Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to claims filed 12/10/20.
Claims 1-20 are pending.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 of U.S. Patent No. 10,168,949 B1 as exemplified in the table below. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of ‘949 are narrower in scope and anticipate the instant claims.

Instant Application
10,168,949
1. A method for pulling a snapshot of data for a virtual machine of a tenant executing 

allocating a computing resource of the multitenant compute infrastructure associated with the tenant to an envoy,

the computing resource including a virtual disk, the envoy being connected with the virtual machine and providing a data management and storage (DMS) cluster including peer DMS nodes with access to the virtual machine;
providing, by the envoy, the DMS cluster access to the virtual machine via a virtual tenant network of a tenant;


generating the snapshot of the virtual machine;

storing the snapshot of the virtual machine in the virtual disk; and























the DMS cluster being without direct access to an infrastructure network of the multi-tenant compute infrastructure.


further comprising allocating a computing resource of the multi-tenant compute infrastructure to the envoy.

establishing a connection between an envoy of the tenant and a data management and storage (DMS) cluster including peer DMS nodes, the envoy being connected with the virtual machine via a virtual tenant network of the multi-tenant compute infrastructure, the envoy providing the DMS cluster access to the virtual machine via the virtual tenant network;

generating the snapshot of the virtual machine; and

sending the snapshot from the virtual machine to a peer DMS node via the 

wherein: the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure;

the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;



the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and

the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.


Similar claim mappings of the remaining claims would have been obvious to a person having ordinary skill in the art but have been omitted for the sake of brevity.

Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/200,505 (reference application) as exemplified in the table below. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims are almost verbatim, the claims differ only in that ‘505 positively . This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Instant Application
16/200,505
19. A multi-tenant compute infrastructure, comprising:

a first virtual machine of a tenant of the multi-tenant compute infrastructure; and

an envoy allocated from a computing resource of the multi-tenant compute infrastructure, the computing resource including a virtual disk, the envoy being connected to the first virtual machine via a virtual tenant network, the envoy being a second virtual machine within the multi-tenant compute infrastructure, the envoy configured to:


providing a data management and storage (DMS) cluster access to the first virtual machine via the virtual tenant network;
generate a snapshot of the first virtual machine;
the DMS cluster being without direct access to an infrastructure network of the multi-tenant compute infrastructure.


store the snapshot of the first virtual machine in the virtual disk; and

send, via the envoy, the snapshot to a peer DMS node of a DMS cluster from the virtual disk,


a first virtual machine of a tenant of the compute infrastructure;

a virtual tenant network; and
an envoy allocated from a computing resource of the multi-tenant compute infrastructure, the envoy being connected to the first virtual machine via the virtual tenant network, the computing resource including a virtual disk, the envoy being a second virtual machine within the multi-

establish a connection with a data management and storage (DMS) cluster including peer DMS nodes to provide the DMS cluster access to the first virtual machine via the virtual tenant network;
generate, via the envoy, a snapshot of the first virtual machine by the DMS cluster without a direct access to an infrastructure network independent from the virtual tenant network;

store the snapshot of the first virtual machine in the virtual disk; and

send the snapshot to a peer DMS node of the DMS cluster from the virtual disk via the connection.


Similar claim mappings of the remaining claims would have been obvious to a person having ordinary skill in the art but have been omitted for the sake of brevity.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


10.	Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 19 includes no explicit recitation of any hardware component, nor do the claims include any component which must be interpreted solely as hardware. The claim comprises “a first virtual machine …” and “an envoy … being a second virtual machine …”. According to the specification in at least ¶ [0004] “virtualization allows virtual machines to be created and decoupled from the underlying physical hardware”. Therefore, each of the components of the claimed multi-tenant compute infrastructure are virtual components wherein the virtualized components are decoupled from the underlying physical hardware and are thus each merely software. Consequently, when all of the components of the claim are software, applicant’s claims are directed to software per se, which does not fall into one of the four statutory categories of invention.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1, 3, 5, 8-10, 12-14 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Applicant Admitted Prior Art (hereafter AAPA).

