Dirk-Peter van Leeuwen has been CEO at SUSE since May 2023. Since then, the IT world has been rocked by AI, open source struggles and sweeping cost savings campaigns. The SUSE CEO views the future with confidence, but, “Under competitive pressure, decisions are often made without enough care.”
Van Leeuwen is referring to vendor lock-in, which keeps rearing its ugly head. Companies keep choosing IT solutions that they’re stuck with down the road. The best-known recent example is VMware, which, since its acquisition by Broadcom, has caused upheaval with licensing changes that demand eye-watering sums of money for smaller businesses. But elsewhere, too, parties are trying to exploit their acquired dominance for higher profit margins. The losers are the IT teams who suddenly have to knock on management’s door to get funding for sky-high licensing fees.
In the infrastructure world of SUSE, the current, slightly less-derided bogeyman is Red Hat. Last year, it shut down the source code to the widely used Red Hat Enterprise Linux (RHEL) – much to the concern and annoyance of the open source community, which gratefully used free RHEL alternatives that built on Red Hat’s work. CentOS Linux, Red Hat’s free RHEL variant, was used 20 times more than the paid-for RHEL, but that distribution has now been discontinued. Alternatives like Alma Linux and Rocky Linux had to fork, while SUSE announced it would do the same backed by a $10 million investment. To top it off, Red Hat ended support for RHEL 7 as of June 30 of this year. However, SUSE has since offered a way out for all RHEL and CentOS users.
Customer philosophy
Those currently running on CentOS or RHEL 7 can purchase extra years of support from SUSE. SUSE Liberty Linux, the “no-migration” replacement for the Red Hat-based OS, smoothly takes over the critical enterprise role from RHEL and provides further years of support. Thanks to SUSE, CentOS 7 will remain safe to use until June 30, 2028. That leaves end users with plenty of time to think about migrations at their own pace.
From a higher vantage point, SUSE simply has a different philosophy for its own customer base than the likes of Red Hat. Ending support often kicks the roadmaps of organizations into disarray, Van Leeuwen argues. He says that organizations may want to be fully cloud-native within two years, but are forced to disrupt their stable infrastructure before making the jump. “That’s just not necessary. I see that frustration on a regular basis, and people are looking for an alternative. We are that alternative.”
According to Van Leeuwen, the RHEL upheaval was also the right time to ensure freedom of choice. “The principle of open source is that you don’t pay for the intellectual property, but you do pay for the services and support, which is important to keep it running. In this industry, only a small number of companies can do that.” In addition, Red Hat’s closing off of RHEL was suddenly a good test of organizational dependency. This was a phenomenon that was emphatically repeated for many companies when VMware’s licensing changes took hold. In the case of RHEL, the open source world is saving the IT community from the bulk of the pain.
Those who still need convincing can take a look at SUSE’s track record. For example, the company has been working with car brand BMW since 2007, and Deutsche Bank recently announced that it is entrusting support for its own Red Hat environment to SUSE. “As a result, they don’t have to do upgrades when Red Hat wants them to,” Van Leeuwen says.
Incidentally, he notes that Red Hat is exaggerating a tad when it comes to its RHEL strategy shift. When it announced it was shutting down RHEL to third parties, Principal Specialist Solution Architect at Red Hat Magnus Glantz complained about the “free beer” that a party like Rocky Linux would demand. Van Leeuwen points out that SUSE actually makes proportionately more contributions to open source and Linux than Red Hat. Indeed, the contributions are similar, while SUSE had only 2,300 employees in 2023 and Red Hat currently employs 19,000 by its own count. “Red Hat also owes its success to the fact that it is open source,” he says.
SUSE AI
As mentioned, organizations are repeating the same mistakes with choices that lead to lock-in. Right now, that may revolve around AI choices, mostly based on hype rather than nuance. There are many “AI-like” solutions, Van Leeuwen said, “but until now we just called that automation.”
SUSE’s AI approach has now been laid out under the unsurprisingly named SUSE AI. It includes an architectural strategy, a vision of a mature private AI approach, but not really a product. That’s how we described it when SUSE announced it at SUSECON in June. Was it right to see it that way? “That was kind of the intent,” says Van Leeuwen. “My vision for the company has been: we are an infrastructure player, so we shouldn’t become an AI app developer. We want to provide infrastructure where everything runs best, where it’s at its safest and most stable on it. This means you can’t ignore AI. AI workloads are the workloads of the future and we need to capitalize on that. We have the tools to run AI securely.”
