dan highlighted in his presentation that servers are getting faster, and we need to get faster as a result of that. In fact, the value of our platforms is we do things many times faster than servers, so that you can aggregate a large cluster of servers behind us. And of course, our roadmap is we're going to continue do that.
So in any case, that hopefully -- that shows kind where -- what our path is. We may have another generation between of Centaur Blade, between that and the Armstrong that's not fully decided yet. There's some other things we're looking at as part of this in terms of low-end. But this hopefully gives you the broad brush strokes of kind of where we're headed with our platforms.
All right, folks, well, good morning. My name is Mark Anderson. I'm the -- I run the sales team here at F5, and my objective here this morning is to, kind of, take it down, take the altitude down a little bit, maybe down to ground level.
One of the things that you might feel listening to our compelling technologies that Erik and Karl talked about is this is very technical stuff. It's very compelling stuff, but it puts my team, the sales team, in an enviable position to walk into an account as the dramatic technology leaders in our space. Karl talked about this technology leadership, and let me tell you, it feels good to walk into an account knowing that you've got, by far, the best technology. And, of course, we have the best, most focused people around the company and on my sales team. When we walk into account, and it's really not about beating our competition: Radware, Cisco, Citrix. It really doesn't matter. We crush them all. We do. We crush them. When we track competitive instances, we win over 90% of the time. And that number, as you may have heard me on different earnings calls, hasn't come down, and in some cases, it's actually gone up. So the challenge for us is not beating our competition. The challenge for us is showing up. And one of the things I wanted to talk about today is what we're doing as a business to invest in the resources to be able to get more facts [ph] with more customers to prosecute more opportunities and win more business and drive growth.
So really, the theme of my presentation, it's -- I want you to walk out of here with 3 things: Number one, to understand that we're investing aggressively in this organization. We're hiring world-class people to cover more geography with deeper penetration to prosecute. Number two, what I think is a growing addressable market. You heard Dan talk about the $5 billion of addressable market this year, growing to $11 billion in 2015. We need experts to get in front of customers to talk about why F5 for all kinds of use cases. And we're doing that aggressively.
And then finally, leveraging the use cases. As they become very technical and very complex, we need to invest in our people. So we've spent a lot of money and will spend even more money in the next few years investing and training and enabling our own salespeople, training and enabling our partners that we go to market within 95% of our transactions, and investing and training our customers, so that they can understand the wonderfulness that is F5. So I hope you walked away with those 3 things.
So let's talk about this massive penetration opportunity that we have. If you look at this chart here, I apologize if you can't see it from the back, but I think you can say if you look at these indices that we track on a daily basis, our penetration into the Fortune 500 at 64% here in the states is pretty good. In EMEA, 52% for the Footsie 500, again not too bad. It certainly has grown a lot in the last 5 or 6 years. And the 416 companies that are based in Asia Pac that are in the global 2000, we've got a little less penetration. I think symptomatic of our later investments into that strategic growing region for us. I think pretty good penetration on the high level. And I think you can also say we did a decent job of growing that penetration in the last year, growing it by 7%, 7% and 22%, respectively, for the different indices. But I really compel you to take a look at the penetration where they have more than 50 devices. And let me tell you that 50 devices is not a lot for a big customer at F5. We have many customers that have thousands of devices. We have hundreds of customers that have greater than 50 devices. So if you look at this penetration, we only have 14% penetration in the Fortune 500, 5% penetration in APAC. So there's fertile hunting ground out there, folks, and we're investing in hiring winning salespeople and building a good business to go out and prosecute that opportunity. I'll talk about that in a bit more.
One of the ways we're investing is, of course, we're hiring salespeople. If you go back and look at the end of 2003, we had 164 people around the world, a little less than 100 in the states. I started in 2004. We had 12 SEs in the states, and we had 9 people in Japan going after the business here. And really now just 7 years later, we've grown that team by 500%, even more in EMEA and Asia Pac.
So a couple of examples of why we grow and how the F5 way works. This is a lot of additional salespeople covering the dirt or covering accounts in a more focused way. So one of my favorite reps is in the Bay Area. When he started in 2005, he was one of the 2 reps in the Bay Area. It was split North and South. And then we had to term one of the reps about 6 months later, so he actually had the entire Bay Area to himself at the end of 2005. Today, I think he is one of about 20 reps, and he has one account -- well, actually 2 accounts, but one big account. And he does more in his -- against the sales quarter than he's ever done. Each successive year, he's made more money, and he's delivered more business for F5. And this is the secret, us salespeople are really simple beings. We're coin-operated machines. And you have to create an environment for them that's positive, that's a culture of winning, where they can walk into an account and feel like they are supported by an organization. They've got a dedicated SE. They've got, in some cases, a half of an inside sales rep. And they've got a partner ecosystem at F5 and our partners that are motivated and well-paid and trained to sell our solutions to allow this sales rep to expand.
Applying this model on a more dense basis around the world is something that we're not just going to continue to do, but we're going to continue to ramp aggressively in this model because we -- I'll show you the productivity numbers that support why this is a great return for not only F5, but our shareholders as well.
And then another -- just a quick example, look at Australia. Three years ago, we made a change in management. We had, I think, 12 people in Australia. I can't give you the exact number because Andy would fly over here from Seattle and kill me. But we grew the team by a factor of 4 and have grown the business by a factor of 6 in just 3 years by hiring smart people, by enabling them with a great support ecosystem. Really, really exciting times. And next week, all of us will be back in Seattle hosting our International Sales Conference. I think it will be almost 900 people at that time coming in to learn about our technologies for basically a week. And it's never been more compelling, I think. We haven't seen this many inbound quality requests to come and join F5 than ever before, and so I think the time is still ahead of us.
I talked a little bit about partners. I'll give you a quick brief of what we've done in fiscal year 2011, what we're going to do this year, and how we're focusing on systems integrators. Just from a numbers standpoint, we still have about 2,000 partners, 70 distributors. The 80-20 rule works pretty well here. I mean probably 80% of our business comes from 20% of our partners. They typically tend to be large, big system integrators that we've got a lot of resource focused on to help make them about productive. They're HP, IBM, Dell, and Dimension Data has really ramped up in the last year. UNITY, the framework for our partner organization that we launched last year that I spoke about here last year, UNITY was really successful. We continued the launch in UNITY all across APAC, with the exception of India and China and LATAM. We're going to do that this year, of course, in APAC LATAM and China. And then we also -- I'll talk a little bit more about the accreditation program that we rolled out, but over 2,000 partners have become accredited in one form or another. We launched a new managed services partner tier, which will evolve this year into kind of an MSP and cloud tier to recognize the fact that some of our partners are buying our technology and selling it as a service to their customers. It's a small piece of our business today, but it's growing and, certainly, I think that's where the market is going.
So this year, we're tasking our partners, we're surgically looking for new partners all the time trying to keep the number around the same, but we're asking them, once they have the capabilities, to go after the whitespace. I talked about that we have 59% market share. We win 91% of the time that we show up. We're obviously not showing up enough, so these partners have the scale that can get feet-on-the-street, and, as I said, you'll see how we're investing in enablement capabilities to make them more profitable for themselves and for F5.
We also tapped several of our security focus partners last year. They bring in the loop of what we're doing to grow our security business. And that will give them a really fast start when we start really launching the Internet data center firewall business that you heard Erik and Dan and Karl talk about earlier.
And, of course, always focusing on partner competency, investing our own resources and availing our tools to these partners, so that they can be productive and profitable, like I said.
Certification, Julian is going to talk about the evolution of our accreditation program, which is really certification, a real detailed certification framework that will launch over the next several years that will give our partners, but also our customers, the ability to have a CCIE-like certification that's verified and tested by a third party. They're very interested in that because there isn't a day that I don't go into a customer and they don't complain about access to high-quality F5 engineers.
I'll talk just quickly about our focus on systems integrators. I mentioned we had a great year last year with Dimension Data. I know we're a big focus to them. We are continuing to drive competency with our legacy SIs, HP, IBM and Dell. And last year, we felt the need to create a global tier with services opportunities for these partners. We branded that GUARDIAN, and you'll hear a lot more about that in 2012.
So talk a little bit more about field enablement. We launched our sales accreditation program back in May. We didn't hire a fancy marketing firm to come in and do it for us. We made it by F5 salespeople, by F5 marketing and product development folks for F5 salespeople, for F5 partners. And it was a really good organic, in-house development. We actually invited a few partners to give us some tidbits as well. And the feedback has been amazing. It's really customer-story-based learning. I'll show you a few screen shots. But it's not drab online learning. It's 12 hours of rich content with real examples, real customers, who have given us permission to use their name and real sale situations to teach people how to sell F5 technology.
We find that our partners that are educated to learn the sophisticated advanced features that you heard Karl and Dan and Erik talk about, when they can sell that, they sell bigger boxes, they sell more software. It's better for them and better for F5.
And you can see the stat of the progress is really fantastic. Over 2,700 people have taken at least one module and 2,100 people are fully accredited. So great uplift around the world from our partners, but also its mandatory for the sales team at F5.
Just a quick look of the screen shot here. This is the welcome screen. This is really high quality, talks about how we're going to teach you how to sell F5. Spiffy look and feel. And the elements here, there's tests after each module, but it's kind of foundational learning to learn about our market, specific sales opportunity, teachings that we think will help people benefit -- that will benefit people to replicate in their territories. And then kind of sharing best practices to talk about wins, and talk about opportunities that have been successful, again, to try to get people to replicate out there. And it covers all of our products. It's not just dedicated LTM or BIG-IP.
Just a quick screen shot here. This is talking Christopher Fricke from Clackamas County, up in Oregon for those of you that are East Coast-centric, which I suspect most of you are. Just using the specific example to show what the infrastructure looked like before and after we implemented ARX here, hopefully inspiring people to do this in their territories.