With regard to claim 1, a method for pulling a snapshot of data for a virtual machine of a tenant (the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112]) executing on a multi-tenant compute infrastructure, the method comprising (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources in at least abstract and ¶ [0033] and Fig. 1 and 6):
allocating a computing resource of the multitenant compute infrastructure associated with the tenant (MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants. Various management related tasks performed by MTVMI management application 115 may include, as examples, authenticating users, allocating CPU time and storage space among different tenants, maintaining logical isolation between different tenants, tracking each tenant's usage of MTVMI 100, and many others in at least ¶ [0049])
to an envoy, (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management 
the envoy being connected with the virtual machine and providing a data management and storage (DMS) cluster including peer DMS nodes with access to the virtual machine (Within MTVMI 100, virtual infrastructure 105 comprises both a physical platform for running virtual machines, virtual storage, and virtual network, and a software platform enabling the creation and management of the virtual machines, virtual storage, and virtual network in at least ¶ [0041] – [0042] and virtual infrastructure 105 comprises a plurality of network nodes 605, a plurality of virtual machine host nodes 610, and a plurality of storage nodes 615, each of which can be implemented using either general purpose commodity server hardware or server hardware more specialized to the roles of network processing, virtual machine execution, and high-volume reliable storage, respectively in at least ¶ [0069] and ¶ [0046])
the computing resource including a virtual disk (The virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine  in at least ¶ [0046] and the user may have access to a virtual local disk in at least ¶ [0061]),
providing, by the envoy, the DMS cluster access to the virtual machine via a virtual tenant network of a tenant (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049]);
generating the snapshot of the virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142]);
storing the snapshot of the virtual machine in the library (When a snapshot is generated, complete state for each of the virtual machines is stored in the library. After the snapshot is generated, this item may be selected from the library in order to instantiate any number of new instances of the set of virtual machines that were the subject of the snapshot in at least ¶ [0112]); and
sending, via the envoy, the snapshot to a peer DMS node of a DMS cluster from the library (then a user initiates an operation to instantiate a Snapshot copy of a virtual data center, in some embodiments, the MTVMI management application orchestrates the necessary steps to instantiate the virtual data center. This includes instructing the Network Manager component to assign a dedicated VLAN for each of the Network objects referenced in the virtual data center configuration and create dedicated instances of network services in each of the VLANs with configuration parameters as specified with the attributes of the Network object. This also includes instructing the Storage Manager to make the required disk objects accessible to the virtual machines that will be instantiated in the virtual data center. This also includes instructing the VM Manager to allocate resources for running the virtual machines, configuring the CPU/RAM and network interface attributes of the virtual machines to meet the 
Astete does not explicitly recite storing the snapshot in the virtual disk, however, Astete teaches “the virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine, and may also include memory contents of the virtual machine, and/or processor state for the virtual machine, including contents for registers including program counters. In some embodiments, a user may upload a virtual machine image generated outside the MTVMI. This virtual machine image can be stored in the library, and instantiated by the MTVMI in a virtual data center” in at least ¶ [0046] and thus it would have been obvious to person having ordinary skill in the art prior to the effective filing date of the claimed invention that Astete teaches storing the snapshot of the virtual machine in the virtual disk because the complete state of a virtual machine is stored as an image, including contents of the disk volume and the image may be stored in the library. Therefore, when taking a snapshot of a virtual machine, as in ¶ [0112] and [0142] – [0143] and storing in the library, the snapshot would be a complete state of the virtual and thus would be an image, including contents of the disk volume, and therefore would have been obvious to store the snapshot in the virtual disk.
Astete does not explicitly recite that the DMS cluster, via the envoy, is without direct access to an independent network.
the DMS cluster without direct access to an infrastructure network of the multi-tenant compute infrastructure (While users may desire to have their applications and data be machine-agnostic, it typically is not easy to port applications and data between different platforms. Furthermore, multi-tenant compute infrastructures that host multiple tenants on shared hardware may restrict (e.g., external) access to the virtual machines of each tenant, and the virtual tenant network that connect the virtual machines in at least instant specification ¶ [0004]);
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the DMS cluster, via the envoy, is without direct access to an independent network of AAPA with the systems and methods of Astete resulting in the DMS cluster, via the envoy, of Astete being restricted from access to independent networks as in AAPA. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, as it would merely be a simple substitution of one known element for another to obtain predictable results. Astete teach the claimed invention (see mapping above) which differed only in that they do not explicitly recite that the DMS cluster, via the envoy, is without direct access to an independent network which is substituted with the same virtualized environment merely without stating the restricted access. This substituted restricted access was known in the art, see at least instant specification ¶ [0004]. A person having ordinary skill in the art could have substituted the one known element for the other resulting in the predictable results that he DMS cluster, via the envoy, of Astete being restricted from access to independent networks as in AAPA.

