This is partly true. It’s worth noting that Canonical/Ubuntu has the same certifications such as DISA/STIG and FIPS, and runs quite a bit in highly sensitive environments, often bundled by ISVs, such as VMware or Pivotal, where I’ve worked.
Red Hat makes more money because they’re an enterprise software company and everyone thinks they’re just an OSS services company. They’re that too, but they are far more sophisticated than these articles claim.
At the core is that Red Hat’s distro is perceived as more of a standard by the ISV community that certified their software against it. Red Hat does a masterful job of playing both sides of openness - open copyright, closed trademark. They’re pure open source… but they fork most of the upstream with their own branded project version, and convince companies to certify against the proprietary trademarked offering. Automated upgrades and most documentation are behind a paywall. But they also have some of the best security responsiveness and extended support (up to 10 years?) in the industry to make up for it.
Beyond Linux, they also meet customers where they’re at by watching the competition and customers, and pivoting when they need to. Customers seem to like a competitors product more? They find the next leapfrog angle and invest years in it, dumping the old. OpenShift was rewritten 3 times before hitting paydirt! That’s good business sense. OpenShift trying to take on vSphere, Ceph evolving into an enterprise storage player, etc. These aren’t simple moves.
This dance of subtle open/closed aspects a great business model, and hard to replicate: open in code, but closed in the direction the money must flow. Most business folks don’t have the patience to weave this narrative, which takes years of reputation building. And it’s required alongside all the other “build a product people want” difficulty.
IBM also loves this model: “WebSphere” certification over “Java EE”, for example. Hence “OpenShift” certification over Kubernetes, or “RHEL” over Linux.
Red Hat "fork[ing] most of the upstream" is not telling the whole story. Yes, Red Hat works with upstream code, does additional QE/QA and certification as needed and make that available to customers on a subscription. Changes, improvements, bugfixes etc are all also sent back upstream. It is a two way street. Not a one way "take from upstream only" model. If that was the model, Red Hat would have not survived to thrive. Upstream First is the default for Red Hat.
Red Hat's code base is a mix of GPLv2/v3, MIT, BSD, Apache - ie, it spans the entire open source licensing spectrum from protective copyleft (GPL) to non-protective (BSD, Apache, MIT). Red Hat is only obligated to release code to GPL code that it ships to customers, but Red Hat goes above and beyond and ships all code that it worked on or otherwise to customers. There is ZERO value in holding back code/fixes etc. Pushing that upstream empowers the whole global community (yes, including competitors). Not doing so will result in fragmentation of the various open source code bases and downstream products.
Trademarks are not the same as copyright. Trademarks tell the receiver who it represents. It is the identity of the entity. So, that is protected and I think that is very fair.
> Red Hat makes more money because they’re an enterprise software
That was my immediate thought on reading the GP. HAving been in a few Red Hat meetings to discuss possibly using some software of theirs recently, the meetings were indistinguishable from how a meeting with VMware or Veeam goes. They are a company providing enterprise solutions.
That's not meant negatively, that's just what they are, and if you're in the market for an enterprise solution then you appreciate that these companies exist. You get assurances that what you get works as advertised or the provider spends time and effort making it work as they advertised, and you aren't spending your (limited) engineer talent to do so when it can be spent on areas that aren't easily served by throwing some money at it or the cost benefit ratio is far more in your favor.
> OpenShift trying to take on vSphere, Ceph evolving into an enterprise storage player, etc. These aren’t simple moves.
Except it isn't. One of those meetings I had? It was for Red Hat to tell me that they don't really have a good competitor to vSphere anymore, since the RHV platform is being EOL'd and they're getting out of that game. Sure, you can run a VM in OpenShift now, as long as that VM lives in a container and is part of a k8s cluster. The path to success for virtualization with Red Hat is Kubernetes or bust, I guess.
> Sure, you can run a VM in OpenShift now, as long as that VM lives in a container and is part of a k8s cluster. The path to success for virtualization with Red Hat is Kubernetes or bust, I guess.
Yes, that's the plan as far as I can tell. The demand for "vSphere but cheaper" is omnipresent. OpenStack and RHV failed, but OpenShift (and ACM) represents a new opportunity and foundation to take a run at vSphere. It will be hard - folks usually vastly underestimate how much smart engineering has gone into that layer.
Canonical don't have the heft to compete against Red Hat, and especially not IBM + Red Hat. If Wikipedia's figures are right, Red Hat employs more people maintaining the kernel and RHEL packages than Canonical employs in total. This matters a lot for government and other large customers.
The companies that do have the scale needed to compete are the cloud vendors who are rolling out various certified cloud instances, and in the case of Microsoft/Azure, AMD-based confidential computing.
Probably oversimplifying, but I get the feeling that Red Hat's compliance-enabled versions are for enterprise companies who need Linux, and Canonical's compliance-enabled versions are for smaller tech companies (or once-smaller ones) who need compliance.
It’s not about Canonical’s employee count, and frankly it’s not about Linux - that’s a shrinking revenue base. You’re also ignoring that Ubuntu was the leader in cloud for Linux for many years, mostly due to the lagging kernel releases when things like Docker arose, but also smart marketing moves on their part.
It’s about the apps and the datacenters. The hyperscalers are formidable competitors, so it’s all about OpenShift becoming the new multi-cloud operating system across them.
Red Hat makes more money because they’re an enterprise software company and everyone thinks they’re just an OSS services company. They’re that too, but they are far more sophisticated than these articles claim.
At the core is that Red Hat’s distro is perceived as more of a standard by the ISV community that certified their software against it. Red Hat does a masterful job of playing both sides of openness - open copyright, closed trademark. They’re pure open source… but they fork most of the upstream with their own branded project version, and convince companies to certify against the proprietary trademarked offering. Automated upgrades and most documentation are behind a paywall. But they also have some of the best security responsiveness and extended support (up to 10 years?) in the industry to make up for it.
Beyond Linux, they also meet customers where they’re at by watching the competition and customers, and pivoting when they need to. Customers seem to like a competitors product more? They find the next leapfrog angle and invest years in it, dumping the old. OpenShift was rewritten 3 times before hitting paydirt! That’s good business sense. OpenShift trying to take on vSphere, Ceph evolving into an enterprise storage player, etc. These aren’t simple moves.
This dance of subtle open/closed aspects a great business model, and hard to replicate: open in code, but closed in the direction the money must flow. Most business folks don’t have the patience to weave this narrative, which takes years of reputation building. And it’s required alongside all the other “build a product people want” difficulty.
IBM also loves this model: “WebSphere” certification over “Java EE”, for example. Hence “OpenShift” certification over Kubernetes, or “RHEL” over Linux.