Secondly, we -- earlier in the year, we launched our technical accreditation. This is much deeper technical training to teach SEs, typically, systems engineers, presales engineers, how to sell F5 technologies. This is not how to configure and how to rack and stack. This is how to sell. This is driven by the sales team, supported by the company. And it's really good detail. I think it's 18 hours of learning, covers all of our products, and you get a nice spiffy accreditation. I can't tell you how great it makes me feel to walk into our partners' offices and see these things printed up, framed and hanging in people's cubes that are proud to know that 1,500 of them around the world have become fully accredited and over 3,500 have become -- taken, at least, one module.
And over the next month or so, we're going to be totally localizing this to both Chinese and Japanese, the 2 areas of the world where we've seen decent uptake in accreditation, but we really need to localize this. And so this will be done, and we expect great things in clearly those key areas of the world.
So not only investing in our people from a training standpoint, not only hiring people, but also focusing on what we need to do when they come on board to make them as productive as possible, as fast as possible.
So in the past few years we bring in -- we hired 300 -- over 300 people last, last year in the sales team. Now that's -- every other month, that's bringing 50 people in for onboarding. And in the past, it was 2 days, we had people show up and throw up with slides. And it wasn't really a great sort of learning environment. We've hired some really good people in this group, and we've evolved it to much more of an ongoing professional development kind of culture. We've created some cool tools like the F5 sales launch pad that allows new hires when they open their PCs to a browser to click on things like ordering business cards, click on things like how do you get a phone. Little things for sure but little things that happen quickly allow them to get out into the field and learn about how they can be successful and make money. They have to take the technical and accreditation programs to get to new hire. And when they get to new hire, it's a full week. It's really a team-based, hands-on kind of learning environment. And we try to create a community. We use Salesforce.com's Chatter to distribute all the responsibilities, the tests that they have to take, the projects that they have to learn about and then present to the team. And it's really a much more collaborative environment, and it's really all about trying to come up with measurable results that means something to me and the finance team at F5. So really, those results are very, very clear. It's higher quality learning, significant times saved for managers, so that the managers don't be the proxy trainers in the field, day 1 or day 5. And what we've seen is a full quarter of improved productivity. And I'll show you why that is real money in a few slides. But that way we can measure the return on this investment to provide much higher quality onboarding experience for our people.
So here's the sales productivity slide. This looks at the average quarterly bookings by tenure. We break it up into 5 different tranches, 0 to 6 months, 6 to 12 months, 1 to 2, 2 to 3 years, and 3 years and above. And clearly, you can see the more tenured reps are more productive. And it's a factor of 3 or so based on this number list scale. It's a factor of 3 or so between the people that come here in their first 6 months and the people that have been here for greater than 3 years. So big focus on this metric, people. When you're adding 300 people a year or more, you need to measure their effectiveness as quickly as possible. I mean we have always had, I think, a rigorous talent management discipline at F5. It's very clear to us and the salespeople when they show up if they're going to make it or not within, I'd say, 60 to 120 days. And each sales group, the first level managers, second level managers, theater VPs around the world have to present these numbers on a quarterly basis about their business when we do our quarterly business reviews. So big focus. And I think this proves out the success and helps me justify the -- pass the sniff test when it comes to making these big investments in productivity enhancement.
So you've got a productive sales team that's growing, that's covering fewer and fewer accounts or covering a smaller and smaller territory. It forces them, as meat-eating salespeople, to invest more in each account. And we track our million dollar accounts we have since 2004, and you can see a pretty impressive growth in these -- in the number of million dollar accounts from 16 7 years ago to over -- to 112 in 2011. I think pretty nice growth in year-on-year for us, 33%. We grew the number of accounts by 33%. But more important to me and I think to you, who counts our dollars like we do, is the productivity that we got from those million dollars accounts actually grew by 89%. So it almost doubled. So the money that we collected, the sum of the bookings that we sold to these accounts was almost double of what it was in 2010. And that, I think, folks, comes from focus on these accounts, resource enablement and properly incentivized partners and salespeople.
And then when we're talking about the customers that we're spending time with, without a question, when you're improving the functionality and you're delivering cool new features that our team talked about this morning, we are motivated to get them to spend more money over time with this focus. And since 2004, if you take the average of our top 50 spending customers, that amount that they spend has gone up by a dramatic amount, I think more than 10x. So this is an average of our top 50 customers. So this here alone is over $250 million worth of business. So really, I think again validates the focus and the attention that we're putting on expanding the team, expanding the focus and, frankly, making customers happier, solving more business problems with F5 technology.
So I'm going to take it down to 14 real, kind of, quick but real deals that we did with customers in 2011 that will highlight the real world of what happens when you develop this technology and customers want to buy it. And there's a variety of use cases. It's going to be enterprise, government and telco, but its real money, folks. It's what keeps F5 going. It's what my team is focused on every day.
First one in the Americas on the enterprise side, this is a big dotcom software company, one of the largest in the world. You heard both Karl and Erik talk about our venture into the Internet data center firewall. This is a big publicly traded company that was having problems from a scaling standpoint with their traditional firewalls when DDoS attacks really started to step up. So we've been dealing with firewalls -- I know Dave Janssen, the guy that runs sales ops for me, was the first guy at F5 to sell a firewall sandwich in the year 2000. So we've been touching firewalls forever. We've been enabling scale of firewalls even more so when we came out with our full proxy architecture in 2004. And it really told us and, frankly, told our customers that firewalls can't scale without BIG-IP. So this account allowed us to come in very quickly and do proof of concept to put a layer of BIG-IPs in front of their internet phasing traffic, so in front of their firewalls where -- as opposed to behind where we traditionally sit. And we were able to quickly move out a competitor, a traditional firewall competitor, who was going to command somewhere between $6 million and $8 million for their firewalls, and they spent $2.2 million with F5.
So this customer at the time didn't care that we weren't ICSA certified. They didn't care that we didn't have the management features that some of our firewall competitors do. They cared about scale. They cared about ease-of-use, and they cared about cost. And I think a lot of our customers these days are caring about costs.
Another next-generation firewall deal -- this is a major bank. This is an everyday name. We did the same thing. This actually happened during the weekend where the first WikiLeaks attacks occurred. This is an existing customer who have been doing business with us for a long time. They had 11050s that we had shipped the previous quarter in the core of their data center for one of their primary applications. They saw the WikiLeaks, the denial of service attacks, coming pretty dramatically. They worked with our SEs on a Friday to take -- decommission those 11050s, put them in front of their firewalls, because their firewalls were tipping over, and they actually took it out at one of the core applications. We had to overnight express ship. We had to call them evals [ph] -- sorry, JR, but we had to call them evals [ph] to get them there as quickly as possible, so that they could put them back into their core. But we prevented -- we helped them prevent from tipping over completely. They were one of the banks that weren't affected by WikiLeaks. And I think if you go back and you look at the ones that were, the few ones that were weren't F5 customers, but we're working on that.
So great leverage of the relationship, big money $2.5 million of services, $8.7 million of BIG-IP, but this is nothing compared to what they would have had to do to get this kind of scale with their traditional firewalls.
On the fed side, in the Intel group, we make money every day by refreshing our existing customer’s technology. I think it's less than -- 1/10 of 1% of our customers today are deploying Version 11. Of course, that's going to change the more we sell it. But still today 99.9% of the BIG-IPs out there are not current-level technology. So that gives our sales team and, in particular, our fed team free license to do -- and what they've really ramped up is doing these unsolicited proposals to go in and show why if you consolidate using our newer technology, you reduce footprint, you reduce your power consumption, you reduce complexity, and you can save money. And it's been very successful for us in the Fed group here in the states in particular, but this is something that we just do every day. I wanted to show it to you because it was a big deal. It was $1 million -- over $1 million for the business. And when we're doing this consolidation, we're taking older BIG-IPs, typically that have very little software on them, and we're up-selling to get people to take a look at APM, our next-generation worth of with services. Our solutions today that run as modules on BIG-IP have feature parity or feature superiority to the legacy separate box competitors that we compete with. So customers are buying this, they're paying premium dollars today with F5 as they do these refreshes. And I think that's why you'll see that our software as a percentage of our revenue continues to go up because it's a big focus.
On the service provider side here in the states, this is one of the big operators/landline carriers in the states. They wanted to go to one voice system across their wireless and wireline business. Voice over LTE, big project. This was just a lab to do proof of concept. They spent $3.65 million with us to test if we could do this for them to deliver this kind of functionality. So this is a bunch of VIPRIONs, a bunch of GTMs, and the rollout of this is going to be going throughout 2012 as they recognize economies of scale from moving from circuit switch, multiple circuit switched and IP-based voice offerings to their customers to be one unified LTE, Voice over LTE environment.
Another key thing here is we're not partnering with no-name resellers located in Topeka, Kansas. We're partnering with the biggest, the most impressive companies that are out there, like Ericsson in this case. So they're going to their customers, the biggest telcos in the world, and they're propositioning F5 opportunities because they know they can wrap their services around this as a systems integrator and make money for themselves.
In EMEA, financial institution win. I think this one is the many financial institutions that might be owned by the British government. I don't know if that's releasing too much information, but this is an existing customer that we decided to mount a campaign, to up-sell beyond our core business. They buy a lot of ARX from us. They buy a lot of BIG-IP from us. The team built a sales campaign to go and sell secure remote access in a highly scalable way, and it resulted in a $1.4 million over 2 orders in just 7 months.
Also in EMEA, a big insurance company based in central Europe that was not a customer. They've given us the Heisman on our core stuff for years. They were very compelled, though, when we walked in with an opportunity to show them how we could migrate them from legacy storage to Tier II or Tier III storage. We showed them how we could do this in a few weeks versus several months. We showed them the cost benefit, and it was less than a year ROI to do this without disrupting over 50,000 internal users. So just a great example of the compelling business case for ARX that we're getting better and better at winning.
Doing it at non-customers. So there's still lots of non-customers out there. This has given us a hunting license to go after them and work on some proof of concepts for BIG-IP and our other technologies.
Also in EMEA, service provider win. This is a northern Europe, large legacy operator. You heard Karl talk about the solutions, the winning use cases that are compelling to operators around the world. Carrier Grade Nat is one where we provide scale and we provide ease of use, and working with our services organization to build in support and build in services consulting to do a big deal and, compared to some of the big American or the largest European operators, a big deal at a relatively small company.