With regard to claim 3, Astete teaches restricting access by the DMS cluster to the infrastructure network connecting physical machines including a physical machine that executes the virtual machine (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific objects (e.g., virtual data centers, virtual machines, data files, etc.) within the MTVMI as described earlier in at least ¶ [0146]).

With regard to claim 5, Astete teaches wherein the infrastructure network includes a virtual tenant network, and wherein the virtual tenant network use different network layers and share a physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105),

With regard to claim 8, Astete teaches wherein the DMS cluster includes a distributed data store implemented across the peer DMS nodes, and the method further includes storing the snapshot of an application in the distributed data store (Within virtual infrastructure 105, different functional components can be roughly 

With regard to claim 9, Astete teaches wherein the computing resource is allocated to the envoy while the virtual machine is executing on the multi-tenant compute infrastructure (Once resources have been configured for the virtual data center, in step 225, the tenant may continue to perform maintenance and monitoring on its virtual data center while the virtual data center is being used by the tenant's users. The maintenance and monitoring may include upgrading and patching various components, modifying the set of users associated with the tenant, measuring the resource usage by different users, and so on in at least ¶ [0056] and the infrastructure may execute a virtual data centers on physical machines within the infrastructure, while users control the virtual machines through personal computers connected to the infrastructure via the Internet in at least ¶ [0031]).

With regard to claim 10, Astete teaches generating another snapshot of another virtual machine in parallel with generating the snapshot of the virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142], multiple nodes may create snapshot therefore generation of snapshot from another node is acting as another envoy generating snapshot and snapshots may be generated for one or more virtual machines, another virtual machine); and
sending the parallel snapshot to the DMS cluster (When a snapshot is generated, complete state for each of the virtual machines is stored in the library. After the snapshot is generated, this item may be selected from the library in order to instantiate any number of new instances of the set of virtual machines that were the subject of the snapshot in at least ¶ [0112]).

With regard to claim 12, Astete teaches generating a data fetch job for the virtual machine (in response to a retrieval request for particular data that is stored on each of multiple storage nodes, which node to retrieve the data from in at least ¶ [0080]);
placing the data fetch job in a job queue accessible to the peer DMS nodes to schedule the data fetch job; and retrieving the data fetch job from the job queue (the MTVMI management application will maintain runtime information about the virtual data center, including … queue of pending operations on the virtual data center in at least ¶ [0140]); and
in response to retrieving the data fetch job, generating the snapshot of the virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142]).

With regard to claim 13, Astete teaches wherein the peer DMS node generates the data fetch job and places the data fetch job in the job queue stored in a distributed database of the DMS cluster (client processes 655 execute storage management intelligence which, among other things, determines how to allocate responsibilities to individual storage nodes. For example, the client processes determine: for particular data that is to be stored, on what storage node(s) to store it; when to move particular data from one storage node to another; when to replicate data on one storage node to another; and, in response to a retrieval request for particular data that is stored on each of multiple storage nodes, which node to retrieve the data from in at least ¶ [0080]).

With regard to claim 14, Astete teaches wherein the envoy retrieves the data fetch job from the job queue (the MTVMI management application will maintain runtime information about the virtual data center, including … queue of pending operations on the virtual data center in at least ¶ [0140]).

