DETAILED ACTION
The instant application having Application No. 16/408,359 filed on 9 May 2019 where claims 1-20 are presented for examination by the examiner.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Examiner Notes
Examiner cites particular paragraphs or columns and lines in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.





Information Disclosure Statement
As required by M.P.E.P. 609, the applicant’s submissions of the Information Disclosure Statement dated 9 May 2019 is acknowledged by the examiner and the cited references have been considered in the examination of the claims now pending.


Allowable Subject Matter
Claims 6-13, 15-17, and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-5, 14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Folco et al. (U.S. 2018/0053001) (Hereinafter Folco – art of record, see IDS dated 9 May 2019) in view of Asawa et al. (U.S. 2019/0235906) (Hereinafter Asawa).
As per claim 1, Folco discloses a method of changing containerized workload isolation in a system having one or more compute nodes each having a host kernel (see for example Folco, this limitation is disclosed such that there is a method of performing live migration of a container to a VM; paragraph [0011]. The containers are isolated systems (i.e. “containerized workload isolation) that use an operating-system-level virtualization method of a control host (i.e. claimed “one or more compute nodes”) using a kernel (i.e. claimed “each having a host kernel”); paragraph [0014]), the method comprising: 
containerizing workload using a default container runtime, wherein the default container runtime has one or more containers on a compute node using resource limiting capabilities of the compute node's host kernel (see for example Folco, this limitation is disclosed such that the system includes a container hypervisor (i.e. claimed “default container runtime”) that provides a set of Linux containers 110, 120, 130 (i.e. “default container runtime” that runs “one or more containers”) and management tools that provide isolation using the operating-system-level virtualization method of the control host using its kernel; paragraph [0014], Fig.1 Items 110, 120, 130, 140 and associated text. An application runs in the container (i.e. there is a “containerize[ed] workload”); paragraph [0012]); 
migrating, in response to detection of a triggering factor, at least some of the containerized workload running in the one or more containers of the default container runtime to one or more virtual machines (VMs) launched by a standby container runtime, wherein the triggering factor is selected from the group consisting of a perceived threat, a compliance requirement change, and combinations thereof (see for example Folco, this limitation is disclosed such that a container is migrated to a VM (i.e. claimed “migrating...at least some of the containerized workload running in the one or more containers…to one or more virtual machines (VMs)”) when there is a problem such that a monitoring tool detects some potential security flaws, there is performance problems in the container, or an application in the container does not behave well (i.e. claimed “in response to detection of a triggering factor…wherein the triggering factor is selected from the group consisting of a perceived thread, a compliance requirement change, and combinations thereof”); paragraph [0012]. The VM is created and run by a VM hypervisor (i.e. claimed “standby container runtime”; paragraph [0014]).
Although Folco discloses containerizing workload using a default container runtime, wherein the default container runtime has one or more containers on a compute node using resource limiting capabilities of the compute node's host kernel, and migrating, in response to detection of a triggering factor, at least some of the containerized workload running in the one or more containers of the default container runtime to one or more virtual machines (VMs) launched by a standby container runtime, wherein the triggering factor is selected from the group consisting of a perceived threat, a compliance requirement change, and combinations thereof, Folco does not explicitly teach that a container runtime spawns one or more cgroup-based containers on a compute node using resource limiting capabilities of the compute node's host kernel including cgroups and namespaces; and migrating at least some of the containerized workload running in the one or more cgroup-based containers spawned by the container runtime.
However, Asawa discloses that a container runtime spawns one or more cgroup-based containers on a compute node using resource limiting capabilities of the compute node's host kernel including cgroups and namespaces (see for example Asawa, this limitation is disclosed such that a system uses a Docker OS-level virtualization layer (i.e. “container runtime”) to create (i.e. spawn) a new container); paragraphs [0016], [0030]. The containers are created using a combination of namespace capabilities and Cgroups; paragraph [0036]. The containers run on top of the kernel of the host platform in order to enable isolation, relying on the kernel’s functionality; paragraphs [0018]-[0019]); and