We're selling 5 or 6 used cases like this that represent great opportunities for us. But more importantly for our customers, it's more simple elegant way of doing this than doing so with legacy providers as they migrate to IPv6.
Over in APAC, on the enterprise side. This is a giant Chinese bank. This is another refresh because they were consolidating a bunch of data centers, trying to look more like a western bank, as they try do business in the U.S. and other non-APAC countries. We worked for a long time in this. China is a tough place to do business. They're very focused on price. In this case, they paid a massive premium over some of the legacy Chinese -- traditional Chinese competitors that we have there, but they did it because we're the market leader, we partner with the support organization to deliver much higher quality local support that Julian has invested in, in China. And at the end of the day, we refused to go lower on price and they chose to do business with us. And so this is one of many examples in China where I think we're selling value in an environment that can be kind of challenging for that.
In Japan, this is a power company win. We -- again another data center consolidation happened just after the disaster there. Working with our partners in Japan, I was really impressed. I actually had a direct reports meeting a few months after the earthquake just as a show of support to the big team we have now in Japan. The way that the Japanese people rallied in our business in Japan that we reported over the last 2 quarters was done pretty well, has done very well, much greater than our expectations, even greater, I think, in some of our comps, because we got a great partner base there that's focused on turning the page and moving forward just like this big Japanese power company. Really good relationships.
On the telco side, in Asia Pac, Japan, this is a great deal down under. This is an existing customer that was going out and spending money, trying to scale their firewalls because their DoS attacks were killing them. They weren't able to deal with the logs that were being developed, so we wrote an iRule to spin the logs from the firewalls off to a server to do the analytics there and meet the compliance that they're obliged to provide.
And this is a relatively new use case as you've learned that we've been able to go in to our existing customers and compel up to spend money. This is $1 million over the next 12 months at a relatively small operator. We also partnered with Huawei here because both Huawei and NSN were getting major heat from this operator because of the expense of operating the RAN nodes. So it was a really good win all the way around for us and our partners.
Carrying Grade Nat at the same customer. So we closed this $1 million deal, and they didn't give up. They kept selling other use cases like Carrier Grade Nat, and we're successfully able to extract another $320,000 in services to drive value at this customer. It was a quick sale cycle. Continuing to show these customers what we do is something that our sales team loves to do out there.
And then also in AP/J, this is another big operator that really goes across the theater. This is a giant firewall deal. We got in at the very last minute to compete against some legacy firewall providers. And we showed them that we could do on the same device we could do NAT, DNS64, as well as firewall. They weren't going to do the firewall right away, but they gave us the business on the NAT even though we were a little more expensive than some of the lowballing that was going on down there.
We delivered the functionality. We've got a proof of concept right now for the firewall. It's going to be on the existing footprint. It's just going to expand the number of systems that we sell. So great growth opportunity. And this is in an era where we've grown dramatically in the last 3 or 4 years.
And also in Asia Pac, this is kind of one of the emerging countries. I talked about expanding our footprint of salespeople and partners around the world. We've hired people in the Philippines and Vietnam for the first time in 2011, and we're already seeing returns on those investments. This is kind of a Platform-as-a-Service offering that this provider wanted to deliver to their customers. It's a cool use case that we're now federating out to many other providers out there. It's using VIPRION in their data centers, and it will use our virtual -- our VE devices, software devices out in the customer prem. So it's a great deal, not a big operator, but a big opportunity at this operator and leveraging the capabilities like vCMP that Karl talked about that allows us to partition users in their data center for different customers.
Another emerging Asia deal. This is selling the DIAMETER. I think Erik talked about this last year when we launched our service delivery networking concept. This is really this sort of coming of essence of this use case in a remote area who hadn't heard of F5 just a year ago showing that coverage that's supported by good partnerships can yield business for us. And this is a VIPRION deal in an emerging Asian country. So really, really good win, and again partnering with one of our largest telco partners, Ericsson, to allow them to win value as well.
So just in summary, I'd like to say, just to reiterate the fact, that we're very focused and committed on hiring the very best, enabling them with world-class tools and technology, so that they can get productive as quickly as possible, so that they can make money, put food on their tables, they can work with an enabled and motivated partner out there to build their business locally, selling services and F5 technology. And we're committed to doing that to drive the growth that I know we want and I expect that some of you want as well. So thank you so much for your time, and I'd like to call up Julian Eames, the SVP of business operations.
Edward J. Eames
Good morning, and thank you, Mark. I'd like to really start off before you see some of the numbers in the review we do of services in 2011.
Since 2004, since Mark has been here, the phrase "never confuse selling with implementation" really has gone away. If you add to that the work that Karl's team has done in product development, you'll see that some of the customers SAT scores that we get are really quite outstanding and can stand up against anybody in the industry. But it's not just services. It's the combination of the whole company.
So year-end review, great year in terms of revenue. I'll show you the chart in a minute, the 34% growth there. Additionally do that, consulting, training, installation grew by 64%. This was across the board in every geography, but the real standout was Asia Pac and that really grew quite significantly, and every deal that we do there has a consulting wrap around, and you'll see me talk about that some more as well.
Really very pleased with the delivery organization that we organized a year ago, really made it much more geographically focused. The piece we're particularly proud of is that we hire new people within 30 days of a headcount rec being opened. Added to that, every one of those new people go to a minimum of 6 weeks boot camp training before they're allowed to touch a phone, meet a customer, and that really sets the stage for their quality performance going forward.
You also see the install base is growing significantly. We have an uptake in Version 10, which may not be in your mind so much as Version 11, but that's where a lot of the maintenance release customers have gone to and in the uptake of Version 11 as well.
These are our customers SAT scores that we take as soon as soon as the client has closed the core with us. We go straight back to them. At that time, we get about a 17% to 20% return rate depending on the quarter. And you see here in red, for the first time we've achieved 9.4 out of 10. This for us, as you said, sets a new high bar for us going forward and maybe it's going to put us under some strain to keep us there. But that absolutely is where we're going to be. And we do that by taking every negative comment that we see in those surveys, sitting down as a management team, reviewing those comments, reviewing both process, people, training, what can we can do to improve. So it's a real culture of continuous improvement within this group.
You see we're consistent across all the geographies as well. If any of you have dealt with Japan, you will know that a 9 out 10 is a fantastic score there. If we look at our other metrics in terms of answering the phone, resolution time and so on, Japan is the region that we answer the quickest and get the best result, but we still have a score of 9 out of 10.
Looking at China, as Mark said, this was a new investment last year. It's the first year of this operation being in place and a fantastic result there, and we're there to help Mark's team sell.
We also add loyalty questions to our customers, and only 2% said they're unlikely to recommend our services. Again we review that 2%, we go back to those clients, we try to understand what the issues were. But 96% would recommend us. I'll put that against anybody in the industry.
Now we have board members who are a little skeptical of my results. So just taking my own customers SAT results wasn't enough. Within the marketing team, we also went out with SAT matrix and go and try and provide net scores here as well. And you can see that 50 is regarded as an excellence score by SAT matrix, and we've achieved over that. And this really reviews not just services, but the product, how the customers relates to us, how the customer relates to the sales team, what their relationship is with us. Again, the same process. Any negative comment, any negative scores, we take back, review and looked at to review to improve the whole company.
This is just a view of some of the efficiency metrics within the organization. And you can see the top bar there is the installed base and how it's grown over the course over the last 3 years, 44% increase. In cases, we've only had 34%. That says we're educating customers. They're not likely cases. We're making the product more robust, more reliable, easier to use, and so we're getting efficiencies there, plus we are pushing out more and more information in an as easy a format as we possibly can. And you can see the AskF5 pages view, which is our knowledge base for clients with easy search to get to how does this work, how do I implement A VIP, how do I implement iApps and so on. So the more information there, the more solutions we put out that are absolute better, and we have a whole team dedicated to do that.
If you remember last year, I did a very un-English "woo-hoo" to iHealth. iHealth is a tool that we have built originally to help us diagnose issues with clients when it's a set 1 [ph] and time is of the essence. We found, having developed the tool, that client could use it in a proactive rate to avoid issues, which is really the best place to be when uptime is so key. It only works in Version 10, so that's probably why you don't see a huge number there. But you can see we have nearly 800 users using the product and over 5,000 users of Quickview.
Additionally to that, we've been able to use that data both within marketing and within product development to see the use cases of our clients, to see if they are using it with firewalls, to see what applications they're using. And this is giving us really useful data in terms of development going forward as well.
Our revenues are really great chart there, which I'm very proud of. I could use Mark Twain's quote, but a really great year in 2011 growing by over $110 million. These are our attach rates for renewals, which is still our main driver of revenue in that arena. Very pleased with the first 3 years. Fourth year is down slightly, but that's totally the effect of the Chinese warranty program, whereby we sell 3 years of support up front at the end of the 3-year period. We then have to go and try and find some of those customers. From a revenue perspective, it's really negligible. The Chinese buy a lot of low-end systems and their pricing is very acute, so it has little effect there, but trust me, we're still trying to chase every piece as we go along.
We, as you know remember, use service source in a number of the geographies as an outsourced renewal provider for us. And they tell us our renewal rates are way above anybody else in the industry, and we keep pushing to be at that position.
The clue for next year in terms of how our revenues will grow, you can see the deferred revenue chart growing. And 2011 was great growth as well, and we're very pleased with that, and we'll continue to be as efficient as we can in terms of looking for revenues for next year.
So for the focus for 2012. Service delivery really is to maintain the quality of the hiring. We hired 220 people into the organization last year. We have very low attrition, but we do lose people internally. They go into presales, they go into the consulting organization, they go into product test and marketing and so on. So to keep that turnover of people and keep new people coming in is absolutely critical.
We've improved AskF5 literally in the last 3 weeks with a better search engine. We're seeing the results of that already. We are adding in better diagnostics into iHealth and investing there. And with both service provider and the security teams, it's really a case of investing in expertise and training. We know the F5 products inside out and backwards. With service providers, sometimes we don't understand their language, so we put back training into place as well so we have a team that are absolutely in focus with the client there.