With regard to claim 16, Astete teaches wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific objects (e.g., virtual data centers, virtual machines, data files, etc.) within the MTVMI as described earlier in at least ¶ [0146]).

With regard to claim 17, Astete teaches wherein virtual tenant network and the second virtual tenant network use different network layers and share a physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105).

Claims 2 and 19-20 is rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Applicant Admitted Prior Art (hereafter AAPA) as applied to claims 1, 3, 5, 8-10, 12-14, and 16-17 above and in further view of Piccinini et al. Pub. No. US 2017/0060569 A1 (hereafter Piccinini).

With regard to claim 2, Astete and AAPA teach the method of claim 1,
Astete and AAPA do not specifically teach that the envoy executes as a virtual machine of the tenant.
However, in analogous art Piccinini teaches wherein the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure (the service agent 335t may start cloning the target individual data of each target tenant into corresponding (auxiliary) individual data of the target tenant in the auxiliary instance in at least ¶ [0037] - [0038] and Fig. 3, service and deployment agents execute within virtual machine of tenant on the multi-tenant compute infrastructure).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the envoy executes as a virtual machine of the tenant of Piccinini with the systems and methods of Astete and AAPA resulting in the envoy of Astete executing in a virtual machine of the tenant as in Piccinini. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of leveraging the rapid provision, configuration and release of hardware and software resources of a cloud computing infrastructure for 