Currently, SUSE has about 30 customers testing the SUSE AI architecture. Crucial to this is deep packet inspection, which checks whether data moving across the network is sensitive. This is an existing data security technique that is already being used for other workloads.
Open standards
The goal around SUSE AI is the same for SUSE as elsewhere. While the company obviously likes to help companies to transition to SUSE’s own offerings, it also supports other people’s solutions. “There are customers who barely deploy SUSE but use SUSE Manager to manage all their other solutions.” Help to move to SUSE products is available, “but that’s a somewhat bigger migration. We give customers the opportunity to buy the time they need, and then we help them on a stable path to the future.”
That future? One that embraces open standards. That is already happening, too, Van Leeuwen contends. For example, the Linux ecosystem is open enough that organizations can run dozens of different distributions in production at the same time. “No one is running just one Linux distribution or Kubernetes service,” he says. That’s because Linux can run in all kinds of infrastructures with varying system requirements. For example, SUSE itself offers SUSE Linux Enterprise Server (SLES) for data centers, while SLE Micro can be run with as little as 1GB of RAM.
In the end, this freedom of choice works out well for the end user. Van Leeuwen gives the mobile phone as a historical example here. “In the early days of the mobile phone, you got a number assigned to you by your provider. If you wanted to switch, you needed a new number and probably a different phone. Now switching is possible within seconds via eSIM and you take all your data with you.” For a long time, that philosophy did not exist at all in the software world, says Van Leeuwen. “We now provide that experience.”
And is it also secure?
A potential question mark for companies: is open source vulnerable to hackers that invade its ecosystem? Not the flavour of open source that SUSE offers, Van Leeuwen argues. The backdoor that a threat actor wanted to put into compression tool xz was blocked in the nick of time. Xz is widely used within Linux distributions, but never ended up in a SUSE distro. “That speaks to the commercial side of open source. Customers can say to us: ‘I’ll use open source software, but I’m going to pay a vendor to make sure I can apply it securely and mission-critically.'”
Therein lies precisely one strength of open source, Van Leeuwen claims. Approval of new code within open source projects requires pruning from many members of the community. “People with bad intentions are also looking at it. If I tell you in detail how the lock on my house works and you still can’t open it, that’s safer than if a burglar happens to know how your lock works.” It leads Van Leeuwen to an unequivocal conclusion: “If you want secure software, it has to be open source.”
Additionally, the danger may emerge from closed-source companies. The global IT outage caused by a CrowdStrike update is still fresh in our minds. Allowing a single company to change your infrastructure without being able to influence proceedings provides “enormous exposure to problems,” Van Leeuwen says.
Speaking of updates causing problems, that shouldn’t be possible with SUSE operating systems. It employs a file system that is different from the norm for booting the OS. Btrfs includes “self-healing” functionality by detecting a faulty update or patch – it then automatically rolls back to a previously working version. Thus, even a third-party blunder would never undermine a SUSE Linux distribution.
Conclusion
Open source is versatile, but in the enterprise IT context, it is sometimes portrayed very negatively. Such portrayals are in desperate need of some added precision: a distinction between unsupported as well as supported open source is critical, for example. SUSE can guarantee that the required checks have taken place, says Van Leeuwen. The added advantage is that you can also just check the code yourself. Therein lies the strength of the SUSE story, which can guarantee that you can also walk away from it with peace of mind.
Not many organizations will do that, and if they did, it wouldn’t be a swift process given the infrastructural needs involved. It doesn’t matter if we’re talking about SUSE’s own Kubernetes software Rancher, its Linux distributions or the container security solution NeuVector Prime: it can all be combined with or replaced by other open source options. Their vendors must therefore cooperate for that choice to happen. Van Leeuwen sees that the dream of the hybrid cloud, being able to run workloads wherever you want, is still held back by proprietary hyperscalers and closed-source, non-interoperable tools.
The only way to achieve a solution in that area is to give customers an alternative. SUSE is not alone in that regard. Just look at the united front of tech companies that, unlike Nvidia, is pushing open standards around AI infrastructure. It is similar to the battle cry of SUSE and other open source players voiced in opposition to Red Hat in the middle of last year. Many vendors have now realized that closed systems in 2024 aren’t built to last. SUSE has been aware of this fact for a long time, and time’s on their side.
Also read: SUSE AI: a vision now, a product later