And as the security market develops, we already have teams split out by security today as we develop more into the Internet firewall. Again, dedicated team into that arena.
Mark alluded to the certification program. This is a huge investment for us. It's going to take 3 years to rollout in total. We put a team in place, so very much focusing on what are the tests we want to do for each level of type of engineer who would deal with our product. So for those tests and do the research for that is around 11,000 hours of investigation. And we're using not just F5 people. We're also involving our partners, but also our customers. And our customers have really taken to this very well and are actually volunteering their time to come and help us develop what those tests are going to be. The structure, as we planned it literally a month or so ago, look something like this. You wouldn't have to take a test for every level. But as you combine tests, you go up to the very top there in application delivery architect.
And in consulting services. As I said, we had great growth over the course of 2011. But really, I have taken the time to sit back and develop our strategy here. We don't want to be a body shop. We're not going to go higher hundreds of hundreds of people across the globe. We don't want to dilute the gross margins that we have, but we do want to get those services out to our clients.
The anecdotal piece is always having consultants on-site improve the stickiness of the implementation, improve the smoothness of the implementation.
So we try to test that. We went back to our $1 million sales of 2007. We then reviewed what those clients did over the next 3 years and whether or not there were some correlation. And we found those that bought training and consulting purchased 22% more product over the course of the next 3 years. We're doing the same test for 2008 as well.
We also cross referenced that back into the database in terms of who's low cases. And we found that those same clients logged 50% less priority one system down type cases. So much happier customer, which is the whole reason for having consulting there. Our plan is absolutely to help leverage product sales rather than be a services organization in our own right.
In the course of not just developing the strategy, we've also put in both marketing and business development people. It's the first time that we've had that within services, so I think this is a great step forward and really looking forward to some of that implementations. We have this strategy chart in place. We're looking at new customers, new implementations, new technology. And F5 absolutely wants to be involved in providing professional services in that arena. Once we've been involved in the beginning, we're going to develop packages that we can give to our partners to help them both sell the product and sell their own services, deliver their own services and make their own money at the same time. So you have a chart that really looks like that. In the left-hand corner, F5 will dominate, but around the edges, we push it out to our partners to help them leverage more product as well.
And then lastly, one thing. As Mark showed you the growth we've had in product sales over the course of the last 7 years, we've been doing the same thing with services, but we're trying to catch up a bit this year. We will have a services outside salesperson for every sales region that will help the product sales team put together both a maintenance package but also a consulting package for that client in the implementation going forward.
Mark also talked about the UNITY program we rolled out for our resellers last year. We had a maintenance program based on that, but we're also now putting in a whole Professional Services piece as well. So partners will be accredited or recommended by ourselves. They will have a ways of making money both in terms of delivering themselves, but also by selling through services as well. So that program gets rolled out this year. So really, the aim is to have both maintenance and professional services around every deal that we sell in the course of the year.
And that leads me on to Jim.
Thank you, sir. Well, that's a tough act to follow with the revenue stats, the customer loyalty stats, the overall customer satisfaction, but I'll do my best.
So I'm going to talk about -- once I sent my timer here, I'm going to talk about some of our strategic partnerships and the efforts that were putting forth to continue to expand the relationships and ultimately create more demand for us in the industry. And that's really the focus of this presentation is to focus in on what's working today, what's driving those partnerships from a solutions standpoint, from go-to-market standpoint, and ultimately, what's coming in this year and in future years.
So I'll touch on VMware, Microsoft, Oracle, Dell, HP and IBM. And also this year, I'll talk a little bit about our growing service provider partner portfolio, which is an area that we've made some pretty significant investments in, in 2011, and we'll continue to move that forward as we get into 2012.
So I'm going to start with VMware. And of all the partnerships I'm talking about today, this is actually the youngest. We've been partners with VMware for just over 4 years, but it's become a very large and definitely rapidly expanding partnership that centers around some 18 to 20 integrated solutions that we've developed in conjunction with VMware that fully address the type of requirements we talked about this morning. Customers are increasingly looking for infrastructure flexibility as a key component of how they deliver applications and services to their end users.
Cloud computing is, obviously, entering the picture. Data centers are becoming more and more virtualized, more and more complex. So having that agility, having that flexibility is really important. And those are some of the things were enabling with VMware.
In addition, obviously, the customers want to continue to drive cost out of the equation, not like cost as it relates to the capital, but cost as it relates to the ongoing operations. And our core value proposition of creating efficiencies and physical servers by driving the utilization rates and packing more virtual servers, virtual machines into those servers is a really core piece of our value proposition that resonates really well.
In addition, we've got some real significant value add around VMware View, their VDI solution, for streamlined remote access for security, Global Traffic Management, directing users to the data center that best serves their needs, as well as the value around LTM. And I'll talk about that on several points throughout this presentation.
So looking forward, how do we continue the growth that we're seeing with VMware. And this partnership is really rapidly expanding. Really, our 4 key components, there's a solution component I've already touched on, and we'll continue to drive a solution strategy, including leveraging the v11 and building a repository of iApps. We'll continue to drive the type of demand creation that we've seen with marketing programs, the big events like VMworld, but also more local, more intimate events out in the territories. And we're investing more and more into driving this relationship into the field.
In addition, the channel is key. We map our channel with VMware, we look for leverage in that channel and how we can drive these solutions into the market. I'll talk about a specific program that we've got going with Dell in a little bit.
And on an increasing basis, and you'll see this theme throughout this presentation, not only with VMware but with other partners, more and more we're driving our strategies out to their field, leveraging and educating their field. It's a big challenge and it's a big opportunity, but we're committed to making sure we're touching all of the VMware folks who should care about the network infrastructure that supports their deployments.
Back in February, we received a pretty prestigious honor that really validates the solutions strategy I'm talking about. We were named Global Technology Innovator Partner of the Year for VMware. And it really underscores our strategy of building solutions that address those customer requirements.
Here's a win profile that really is characterized by a growing trend in the industry, us working tightly with VMware to basically compete with Citrix in the VDI space. Now VMware is gaining market share. They're up about 28% in the market. And we're seeing that translate into more and more traction with VMware on a field basis. So this is a customer who is a large North American oil and gas company, 5,000 employees across multiple data centers, trying to do some really interesting things with iPad access. And they brought in Citrix, they brought in VMware, laid out the requirements, and ultimately, we drove the discussion to a POC and worked with VMware to install and to execute on that POC. Customer was really first looking for just remote access, and we were able to expand the conversation to incorporate the other aspects of our solution. And to make a long story short, we won the deal. It was $0.5 million order. And others vendors involved, Citrix, and there was another ADC vendor that was being evaluated for that piece, they didn't even get to execute the POC. Their stuff was boxed up and returned.
So good indication of a growing trend in the industry, and that's us working closer with VMware around VDI.
So I'm going to switch gears here and talk a little bit about our application partner strategy. And specifically, what we're doing with Microsoft and Oracle. But before I get into that, I'd like to share with you some data that we track on a quarterly basis.
We track and report on about 30 different applications each quarter that drive bookings for us. And here's the top 10, and I'm going to touch on just a few of them.
Microsoft Exchange. You heard Erik this morning talking about our iApp for Exchange and the way that we're leveraging V11 to add continued value to those type of deployments. Exchange is turning into a huge driver for us. And the good news is it's still relatively early days. But by the end of this year, the market research that we've gotten suggests that about 20% of all Exchange users out there will have made the jump to 2010. By the end of next year, that's going to go up to about 45%. And then by the end of 2013, we're looking at about 60% to 70% of all users will migrate to Exchange 2010. So this area where we're seeing leverage and we're seeing pull is going to continue for the foreseeable future.
Another application I'd like to dive into is IBM WebSphere, consistent top 5, top 10 performer for us. I'm only going to talk about Microsoft and Oracle in this presentation, but we continually see WebSphere as one of the top applications that we secure, we optimize, and we make highly available. And we've just added some additional engineering resource to that team, so I think you can continue to see this trend in the future.
The last one is Oracle Database. I stood up here last year and I, for all intents and purposes, announced our suite of solutions around Oracle Database, which we had just announced at the Oracle OpenWorld about a month before our Analyst Day last year, and to characterize this as a new market opportunity for us. We're absolutely seeing that happening. The fact that it's a top 10 application is significant, and we think we've got some good upside there.
So with Microsoft, some of it should look fairly familiar. I mean, we have a very strong solution portfolio around unified communications and collaboration, Exchange, SharePoint, Link, also various Windows server technologies. I think the real key here is we got a very strong, very robust go-to-market machine that takes these solutions to the market, both from a classic marketing perspective and also from an education and channel leverage and field enablement perspective as well.
So as we look to what are the keys to continuing that growth, it's really going to continue the investment, continue the strategy on these type of solutions given the upside we see with Exchange, we're seeing Microsoft do really well in the marketplace with SharePoint, which is a strength for us. We're going continue to drive this program and this partnership in a similar fashion. One of the lofty goals that we have as an organization is to go out and touch, educate, influence all of the Microsoft resale experts, whose job it is to understand the underlying network infrastructure to deliver these applications. It is a lofty goal. We've actually kicked it off about midyear in 2011 but we are seeing pull from that in the form of recommendations and referrals and leads that are filling the top of our funnel. So we'll continue to invest there. I mentioned v11 as a key strategy for all of these partnerships. We already have a number of iApps created for our Microsoft solutions. You'll see that grow as the year unfolds. And then lastly, there's a growing security opportunity within the Microsoft arena. They have moved to sustaining mode their Web access gateway, TMG. And what we're doing now is positioning ATM as a really good alternative for customers who are deploying exchange and/or deploying SharePoint and need that secure Web access.
So with Oracle, we've got a very complete solution stack. I talked about it last year. It really is at the heart of what we're doing with Oracle. We touched the application space, the middleware space, the database space. And I think what's really going on in this partnership is, almost 11 years of close working together, collaboration is really beginning to compound. And when we get into an opportunity with Oracle and whether it's just selling our solutions on our own merits to customer with the channel partner or whether it's actually collaborating with Oracle on these deals, we really feel like we don't have any competition. This is a real area of strength for us. So we'll continue to drive that strategy into the marketplace. We'll continue to educate the Oracle field through their Enterprise Solutions group, which is a presales organization that we have programmatic access to. I thought that was going to switch.