With regard to claim 19, a multi-tenant compute infrastructure, comprising (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources in at least abstract and ¶ [0033] and Fig. 1 and 6):
a first virtual machine of a tenant of the multi-tenant compute infrastructure (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources via the Internet in at least abstract and Fig. 1 and 6); and
an envoy allocated from a computing resource of the multi-tenant compute infrastructure (MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants. Various management related tasks performed by MTVMI management application 115 may include, as examples, authenticating users, allocating CPU time and storage space among different tenants, maintaining logical isolation between different tenants, tracking each tenant's usage of MTVMI 100, and many others in at least ¶ [0049]),
the envoy being connected to the first virtual machine via a virtual tenant network (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 
the computing resource including a virtual disk (The virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine  in at least ¶ [0046] and the user may have access to a virtual local disk in at least ¶ [0061]),
the envoy configured to: providing a data management and storage (DMS) cluster access to the first virtual machine via the virtual tenant network (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049] and Within MTVMI 100, virtual infrastructure 105 comprises both a physical platform for running virtual machines, virtual storage, and virtual network, and a software platform enabling the creation and management of the virtual machines, virtual storage, and virtual network in at least ¶ [0041] – [0042] and virtual infrastructure 105 comprises a plurality of network nodes 605, a plurality of virtual machine host nodes 610, and a plurality of storage nodes 615, each of which can be implemented using either general purpose commodity server hardware or server hardware more specialized to the roles of network processing, virtual machine execution, and high-volume reliable storage, respectively in at least ¶ [0069] and ¶ [0046]);
generate a snapshot of the first virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for 
store the snapshot of the first virtual machine in the library (When a snapshot is generated, complete state for each of the virtual machines is stored in the library. After the snapshot is generated, this item may be selected from the library in order to instantiate any number of new instances of the set of virtual machines that were the subject of the snapshot in at least ¶ [0112]); and
send, via the envoy, the snapshot to a peer DMS node of a DMS cluster from the library (then a user initiates an operation to instantiate a Snapshot copy of a virtual data center, in some embodiments, the MTVMI management application orchestrates the necessary steps to instantiate the virtual data center. This includes instructing the Network Manager component to assign a dedicated VLAN for each of the Network objects referenced in the virtual data center configuration and create dedicated instances of network services in each of the VLANs with configuration parameters as specified with the attributes of the Network object. This also includes instructing the Storage Manager to make the required disk objects accessible to the virtual machines that will be instantiated in the virtual data center. This also includes instructing the VM Manager to allocate resources for running the virtual machines, configuring the CPU/RAM and network interface attributes of the virtual machines to meet the specifications in the virtual data center configuration object, triggering the execution of 
Astete does not explicitly recite storing the snapshot in the virtual disk, however, Astete teaches “the virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine, and may also include memory contents of the virtual machine, and/or processor state for the virtual machine, including contents for registers including program counters. In some embodiments, a user may upload a virtual machine image generated outside the MTVMI. This virtual machine image can be stored in the library, and instantiated by the MTVMI in a virtual data center” in at least ¶ [0046] and thus it would have been obvious to person having ordinary skill in the art prior to the effective filing date of the claimed invention that Astete teaches store the snapshot of the virtual machine in the virtual disk because the complete state of a virtual machine is stored as an image, including contents of the disk volume and the image may be stored in the library. Therefore, when taking a snapshot of a virtual machine, as in ¶ [0112] and [0142] – [0143] and storing in the library, the snapshot would be a complete state of the virtual and thus would be an image, including contents of the disk volume, and therefore would have been obvious to store the snapshot in the virtual disk.
Astete does not explicitly recite that the DMS cluster, via the envoy, is without direct access to an independent network.
However, in analogous art AAPA teaches the DMS cluster being without direct access to an infrastructure network of the multi-tenant compute infrastructure 
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the DMS cluster, via the envoy, is without direct access to an independent network of AAPA with the systems and methods of Astete resulting in the DMS cluster, via the envoy, of Astete being restricted from access to independent networks as in AAPA. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, as it would merely be a simple substitution of one known element for another to obtain predictable results. Astete teach the claimed invention (see mapping above) which differed only in that they do not explicitly recite that the DMS cluster, via the envoy, is without direct access to an independent network which is substituted with the same virtualized environment merely without stating the restricted access. This substituted restricted access was known in the art, see at least instant specification ¶ [0004]. A person having ordinary skill in the art could have substituted the one known element for the other resulting in the predictable results that he DMS cluster, via the envoy, of Astete being restricted from access to independent networks as in AAPA.
Astete and AAPA do not specifically teach that the envoy executes as a virtual machine of the tenant.
the envoy being a second virtual machine within the multi-tenant compute infrastructure (the service agent 335t may start cloning the target individual data of each target tenant into corresponding (auxiliary) individual data of the target tenant in the auxiliary instance in at least ¶ [0037] - [0038] and Fig. 3, service and deployment agents execute within virtual machine of tenant on the multi-tenant compute infrastructure).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the envoy executes as a virtual machine of the tenant of Piccinini with the systems and methods of Astete and AAPA resulting in the envoy of Astete executing in a virtual machine of the tenant as in Piccinini. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of leveraging the rapid provision, configuration and release of hardware and software resources of a cloud computing infrastructure for executing the envoy within a virtual machine of the tenant such that the management of the tenant virtual machines make use of these advantages as well as providing for each tenant to have sole control over the provisioning and management of compute resources as if they were dedicated (see at least Piccinini ¶ [0022] and [0037] – [0038]).