migrating at least some of the containerized workload running in the one or more cgroup-based containers spawned by the container runtime (see for example Asawa, this limitation is disclosed such that one or more containers are migrated; paragraph [0044]. The containers created using Cgroups (paragraph [0036]) are running applications (i.e. “containerized workload running in the one or more cgroup-based containers” that is migrated as part of migrating the containers); paragraph [0005]).
Folco in view of Asawa is analogous art because they are from the same field of endeavor, virtualization.
It would have been obvious to one of ordinary skill in the art at the time the application at hand was filed to modify the method as taught by Folco by using Cgroups and namespaces in container creation as taught by Asawa because it would enhance the teaching of Folco with an effective means of completely isolating a container application’s view of operating environments (as suggested by Asawa, see for example paragraph [0019]).
As per claim 2, Folco in view of Asawa discloses the method as recited in claim 1, wherein migrating at least some of the containerized workload is performed without service interruption (see for example Folco, this limitation is disclosed such that the migration of the paragraph [0004]).
As per claim 3, Folco in view of Asawa discloses the method as recited in claim 1 (see rejection of claim 1 above). Folco does not explicitly teach the limitation wherein the default container runtime is a cgroup and namespace based container runtime.
However, Asawa discloses the limitation wherein the default container runtime is a cgroup and namespace based container runtime (see for example Asawa, this limitation is disclosed such that Docker OS-level container virtualization (i.e. a “default container runtime”) creates containers using Cgroups and namespaces (i.e. claimed “cgroup and namespace based container runtime”); paragraph [0036]).
It would have been obvious to one of ordinary skill in the art at the time the application at hand was filed to modify the method as taught by Folco by using Cgroups and namespaces in container creation as taught by Asawa because it would enhance the teaching of Folco with an effective means of completely isolating a container application’s view of operating environments (as suggested by Asawa, see for example paragraph [0019])
As per claim 4, Folco in view of Asawa discloses the method as recited in claim 3, wherein the standby container runtime is a VM based container runtime (see for example Folco, this limitation is disclosed such that the VMs are created and run by a VM hypervisor (i.e. “standby container runtime is a VM based container runtime”); paragraph [0014]).  
As per claim 5, Folco in view of Asawa discloses the method as recited in claim 1, wherein the standby container runtime is VM based container runtime (see for example Folco, this limitation is disclosed such that the VMs are created and run by a VM hypervisor (i.e. “standby container runtime is a VM based container runtime”); paragraph [0014]).  
one or more processors, one or more computer readable storage devices, and program instructions stored on at least one of the one or more computer readable storage devices for execution by at least one of the one or more processors (see for example Folco, this limitation is disclosed such that the system includes processors 320 and storage devices 330 with computing programs 333 for execution by the processors; paragraph [0006], Fig.3 and associated text). Thus, claim 14 is also rejected under the same rationales as cited in the rejection of claim 1.
Regarding claim 18, it is a product claim having similar limitations cited in claim 1. Moreover, Folco in view of Asawa discloses a computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by a processor (see for example Folco, this limitation is disclosed such that there is a computer readable storage medium having computer program instructions thereon for causing the processor to carry out the invention; paragraph [0023], Fig.3 and associated text). Thus, claim 18 is also rejected under the same rationales as cited in the rejection of claim 1.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Nijhawan et al. (U.S. 2019/0332413) discloses migration of services/applications of infrastructure management virtual machines (IMVMs) to containers (e.g. docker or Linux paragraph [0010].


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN R LABUD whose telephone number is (571)270-5174.  The examiner can normally be reached on Monday - Thursday 10am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.


If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, EMERSON PUENTE can be reached on (571)272-3652.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 






/JONATHAN R LABUD/            Examiner, Art Unit 2196