But we'll continue to drive the field engagement. We'll continue to participate in their presales training program, where we're a platinum sponsor. In fact, my team is out in Red Wood Shores literally today. We get in front of their presales SEs and overlays once a quarter to educate them on our offerings, and this is producing significant pull for us.
So I'm going to transition over to our data center partners, specifically Dell, HP and IBM. If you look at our Dell partnership going back a couple of years, maybe 2 or 3 years, I think you could characterize it as primarily North American-based channel partnership with really close collaboration between our sales teams. Well, that collaboration still exists. We are extending the partnership globally now. We've really started that over a year ago and we're starting to see that bear fruit. In addition, we're moving it from a channel relationship, more of a fulfillment relationship, to a solution based relationship. So I just talked about our solutions with VMware, how they're creating pull, Oracle, Microsoft, things of that nature, we're driving those solutions in conjunction with Dell. They're adding their own products, their own services. We're going out into the market and seeing success there.
In addition, we're working more and more with Dell services, specifically their infrastructure consulting services practice. And that's an organization that was born out of the Perot acquisition and augmented by growth and hiring that Dell has done to be able to go in and help people optimize their data centers, do things like IPv4 to IPv6 translation, do things like virtualization and consolidation solutions, we've trained now over 1,000 of those consultants and enabled them to go out and tell our story. So as we move forward, we'll continue to drive the Microsoft and Oracle solutions through Dell. We'll continue to grow the portfolio with few [ph] ICS. We'll continue to educate that team and create pull in doing that. One of the areas that we're focusing on pretty heavily with Dell is around virtual desktop infrastructure, specifically with VMware. And what we've done recently, just literally a couple of weeks ago is, we teamed with VMware to go in and train Dell's inside sales force whose now out there actively calling down on customers, pitching our solution and opening up opportunities for us. So it's very early days but these are the type of programs that we're driving to partners like Dell and will continue to deal with them, HP, IBM as well.
One last thing I want to mention is, with the Force10 acquisition, we've seen some additional traction with the Dell networking team. What's happening is, they're going in, they're aggressively positioning the Force10 products and finding out that customers are very interested in those products, but they're also very interested in talking about a broader network architecture. And we obviously have a suite of products that can augment what Dell is talking about and make it a bigger opportunity for both of us.
So with HP, it's a very broad, very diverse partnership. As I've talked about in the past, the 2 main pillars of the relationship are what we're doing with HP Enterprise Services, and now, with -- and HP Technology Services. Within HP ES, which is the former EDS, we're a standard in a growing standard in terms of our portfolio, selling into their managed hosting organizations, selling into their outsource accounts. And now, also, being a standard part of their private cloud offering, which is a relatively new thing that we're going to continue to enhance and grow in FY '12. One of the new things that's really just occurred with HP is we executed a global reseller contract with HP Technology Services. That actually happened just about 5, 6 weeks ago. Now HP has been a channel partner of ours for years. We've used them as a channel partner worldwide and it's gone fairly well. The difference in executing this global contract is that we now get programmatic access to a number of different go-to-market programs, marketing resources. We're seeing HP invest in the relationship by assigning people dedicated to us in various pockets around the world and we've got the ability to put together a cohesive plan with sales targets that we can execute against, and in addition, start developing packet solutions that they can put on the truck and take to market. So IPv6, Microsoft solutions, we've got a pipeline of about 3 or 4 other solutions that are coming. So the relationship is taking a step up in terms of this formal programmatic mechanism to drive our solutions into the field.
So how we'll continue this growth and how we'll continue to expand the partnership is relatively straightforward. With HP ES, we'll continue to expand the portfolio until every single one of our products is the standard. We're seeing a number of network refresh-type opportunities, older technology that they're replacing consolidating with our technologies. Many of them are competitive replacements. And I think you can probably guess who the company is that we're replacing. And then we'll drive this private cloud offering as well to create opportunity there. With TS, it's really all about enabling those programs, driving that global reseller contract and making sure that the engineers are properly trained, the sales people are probably trained to go out and do a good job of pitching our solutions.
So with IBM, there's a new element to the IBM relationship as well, and I'll talk about that in a minute, but we continue to drive solutions through IBM Global Technology Services, solutions around application performance optimization, which has been, for a couple of years now, a good driver for us. We also are getting involved in a number reference designs and reference architectures where they can go in and they can sell product and services that result in customers transforming their network to more of a cohesive futuristic architecture. With IBM software, I mentioned WebSphere, that's a key part of our strategy, but also, we're working very closely with Notes and very closely with Tivoli. And Tivoli is very important because it's a key component and a growing -- an importance component of their cloud strategy. So we actually are the first vendor to be fully integrated with Tivoli's service automation manager, which is a very key component to their cloud offering. The new part of the relationship I want to talk about, it happened about midyear, is our elevation to a partner status with an IBM sales and distribution. This is basically their field organization. Prior to this, our route to market was primarily through GTS, to the sales team around the solutions that we built. Now IBM sales and distribution gives us more access to the IBM field, to the client execs and has a series of programs around this alliance, the win strategy, which actually is a formal quarter-by-quarter program that we're snapped into with IBM, that ultimately gets us access to the field, gets us access to formal marketing programs, gives us a heck of a lot more visibility into the IBM sellers.
So that's going to be a key part of the strategy going forward, is leveraging that, maximizing that, taking full advantage of that access that we're now getting through that S&D alliance. So I mentioned that we're becoming more and more a part of some of IBM's cloud offerings. Actually, right now, there's 2 of them that are complete and there's another couple that we're working on. And this is one that we just collaborated with VMware on and built in advance of VMware Europe, which was about 2 weeks ago. So we actually demonstrated this in Copenhagen with IBM and VMware. And it's a demonstration, is probably the best way to describe it, with a ticketing agency. And the demo showed the ticketing agency in steady-state before a large concert event went on sale. So you were able to see what the steady-state looked like, and then as the on sale period opened and people were going online to buy concert tickets, you can see where the traffic is increasing dramatically and also the response time and the application began to degrade. So our role, right, is to then invoke cloud resources to go out and grab some resources from the cloud and add that to our traffic management load-balancing pool and now it really extend the capability of the application to serve all of those users during that peak demand period. And then once the on-sale period was over, went back to steady-state, pull out [ph] the connection. So this is true on-demand resource allocation that we're facilitating with IBM and VMware.
So I'm going to touch real quickly and what we're doing on the service provider space. I said that this was an area of investment we built. We increased the organization in FY '11, we'll continue to do that this year. We're really focused on 2 different types of partners here. We focus on those that are above the line, are your embedded solution providers. In the past, I think, we've talked about Ericsson, we've talked about Nokia. We added Decision this year as a new partner. These guys actually embed our technology into our broader solution that they sell into the carrier service provider space. In addition, they assemble solutions as an integrator, oftentimes picking from some of these partnerships in the bottom of the circle and drive those solutions into the field and help us win deals. The technology alliances, those are organizations that are in the video optimization, mobile data optimization, caching, policy control and enforcement space. We'll continue to build that ecosystem and we'll continue to partner with the embedded providers up top to put total solutions together, encompassing our technology partners, as well as our own products, and drive those into the market.
So hopefully, you're seeing that these are very big, these are successful partnerships with a lot of key elements that have been working and a lot of new elements that we're working on as we expand the partnerships in 2012 and expand the opportunity in doing so. From an enterprise perspective, working with folks like VMware, IBM, Del and HP, we're going to continue to drive data center agility, data center infrastructure flexibility. I talked about our App strategy touching both the application stack, the middleware stack, the database stack, we're in really good shape there. And there's a growing, growing security play with Microsoft to augment some of the things we're already doing with Oracle around database and application security and also around our APM with Oracle Access Manager, which we've talked about in the past. And then with the service provider, we're going to grow the ecosystem, we're going to continue to build and drive integrated solutions into the market, put those into the hands of our field teams, work in conjunction with the domain integrators and continue to execute on that strategy.
So all in all, we've got a growing opportunity here, we're creating more demand with these partners, we're continuing to invest with these partners and solutions, and in marketing, and really a key area is going to be this field enablement and education that we're driving with all of our partnerships. Okay, thank you.
Thanks, Jim. So for those of you who may have come in a little bit late today, my name is Cooper Werner, I'm Vice President of Finance. I will be channeling my virtual Andy today. Andy isn't here today. He had a family illness that he needed to attend to. So I'm going to -- what I'm going to do is just kind of go through the business model into some of the financial trends that we've been seeing over the past couple of years, just to give a little bit more of a flavor of how we're growing the business and how it positions us for growth in the near future. So starting off just taking a look at our most recent fiscal year, and I think, really, a very strong financial performance for F5 in a fairly challenging economic backdrop. Proud of the top line growth, we did 31% year-over-year growth, and that was coming off of a 35% growth-year in 2010, so really strong top line and driven by good growth both from product revenue at 31% year-over-year, as well as -- or 29% in 34% growth out of our services business. So we're getting good contributions from both. And then we had good contribution from all of our theaters and I'll talk about that a little bit more in another slide.
All the while, we did it very profitably. So if you think back to our Q4 of 2010, we had a big gain in our out margin going from 34% up to 38%. This year, we really continue to drive the top line, all the while investing aggressively in headcount and yet, we're able to consolidate those gains on the op margin at 38% throughout the year. So we're really happy with that. And then our balance sheet is in really good position right now. We still have no debt. We've built a cash and investments position of over $1 billion and we have a good deferred revenue balance when should help drive our service revenue growth going forward.
So just to take a look at some of the high-level metrics from last year. I talked about the revenue growth, we're very proud to have achieved the billion-dollar milestone. And then, as I said with a good operating margin that we saw, we were able to grow our net income by over 50% on both a GAAP and a non- GAAP basis last year. Cash from operations looks good with over $400 million generated last year and again invested aggressively throughout the year, adding nearly 500 employees and that's really going to set us up going forward. We've talked about this market opportunity that we see in the early days of penetration. And so we've been making investments, investing in training that we think is already going to set us up to continue to drive the top line.