With regard to claim 20, Astete teaches a non-transitory computer-readable medium comprising instructions that when executed by one or more processors configures the one or more processors to (A computer-readable medium storing contents adapted to cause a computing system to perform in at least claim 94 and a computing system having a processor in at least claim 90):
allocate a computing resource of a multi-tenant compute infrastructure (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources in at least abstract and ¶ [0033] and Fig. 1 and 6) associated with a tenant (MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants. Various management related tasks performed by MTVMI management application 115 may include, as examples, authenticating users, allocating CPU time and storage space among different tenants, maintaining logical isolation between different tenants, tracking each tenant's usage of MTVMI 100, and many others in at least ¶ [0049])
to an envoy, the computing resource including a virtual disk, the envoy being connected with a first virtual machine via a virtual tenant network of the multi-tenant compute infrastructure (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049] and ¶ [0075]),
the envoy providing a data management and storage (DMS) cluster including peer DMS nodes with access to the virtual machine via the virtual tenant network (Within MTVMI 100, virtual infrastructure 105 comprises both a physical platform for running virtual machines, virtual storage, and virtual network, and a software platform enabling the creation and management of the virtual machines, virtual storage, and virtual network in at least ¶ [0041] – [0042] and virtual infrastructure 105 
provide, by the envoy, the (DMS) cluster access to the first virtual machine via a virtual tenant network of a tenant (The virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine  in at least ¶ [0046] and the user may have access to a virtual local disk in at least ¶ [0061]);
generate a snapshot of the first virtual machine (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049]); and
send, via the envoy, the snapshot to a peer DMS node of a DMS cluster from the library via the connection (then a user initiates an operation to instantiate a Snapshot copy of a virtual data center, in some embodiments, the MTVMI management application orchestrates the necessary steps to instantiate the virtual data center. This includes instructing the Network Manager component to assign a dedicated VLAN for each of the Network objects referenced in the virtual data center configuration and create dedicated instances of network services in each of the VLANs with configuration parameters as specified with the attributes of the Network object. This also includes 
Astete does not explicitly recite storing the snapshot in the virtual disk, however, Astete teaches “the virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine, and may also include memory contents of the virtual machine, and/or processor state for the virtual machine, including contents for registers including program counters. In some embodiments, a user may upload a virtual machine image generated outside the MTVMI. This virtual machine image can be stored in the library, and instantiated by the MTVMI in a virtual data center” in at least ¶ [0046] and thus it would have been obvious to person having ordinary skill in the art prior to the effective filing date of the claimed invention that Astete teaches send the snapshot … from the virtual disk because the complete state of a virtual machine is stored as an image, including contents of the disk volume and the image may be stored in the library. Therefore, when taking a snapshot of a virtual machine, as in ¶ [0112] and [0142] – [0143] and storing in the library, the snapshot would be a complete state of the virtual and thus would be an image, including contents of the disk volume, and therefore would have been obvious to store the snapshot in the virtual disk.

However, in analogous art AAPA teaches the DMS cluster being without direct access to an infrastructure network of the multi-tenant compute infrastructure (While users may desire to have their applications and data be machine-agnostic, it typically is not easy to port applications and data between different platforms. Furthermore, multi-tenant compute infrastructures that host multiple tenants on shared hardware may restrict (e.g., external) access to the virtual machines of each tenant, and the virtual tenant network that connect the virtual machines in at least instant specification ¶ [0004]);
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the DMS cluster, via the envoy, is without direct access to an independent network of AAPA with the systems and methods of Astete resulting in the DMS cluster, via the envoy, of Astete being restricted from access to independent networks as in AAPA. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, as it would merely be a simple substitution of one known element for another to obtain predictable results. Astete teach the claimed invention (see mapping above) which differed only in that they do not explicitly recite that the DMS cluster, via the envoy, is without direct access to an independent network which is substituted with the same virtualized environment merely without stating the restricted access. This substituted restricted access was known in the art, see at least instant specification ¶ [0004]. A person having ordinary skill in the art could have substituted the one known 
Astete and AAPA do not specifically teach that the envoy executes as a virtual machine of the tenant.
However, in analogous art Piccinini teaches the envoy being a second virtual machine within the multi-tenant compute infrastructure (the service agent 335t may start cloning the target individual data of each target tenant into corresponding (auxiliary) individual data of the target tenant in the auxiliary instance in at least ¶ [0037] - [0038] and Fig. 3, service and deployment agents execute within virtual machine of tenant on the multi-tenant compute infrastructure).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the envoy executes as a virtual machine of the tenant of Piccinini with the systems and methods of Astete and AAPA resulting in the envoy of Astete executing in a virtual machine of the tenant as in Piccinini. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of leveraging the rapid provision, configuration and release of hardware and software resources of a cloud computing infrastructure for executing the envoy within a virtual machine of the tenant such that the management of the tenant virtual machines make use of these advantages as well as providing for each tenant to have sole control over the provisioning and management of compute resources as if they were dedicated (see at least Piccinini ¶ [0022] and [0037] – [0038]).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Applicant Admitted Prior Art (hereafter AAPA) as applied to claims 1, 3, 5, 8-10, 12-14, and 16-17 above and in further view of Williams et al. Pub. No. US 2015/0188943 A1 (hereafter Williams).

With regard to claim 4, Astete and AAPA teach the method of claim 3,
Astete and AAPA do not specifically teach isolated TCP networks.
However, in analogous art Williams teaches wherein the infrastructure network includes a first transmission control protocol (TCP) network and a virtual tenant network including a second TCP network isolated from the first TCP network (the overlay network provides an encrypted mesh overlay network with independent authentication from appliance to edge, customer-specific and isolated private IP routing, multi-path delivery with data packet replication (using the approach shown in FIG. 3), and, as will be described in the context of FIG. 16, TCP termination of private TCP/IP flows … The overlay, as shown in FIG. 12, preferably is multi-tenant in that multiple customers use the encrypted mesh overlay network at the same time once the network appliances are positioned and configured in at least ¶ [0066]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the isolated TCP networks of Williams with the systems and methods of Astete and AAPA resulting in the tenant network and the MTVMI network of Astete being isolated TCP networks as in Williams. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of improving system efficiency by taking advantage of TCP .

Claims 6-7 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Applicant Admitted Prior Art (hereafter AAPA) as applied to claims 1, 3, 5, 8-10, 12-14, and 16-17 above and in further view of AHMAD et al. Pub. No. US 2011/0302415 A1 (hereafter Ahmad).

With regard to claim 6, Astete and AAPA teach the method of claim 1,
Astete and AAPA do not specifically teach sending an SSL certificate.
However, in analogous art Ahmad teaches wherein establishing the connection with the DMS cluster includes sending a secure socket layer (SSL) certificate to the DMS cluster (At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider. This step includes first obtaining the SSL certificate for the key provider and then verifying that the SSL certificate has been signed by a proper certificate authority in at least ¶ [0032]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the sending an SSL certificate of Ahmad with the systems and methods of Astete and AAPA resulting in a system in which during the establishment of a connection of Astete (with DMS cluster), an SSL certificate is sent as in Ahmad. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the 

With regard to claim 7, Astete and AAPA teach the method of claim 1, further comprising,
Astete and AAPA do not specifically teach encrypting the snapshot prior to sending.
However, in analogous art Ahmad teaches prior to sending the snapshot from the virtual machine to the peer DMS node, encrypting the snapshot (the TVP retrieves a VM configuration file corresponding to the requested virtual machine from storage. The VM configuration file provides encrypted configuration information and includes a plain text portion including the customer ID and the domain name of the customer (or "user") or the customer's trusted third party (hereinafter referred to as "key provider"). At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider in at least ¶ [0032]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the encrypting the snapshot prior to sending of Ahmad with the systems and methods of Astete and AAPA resulting in a system in which prior to sending the snapshot of Astete, virtual machine configuration file, the snapshot, is encrypted as in Ahmad. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of improving security through use of encryption and SSL and preventing unauthorized access (see at least Ahmad ¶ [0004] and [0032]).

With regard to claim 11, Astete and AAPA teach the method of claim 1, further comprising
Astete and AAPA do not specifically teach sending an SSL certificate.
However, in analogous art Ahmad teaches establishing another connection between the envoy and the virtual machine based on sending a secure socket layer (SSL) certificate to the virtual machine (At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider. This step includes first obtaining the SSL certificate for the key provider and then verifying that the SSL certificate has been signed by a proper certificate authority in at least ¶ [0032]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the sending an SSL certificate of Ahmad with the systems and methods of Astete and AAPA resulting in a system in which during the establishment of a connection of Astete (with the virtual machine), an SSL certificate is sent as in Ahmad. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of improving security through use of encryption and SSL and preventing unauthorized access (see at least Ahmad ¶ [0004] and [0032]).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Applicant Admitted Prior Art (hereafter AAPA) as applied to claims 1, 3, 5, 8-10, 12-14, and 16-17 above and in further view of Chelur et al. Pat. No. US 9,442,937 B2 (hereafter Chelur).