Okay. So this slide is basically it’s a snapshot of our business as of our most recent quarter, Q4, just to kind of get a flavor where the business is coming from. So in our last quarter, we did about 60% of our business in the Americas, very strong finish to a strong financial year. And then by vertical, telco was our strongest vertical, and that's pretty normal for F5. Our fiscal fourth quarter tends to be a strong quarter for telco. That 26% is still a really good result and I think you've seeing a lot of these secular trends that we've talked about that are shaping up in the mobile world really kind of coming together for us and we've got good technology to address some of those concerns that our telco customers have.
And then our gross margins at 83% overall for the year, and those improved incrementally every quarter through the year. We continued to put a lot of focus our gross margin, looking at all elements that can help drive gross margin up, anything from software to the COGS in our box to where we fulfill from, and so we've seen good results out of the gross margin. But also one thing that I'm really happy see is our service margin up at 83% because it is a big revenue contributor for F5, so having those good margins there really helps. But I think it also speaks to the stickiness of our product and how much our customers really rely on F5, that we're able to maintain those high margins and the high tax rates that Julian referenced earlier.
Okay. So just taking a look at our mix between product and service, and we've obviously spent a lot of time talking about our approach to driving product sales, but I wouldn't want it to get lost how well our service has been growing as well. It is a big driver of our overall growth. So most recently, we've been doing about 37%, 38% of our business from services, in the low '60s for product and we've talked about how we expect product revenue growth to begin to accelerate in our Q2. But we also have a deferred revenue balance that's up 32% year-over-year and we've been making a lot of investments in our professional services as well. So we think that we can see good growth out of both of those elements of our revenue.
Then geographically, we talked about on the call that we saw a good growth from all of our major theaters last year. Europe has obviously been a tough climate for the last 2 or 3 quarters and yet we still had 19% growth out of Europe last year. Japan obviously with the natural disaster, was kind of a tough start to the year and we did over 20% growth. And then there's North America, we did 31% and over 50% in APAC. So really good contribution from all major geographies. We talk about investments and how we see opportunity everywhere and I think that really is reflected in the numbers that we generated last year.
So from a vertical perspective, we have 3 verticals that typically drive about 60% of our business, with finance, technology and telco. And each of those tends to range in the kind of 20% to 25%. It can vary a little bit quarter-to-quarter. As I mentioned, telco tends to have a strong back half of the year for us. We get asked a lot, what's the one industry, the one vertical that you think is really going to drive your growth? But that's just not really have we look at it. We think enterprise, we think telco. And both of those, we've been executing very well over the past couple of years and so we've been getting a balanced contribution. And hopefully, you've taken from some of these presentations that we've gone through today, that we see a lot of really good tailwinds coming from both the telco side of the business, but also with a lot of resourcing on the enterprise side. So we talked about iApps and how that's going to make us more sticky and help us resolve more customer problems in a more efficient manner. That's going to help drive our enterprise business. So we don't think this trend changes over the next couple of years. Really good growth opportunity from both sides of the house.
Okay so just to kind of take a look under the hood a little bit on some of the dynamics of where we're selling, how we're selling. And if you go back a couple of years ago, we had good revenue growth but we thought we had a big opportunity to do a lot more in our major accounts and we did a realignment of our sales force, having more of a major accounts focus and really focusing on solution selling, with the view that we thought that we could be selling larger and larger deals. And we're happy to see over the past couple of years that we've been executing on this strategy. So you see those deal sizes are up pretty significantly from '09 through 2011. So in the most recent year, we were doing over $90,000 per order on average. And we have a broad range of solutions that we sell, so that's a good trend, but we still think that that's early. And then if you look at the mix, very balanced between our high end and our low end. So it's not just selling -- And we talked about VIPRION a lot, it's not just selling the high-end solutions. We're competitive across the board with our portfolio. What we are seeing, and if you look at some of the examples that Mark showed, we're seeing a lot of sales where it's a lot more devices per sale, but it's not always high end. It can be low end or high and. We're seeing a lot more software per sell, and again that's getting back to our solution strategy. So we're seeing order sizes go up, staying competitive across the whole portfolio. And then in terms of where we're selling our base versus new customers, in 2010, we did that realignment of our sales force to be more focused on majors. We saw a really, really good growth out of our installed base. And so that's something we're happy to see. So in 2011, we continued to see good growth but we also started investing aggressively in the headcount, in the productivity and what we saw is the new business start to grow even faster than the installed base. So for us, the focus is really on both going forward. But I think you're probably going to see this trend that we saw in the most recent fiscal year, it will probably stay about that range.
Okay. So just some kind of more standard business model trends and the thing I'd really kind of more focus along is the headcount. We made a decision to invest more aggressive in headcount a couple of years ago and a lot of that is based on where we felt we were penetrated and how early days it was for us in a lot of these major verticals and markets. And so we've been investing aggressively the past 8 quarters or so. We added over 140 employees last quarter. We're going to add more than 100 this quarter. And that all is really tied to trying to drive top line growth. Our gross margins have been steady at 83% as I mentioned. And the operating margin is able to consolidate at the 38% range. So the high top line growth combined with the good profitability has really driven a nice trend on an earnings per share basis.
So on the balance sheet, I mentioned the deferred revenue, that's almost entirely deferred service revenue. So about 32% year-over-year growth, that gives us a lot of comfort that we can expect to see continued growth in the coming year. Our DSO metric has been stable in the mid-40s. We have really clean receivables, high-quality of sales and that's a trend that we see continuing. And then good cash generation, as I mentioned, with over $120 million last quarter. And so what we've been able to do is build up our cash and investments position to over $1 billion over the last year. All the while, executing on a fairly aggressive buyback. We bought back over $270 million of stock over the past 4 quarters.
So headcount, as I said, we've been investing pretty aggressively over the past year. We've been able to find good talent across most of our major functions. We're a technology company, so we're always going to be investing aggressively in technology. And then of course, the sales and services team as well, as we continue to grow our customer base and expand our presence in the market. So if you were to look back a year ago at these percentages, they're pretty consistent because we are investing across the board in our business.
Okay. So just to take a look back at our guidance. This is the guidance that we gave out in our call last week. Of course, we don't update the quarter, but just to kind of reflect, we said we thought we could do revenue of $315 million to $320 million, coming off a very strong Q4 where we did $314.6 million. And what we're seeing is some seasonality and then we talked about this a lot over the course of the past year that it's our first fiscal quarter, so we think there's some seasonality. Despite the seasonality, we'd still think we can grow the revenue this quarter. So gross margins, pretty consistent with what we just did, kind of 82% plus or minus. OpEx will continue to grow as we continue investing in the business which yields the earnings per share of $0.99 to $1.01 on a non-GAAP basis. And then cash from ops will continue to grow this quarter, we have a target of greater than $130 million.
Okay, so kind of tying it all together and tying together a lot of the messaging that we've been giving today, just looking forward for this year what we feel we can do as a business. We expect to do at least 20% revenue growth this year. Of course, this is predicated on the stable economic environment and no serious deterioration to the macro. But when you look across our business, we see -- we look at the opportunities out there in terms of low penetration, we look at some of the early trends that we've been seeing are very favorable in terms of growth on deal sizes and the hiring we've been doing and the productivity gains we've been seeing. And then the innovative technology that we brought to market with version 11 and VIPRION, we really think that we're in a pretty good position right now to expand our business, continue to grow out in some of those edge areas of the market. All the while, our core market is growing very well. If you reflect back on Dan's slide that showed that the expected growth rate of just the core market being at 20% plus over the next few years, I think that hand-in-hand with the other adjacent opportunities that we're seeing, really is where we have the confidence to believe we can grow this business at a 20%-plus rate.
So gross margins, we think, will stay steady through the year. Again, we're very happy with our non-GAAP operating margins, those are really kind of at the head of our industry. If you look across our peers, these are world-class operating margins. So we'll be very happy to keep them at 38% while continuing to invest and drive the top line. Our stock-based compensation will probably stay steady with our current quarter until our next grant, which is next August. And then CapEx of $6 million to $12 million a quarter, kind of a wide range. We have a number of investments we're making, infrastructure-type investments that will vary depending on the quarter. But that's the range that we see. And then, last, our tax rates at 35% for GAPP and 33.5% non-GAAP for the year.
So that's kind of the wrap on the business model. So I guess at this point, we'll go ahead and bring the management team up for Q&A.
[indiscernible] I apologize for running a little late, but we will, obviously, if you're staying for Q&A, but if you have to go, we understand. So Mark is the nearest.
Mark Sue - RBC Capital Markets, LLC, Research Division
Mark, RBC. John, a question for you and if everyone wants to chime in, if we look at 20% plus growth for next year, that implies an extra $250 million in incremental revenue on top of your baseline. How should we think about that in terms of rank order? Is it incremental revenues from your pushing to security? Is it hardware upgrades driven by TMOS 11? Is it more share gain? Maybe if you can kind of give us a sense of rank order of how we get to that extra $250 million. And please don't say its broad-based strength.
What did you say at the end?
Mark Sue - RBC Capital Markets, LLC, Research Division
Okay. It's pretty broad-based. Sorry. The key things that we at, the pipeline of business, we keep making this caveat as assuming conditions are likely out. So we look at the pipeline of business, we feel very good about competitive position. So v11 and VIPRION 2400, I think there's definitely going to be some room there. We hit a lot in terms of the bottom-up forecast, the bottoms up forecast. And we look at sales productivity, and then we look at that tenure of the sales force and the productivity. And we're not just talking about over a year, we're talking about over a fairly extended period, we feel, that we've got a very good opportunity to deliver.
Mark Sue - RBC Capital Markets, LLC, Research Division
Do you think the security element is probably the largest for you in dollar value, is that kind of...
We definitely think there's incremental stuff that will happen because of security. We're not going to give the number but we definitely think that there's some incremental. Having said that, our core ADC business is pretty robust right now and I don't see that changing anytime soon. Alex, and then we will have to go back to the back of the room as well.