With regard to claim 18, Astete and AAPA teach the method of claim 1, further comprising
Astete and AAPA do not specifically teach removing the snapshot.
However, in analogous art Chelur teaches removing the snapshot from the virtual disk subsequent to sending the snapshot to the DMS node (subsequent to the storage system taking a snapshot of the volume, receiving by the hypervisor manager a second request to remove the snapshots of all of the virtual machines associated with the volume in at least claim 1).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the removing a snapshot of Chelur with the systems and methods of Astete and AAPA resulting in the snapshot taken and sent to DMS of Astete being subsequently removed as in Chelur. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of minimizing the performance impact of virtual machine snapshots on virtual machines and hypervisors (See at least Chelur col. 4 lines 10-34 and claim 1).

Response to Arguments
Applicant's arguments filed 12/10/20 have been fully considered but they are not persuasive. Applicant argues in substance:

Astete teaches a MTVMI management application 115 that controls and monitors interactions between tenants and MTVMI 100 … Astete does not teach either of the MTVMI 100 or the MTVMI management application 115, same as the DMS cluster via the envoy, generates snapshot without a direct access to a network of the compute infrastructure (e.g., the “infrastructure network” as recited) independent from the network connecting tenants (e.g., the “tenant network” as recited), within the meaning of “generating, via the envoy, the snapshot of the first virtual machine by the DMS cluster without a direct access to an infrastructure network independent from the virtual tenant network” as recited in the amended claim 1. None of the art cures the deficiency of Astete.
Astete teaches a MTVMI management application 115 that controls and monitors interactions between tenants and the overall compute infrastructure MTVMI 100. (See Paragraph 0049). Astete also teaches the MTVMI management application 115 resides within the overall MTVMI 100 instead of within the tenant infrastructure. (See FIG. 1 where the item 115 resides in MTVMI 100 instead of the tenant 130 on the left; also see FIG. 6 where item 115 resides within the MTVMI 100 instead of the tenant on the left.). Therefore, Astete fails to teach MTVMI management application 115, same as the “envoy” as recited, resides within “the multi-tenant compute infrastructure,” within the meaning of “allocating a computing resource of the multi-tenant compute infrastructure associated with the tenant to an envoy, the envoy being connected with the first virtual machine via a virtual tenant network of the multi-tenant compute infrastructure, the envoy providing a data management and storage (DMS) cluster including peer DMS nodes with access to the first virtual machine via the virtual tenant network, the computing resource including a virtual disk, the envoy being a second virtual machine within the multi-tenant compute infrastructure” as recited in the amended claim 20.
With regard to point (a), Examiner respectfully disagrees with Applicant. Notwithstanding that, in the art, a virtual machine (on which the envoy is embodied) itself does not ordinarily has a direct access to an independent network, Examiner has not relied upon Astete to teach the newly claimed feature prohibiting direct access to an independent network. Examiner has relied upon AAPA to teach that an environment may be such that the envoy/virtual machine does not have direct access to an independent network and such an environment would merely be a simple substitution. Examiner directs Applicant’s attention to the detailed mapping in the rejection above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Argument has not been found to be persuasive.
With regard to point (b), Examiner respectfully disagrees with Applicant. First, the envoy residing within the multi-tenant compute infrastructure does not prohibit the envoy from residing in the virtual portion of the infrastructure. The virtual multi-tenant compute infrastructure is a portion of the overall infrastructure and therefore residing within that portion still satisfies residing within the multi-tenant compute infrastructure. Second, Examiner has not relied upon Astete to teach the newly claimed feature wherein the envoy is a second virtual machine. Examiner has relied upon Piccinini to teach that the envoy may be a second virtual machine. Examiner directs Applicant’s attention to the detailed mapping in the rejection above. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Argument has not been found to be persuasive.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner respectfully requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist Examiner in prosecuting the application.

When responding to this Office Action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections.  See 37 CFR 1.111(c).

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY A TEETS whose telephone number is (571)272-3338.  The examiner can normally be reached on Monday - Friday, 6am-2pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng An can be reached on 5712723756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/BRADLEY A TEETS/Primary Examiner, Art Unit 2195