Alex B. Henderson - Miller Tabak + Co., LLC, Research Division
Alex Henderson, Miller Tabak. It seems pretty clear, in listening to the presentations this morning, that you're at what you would describe as an inflection point where you're changing the paradigm in the data center from a hardware stack to a software stack. And as that happens, you're going to have to go through a process of teaching people to think in those terms which has not traditionally been the orientation of the data center. But ultimately, that should result in an acceleration in the penetration of your products, in the uptake rates and the strategic importance of your products. So at what juncture does that create an acceleration in the rate of your performance? I mean, if you're going to become -- if I look at VMware as the solution to optimizing the hardware stack by moving the application away, you're the VMware to VMware. You're the guys that are automating the application layer. So when does that take off and when does that really hit an inflection point where you're really changing the game and getting that benefit?
Yes, a great question, but a tough one. I mean, it's a tough question. I mean, if you just -- looking at it simplistically, most of what you say there I agree with. I do think as an inflection point here, and I do think we've got real opportunity with things like iApps to be much more significant in the data center. The reality is, version 11 is going to be really important for that, because that's what iApps is involved and a lot of the stuff, and when we look at -- with the CMP version plus with multiple setting, et cetera. And typically when we look at the new role out of a TMOS operating system and we've got 2 examples of it, pretty good examples with 9 and 10, it typically takes a year, 9 months to 1 year, you'll see maybe 20% in the first quarter of shipments and I think -- so there's not an ingredient anywhere involved with it. No. Will things like iApp, as we -- we really think that ROI is pretty tremendous in terms of deployment of apps, will that accelerate that? Possibly. We'll see. I mean, I don't think there's any downside in terms of productivity, I think there's upside. But that's not you'd come back to the very first question, that's really built into we were thinking. I was thinking more about what's the sales force got in the year, what's the competitive win rates, what's the pipeline. If we get extra because of the architectural, a real jump in terms of architecture relevance, that's great.
Alex B. Henderson - Miller Tabak + Co., LLC, Research Division
Well, the other side of that coin is the risk associated with a longer sell cycle developing for a period of time, where the strategic decision is more -- a lengthier process. Probably the chain...
Yes, I don't see that. And the reason I don't see it is with things like iApp, that's definitely not the type of potential. But then you get a something like virtual CMP where the sales cycle will be very quick, and for simple reasons, you can run multiple BIG-IPs in one box. That's not a difficult concept. So I think that's going to be that's a pretty, that's an accelerator. And most of the early buys of version 11 have been the CMP, where the customer saves money, the failover is much more flexible as well and it's an easy concept.
Tal Liani - BofA Merrill Lynch, Research Division
Tal Liani, Bank of America. the question I have is on the security. There was a lot of focus this day on security. And the question is, how do you view yourself in the market? Is it a threat on existing security players or are you going to develop new areas in security that are currently not being served? So should we look at the current market size of firewalls as your addressable market or is it something different, something else?
Yes. I'll answer that and then I'm going to pass. So I'm the only one talking here, but I do want to get my own opinion. Well, first of all, the application firewall is obviously critical to security and we're really leading that. That's not so much a threat especially to traditional players. In terms of when we talk about the traditional firewalls, wins that we've been having, that is pretty threatening. I mean, that's basically -- there's a replacement normally going on at that point. That's very focused at the high-end, so it's probably more in the Juniper-type solution area to help service provider on some of the big accounts. It's very focused on Internet data center types environments. If you look at Check Point with the tremendous capability they've got in management across the enterprise, I don't think it that threatening to them, to be frank. Anybody?
Matthew S. Robison - Wunderlich Securities Inc., Research Division
It's Robison, Wunderlich. If Citrix win some business by bundling with -- for VDI, how do you -- do you just coexist with them for other applications or do you have to go back and win the business back, how does that...
I know the answer to that but I'm going to pass it to somebody else so somebody else talks.
Yes. So, we coexist. The Citrix VDI solution is specific to only their VDI. So you still have other applications, you still have a need to secure them, accelerate and ensure they're highly available. So we're in there. I think what people, we've seen this happen a couple of times, realize over time is having a separate access acceleration infrastructure for an asset area over here for VDI doesn't make long-term sense if we're to think about the -- a repeatable extensible architecture that applies across all applications and services in the environment. So we've seen customer's wins, fairly large wins, where the NetScaler part of the VDI deployment for Citrix was proposed but taken out in exchange for leveraging F5 infrastructure.
Jess L. Lubert - Wells Fargo Securities, LLC, Research Division
Jess Lubert from Wells Fargo. Questions for John. ARX continues to bump along the road, very little talk about the platform today, and I would imagine this business is still operating at a loss. So can you help us understand how you're thinking about the growth prospects for ARX in fiscal 2012, and how are you thinking about resource allocation with respect to ARX this year versus last year?
Yes. So I think I've have been fairly public of some of the internal frustrations in terms of the growth opportunities because you saw some of the sales wins that Mark talked about in ARX. They're really quite compelling and the customers will talk about them as well. Having said that, numbers are numbers, and we've really not been scaling it to any significant degree. We have been focused quite heavily over the last year in terms of looking at OpEx and being very cautious about any more investment. In fact, in some instances, we've actually taken some expertise in that environment and moved them on to management and development, similarly in sales. And that's the view we're going to take of it. We're committed to it. It's very important to our customers and we're committed to our customers. But we're taking a much more detailed look before we'll invest. We want to see some more money for us coming in.
Jess L. Lubert - Wells Fargo Securities, LLC, Research Division
So is it fair to assume that your expectation is that ARX will grow less than the 20%...
The ARX is not a major factor in the statements in growth.
Jayson Noland - Robert W. Baird & Co. Incorporated, Research Division
Jayson Noland with Baird. I wanted to dive a little deeper into iApps as it compares to iRules. You said iApps could be as popular as iRules someday. How many are available today? How are you going to engage the developer community? And I assume you would use DevCentral as the platform for delivery.
Yes. Absolutely. So with version 11, we launched with about 20 iApps and then since then we've actually introduced another dozen or so. And I think, sort of similar to what we saw with the introduction of iRules is that the real momentum takes place when the community gets a hold of them and starts adopting them and improving upon them and sharing them with each other. So we're just at the very, very infancy stage of that with iApps. But from everything that I've seen to date, I think the trajectory will parallel and perhaps be more accelerated than we saw with iRules.
Jayson Noland - Robert W. Baird & Co. Incorporated, Research Division
And then the difference between them.
Yes. So the difference -- yes, big difference with iRules and iApps is, number one, is that with iApps, we're speaking the language that application people are used to, so it's more accessible to them. You require a lot less expertise to be able to go and do it. So you can take something that's like about 500 line iRule or something, and you don't require somebody who's has that degree of expertise to go and employment an iApp. So that's one of the big, big differences that goes on between the 2. And like I said before in the presentation, speaking the language of the application people out there makes it much, much more accessible to the wider market.
And you can think of and iApp could be a collection of not only specific acceleration profiles but also iRules. I mean, in iRule for the exchange, what I was showing here, that requires a special type, and it's unique, a special type of transaction integrity or persistence that is accomplished via the iRule. But that is massed from the user when applied within an [indiscernible]. It happens to be one object as part of the overall iApp construct. Is that clear?
The goal with iApp, and it's a fairly lofty goal, is really to have an ecosystem built. I think it's very, very possible to do that where you have -- and very -- have some examples of this for value-added resellers, build an iApp, run the solution and we sell it because it gives them added advantage. Systems integrators, we could hook systems integrators into large deployments of apps using iApps. Again, that's very, very sticky. It really is pretty revolutionary and the barriers-to-entry in doing it is huge. So we think it will be just a major, a real crown jewel here.
John Slack - Citigroup Inc, Research Division
John Slack, Citi. Security clearly the focus today as an incremental opportunity, how should we be judging your success in security? What can you give us to kind hang our head on.
It's going to be difficult for you. It's going to be revenue growth and if we are meeting and exceeding our targets, you should feel happy about that. But what we won't be doing, no, because it's really difficult. It's so subjective when we sell -- if we sell a firewall, for example, the chances are they're doing encryption as well and doing some application optimization, they may have Web accelerator involved. So it's a bit like the application security module. Quite often, when we sell that as part of $1 million, $2 million deal, was that the one factor that produced that? Maybe it was in some cases, but in other cases, it wasn't. So I'm afraid it's overall revenue growth.
Jeffrey T. Kvaal - Barclays Capital, Research Division
It's Jeff Kvaal from Barclays. I was wondering if we could revisit the seasonality question a little bit. I think, typically, you've talked about March being a seasonally weaker quarter. I was a little surprised to hear that December is now going to be a little seasonally weaker because telco is a bigger part or piece of the puzzle and typically, although that was early this year, but typically telco does have a big December quarter.
Actually, last year, think it was Q3 and just like we saw this year with telco. But specifically, when we look at sales -- remember last -- a year ago, our book-to-bill was less than 1. So when we look at our -- I remember too, and so sales bookings, we look at and we are definitely seeing that. And there's no question that is -- and by the way, we'd be the only technology company that I know of that wasn't seeing seasonality. So there's nothing weird about it. I think what was weird was that we hadn't seen it, if you go back 2 or 3 years ago.
Jeffrey T. Kvaal - Barclays Capital, Research Division
Some of the companies that are quite bigger than you actually have similar growth or slower growth rates year-over-year but also post sequentially sort of establish revenues in their fiscal fourth quarter -- first quarter, sorry. So I guess I'm hoping that, that seasonal pattern could be a little bit better than what you're showing us.
That wasn't a question. So I'm glad you're hoping.
George C. Notter - Jefferies & Company, Inc., Research Division
George Notter of Jefferies. My question, you had a slide in the presentation that showed the top 50 customers and how they grow as they mature over time, I guess I'm wondering what the profile of those customers would be. Are those very growth e-type customers like Internet content guys or hosting outfits or is that indeed representative of the overall customer base?
I know that if you look at the -- if you take the 3 major VAS cos, for example, they're all represented in a -- it's pretty broad, it really is. I mean, so there will be financial customers in there, you'll have large dot.com-type, e-commerce-type customers in there. Certainly, service providers in there.
George C. Notter - Jefferies & Company, Inc., Research Division
And do you think that picture looks the way it does because of just raw bandwidth growth or is that more oriented around additional up-sales of follow-on software modules or how do you parse that?
I personally, and I complement as Mark, some biasness, I think it comes from his organization where you hire the right account managers on an account, and lo and behold, they'll start to penetrate more projects as long as the products are great and the customer sounds good.
George C. Notter - Jefferies & Company, Inc., Research Division
I guess I'm assuming there's a need there, right? Also, you can't just have good sales guys and grow an account period, right?
Yes. We are very confident of that, that's why we look at the penetration by customer.
Brent A. Bracelin - Pacific Crest Securities, Inc., Research Division
Brent Bracelin, Pacific Crest. Two questions, if I could. The first question is really around the 150 features in version 11, the vCMP functionality, you clearly have 120,000 units installed out there. Is there something different about version 11 that potentially could propel a hardware upgrade again over time more so than maybe -- version 11 versus version 10, first question. And the second question is really for Mark, around the service provider opportunity, you referenced this $3.65 million kind of lab trial. One, was it successful? Two, if you've got a $3.65 million deal for a lab trial, what's that potential opportunity for next year if they decide to move to a production environment?
Karl D. Triebes
[indiscernible] But back to your first question, yes, like I said, v11 is the largest release in 7 years for us and a lot of functionality. vCMP, I think, will be a big driver. It's going to take -- and we've had customers already out there with it, but it's one of those things that will take time to build momentum because it's a very new feature, it's a very new construct. We have new platform, the 2400, which it's got a great price point, very high performance and we're continuing to build on that. And then we have a lot of features, service provider market that I think that's going to get us momentum there, especially once the sales force gets more familiar with these and gets out with the customers. I just think it's one of these things, just like version 9 was, that it just starts to build momentum over time because of its content, and we're following this up with some more releases in the next year. It's not like this is it and that's it, we're sitting in our laurels. We would have a lot of functionality in flight behind us that's going to build upon these opportunities that I think version 11 creates.
I'll pass to Mark on the specific sales question in a second. But I'm -- just as Karl was talking there, we said that we had great shipments of the 2400 last you, it was the first full quarter of shipping. Great majority, I mean like massive majority of those were version 10, because version 11 was really only available towards the end of the quarter. So we think -- so version 11 with vCMP, the 2400, is the ideal scenario. So we would expect, and I think I've said this, we do expect version 11 to accelerate over time the 2400. And yet, we had a tremendous quarter with just version 10.
Brent A. Bracelin - Pacific Crest Securities, Inc., Research Division
No. I mean, obviously, it sounds like a very important win, you highlighted it. So just talk, a, did you actually have a successful lab trial? Let's not go into the opportunity for next year and maybe specifically talk about, is this carrier-grade NAT or more than just carrier grade.
It's much more than just carrier grade NAT, Brent. This is an existing customer, this is not a new relationship. And in fact, this is a customer that's helped us create new use cases for BIG-IP. So the trial is a long-term trial. It's a big bet for them and it's a big bet for us, and I can just say that I'm pushing people that don't need to be pushed to drive success on this, on both the customer side and on an F5 side, so I'm expecting success.
Brent A. Bracelin - Pacific Crest Securities, Inc., Research Division
So it's still in the lab at this point?
Correct, yes. It was a last quarter deal.
Unknown Analyst -
I had a question on, actually 2 quick questions. On the version 11 upgrade, what percentage of your installed hardware base can upgrade to that versus having to buy a new platform and actual hardware platform? Can you give me some reference on that? And then the second question is on the -- you want to answer that first before I go to...
So on the version 11, we'll run down to the Buffalo Jump platform , 6400 and such. However, because we want to -- we have a standard practice to support customers as long as possible, so they get the most of their investment. However, to really exercise it and take advantage of it, people are going to want to. I think it's going to be pretty compelling for people to look at, saying, okay, maybe I'm running at 30% capacity on this older platform, but if you look at the price performance ratio of the VIPRION 2400, it's perfect. And it's just one of those things where I think it's a pretty compelling event to say, "Boy, I want the vCMP functionality version 11, I want to become much more operationally efficient with iApps, I want to take advantage of all the modules that can run on there. If for the extensibility, am I really going to want to use this platform that's 4 years sold? I could, but it doesn't really make sense? I've already amortized it, so let's look toward a hardware refresh." I don't have specific numbers off the top of my head.
You said Buffalo Jump, so that's shipments into roughly 2004, so it's a big part of the base?
Unknown Analyst -
A big part of the base can upgrade, but do you think...
It's more likely -- typically, they'll do hardware upgrades at the same time, especially the older versions.
Karl D. Triebes
And the older platforms may not be able to support the features of the 11, so we'll support them up to the extent of the features can be supported by that platform. So, for example, vCMP today runs on the VIPRION 2400 and the VIPRION 4400. We're probably not going to port it back in future releases down to the lower end platforms if that makes any sense.
Unknown Analyst -
My second question was on the efforts you're doing on DPI. Once you have that, it would seem to me some of the functionality would potentially compete with some of the GDSN, EPC vendors, but some of them are competitors, like Cisco, so that's not a problem. But then others like Ericsson, Alcatel-Lucent, Nokia, Siemens are partners, how do you manage that? What's their perspective on this business initiative you have?
Yes, I mean most of the competitive element will be against the smaller solution providers. I don't think -- because what we are doing is effectively, it's almost like a stand-alone DPI plus what we've got in the traffic scene that doesn't compete with any of the bigger guys. So I don't think that's got any big effect with the bigger partners that you're talking about. Obviously, Cisco, I understand there's competitor there but were used to that. And then I think we're going to have -- we'll probably have lastly 2 questions and then will call it a halt. So a couple of questions.
Sanjiv Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division
Sanjiv Wadhwani from Stifel, Nicholaus. Maybe a question for Mark. When you look at 2012, between security and service provider, we do see sort of larger opportunities between those 2 sort of segments?
Yes. I mean, I see, clearly, service provider as a vertical, it's got a legacy focus for us. We've got some mature relationships, so we have probably bigger overall opportunity there. It was 26% of our business last quarter from a revenue standpoint. But I think like Dan said, I mean, the solutions that we're selling around security apply probably more greater to telcos than they do to enterprise companies. So some of the examples I put up there are big [indiscernible] Internet data center firewalls at telcos because they have such massive amounts of inbound traffic. So I hired a dedicated VP of Sales Worldwide for our telco team. Today, they're integrating into the geographies rolling up to the theater VP. So this fellow is going to manage this in a matrix until the scale is big enough to make it separate at some point in time in the future. So we're really continuing to crank our focus around service provider, but it's going to be selling all the use cases that we do where we can extract money from customers and deliver value.
Erik Suppiger - JMP Securities LLC, Research Division
Erik Suppiger, JMP. One for Karl, on the security front, specifically on the Internet firewall front, just how developed is that product or that technology at this point. You had talked about customers that are using it, but is this something you're going broadly out to market with at this point or do you need the ICSA certification, where are you? And then I'll have a second question after.
Karl D. Triebes
BIG-IP has had the capability to be a fully stateful firewall since version 9 released. And the things that it was missing to really be effective in that area was high-speed logging capabilities in some of the event management pieces. And then also, the ACL like rules language that most firewalls have and quite frankly, it wasn't a focus for us because we're focused in other areas. But more and more over time, we're seeing, like I mentioned during my presentation, back in 2006, we had customers deploying us because -- as a firewall, because of our speeds and capabilities. And over time, that awareness is built and grown to the point where we're seeing enough success, where we have critical mass and we want to focus on the functionality and consolidating that. And so in terms of doing network firewall-ish things, the real thing to add is just ACL language and tie that together with some of the other capabilities we built in, like we've built in a very high-speed logging interface now that's capable of the alerting and everything, we have third-party relationships with the C vendors [ph] and some of the other security folks out there. And so, yes, we'll have ICSA certification here shortly with version 11. So we think it's going to be competitive and really, it's about building momentum than trying to create a new product, and basically get credit for what we're already doing and just get enough critical mass around that product set that we can carve it off and customers can say, hey, this is a full firewall and oh, by the way, because of these new generation of attacks, we can block these things that are really attacking the application layer as well, right, in a consolidated viewpoint.
So it really is more of a sales and messaging and marketing issue rather than a product problem?
Karl D. Triebes
It's a real product. I mean, there's real work that's going on, a lot of things like DPI, for example, the classifications are a core component of the strategy, and that's not yet in the product. But right now, for what we got in the product, it's a very capable firewall, and the sales folks are getting successes and these successes breathe successes. And it's not like small little podunky [ph] companies that are implemented. These are major Fortune 500 companies with massive Internet presence that's using us to replace traditional firewalls. So let's keep building off of that and the product follows basically -- the new product features will follow the successes we built throughout 2012.
And then second question for Mark, you had made reference to the penetration of the Fortune 500 with 50 plus boxes. I think last year, you are around 12% of Fortune 500. This year, you said 14%. How can we think about that? Is that something that you're going to move up quickly, is 2% a year kind of your target or where can that go and how big of a growth driver is that within the broader -- within your broader growth of opportunity?
Yes. Sure, Eric. So I mean, the first step is to get in and to build a relationship and do your first piece of business. And like I showed in the customers buy more over time slide, it's a multiyear process to get in and expand and find new use cases and sell more, especially for somebody that today doesn't do business with us, I mean we're going right into the heart of their data center and it's not a trivial pizza box stack that we just throw in there and walk away. It's a lifelong engagement and relationship. So you've got to build that trust, you've got to build it on execution and you have to build it on world class technology.
The other thing is, I mean, it's an incredibly subjective metric. Frankly, if we hit 20 VIPRIONs in one of those accounts, it's pretty penetrated. So it's just a number we've used for about 3 now. I mean, we just look at number of boxes under maintenance.
Okay, thanks for -- we're through the 4.5 hours with us. I hope you find it useful and no doubt, we'll be talking to each other throughout the year. Thanks.