Continued Examination under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/30/2020 has been entered.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/04/2020 was filed after the mailing date of the Final Rejection on 09/01/2020. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This Action is in response to RCE filed on 11/30/2020.
Claims 1, 9, 12, and 16-17 have been amended, claims 1, 12 and 17 are independent.
Claim 18 was previously cancelled by the applicant. Claim 21 has been added.
Claims 1-17 and 19-21 are presented for examination. 
Claims 1-17 and 19-21 remain pending in this application.

Response to Arguments Regarding Claim Objections
In the Final Rejection mailed on 09/01/2020, claim 17 was objected to because of minor informality. In the response filed on 11/30/2020, applicant amended the claim to obviate the objection. As a result, the respective claim objection made in the Non-Final Rejection has been withdrawn.
Response to Arguments Regarding Claim Rejections - 35 USC § 103
Applicant’s arguments with respect to rejection of claim 1 under 35 USC § 103 (against cited references to Deshmukh, Fletcher and March), regarding the amended claim limitation “wherein configuring the proxy server comprises: storing in the proxy server a cryptographic credential, wherein the cryptographic credential corresponds to the secure communication channel and is to be used by the proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server” (see page 8-11 and first 2 lines on page 12 of REMARKS, filed 11/30/2020) have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.

The Applicant's remaining amendment/ arguments with respect to rejection of claim 1 under 35 USC § 103, see page 9-11 of REMARKS, filed 11/30/2020, have been fully considered but they are not persuasive. In the response filed on 11/30/2020, applicant puts forth in substance that:
“In the § 103 rejection of claim 1, the Final Office Action relies on (Final Office Action, pp. 13 and 14) Deshmukh for the purported disclosure of disclosing causing an agent device to communicate over a public network with a proxy server to configure the proxy server, including storing in the proxy server credentials for authenticating the first storage node to use the secure communication channel. Moreover, in the § 103 rejection of claim 1, the Final Office Action labels (Final Office Action, p. 13) Deshmukh's node 118 as being or containing the proxy server of claim 1. The Final Office Action, however, errs in this factual finding, as Deshmukh fails to disclose or render obvious a proxy server, much less storing in the proxy server a cryptographic credential, as now set forth in amended claim 1. 
More specifically, Deshmukh describes the node 118 (the alleged proxy server of claim 1) as being a storage controller, with no mentioning of the node 118 being or containing a proxy server: "in an example, nodes 116, 118 comprise storage controllers (e.g., node 116 may comprise a primary or a local storage controller and node 118 may comprise a secondary or a remote storage controller) that provide client devices, such as host devices 108, 110, with access to data stored within data storage devices 128, 130." Deshmukh, para. no. [0025]. As Deshmukh fails to disclose or render obvious the claimed proxy server, it follows, Deshmukh fails to disclose or render obvious causing an agent device to communicate over a public network with a proxy server to configure the proxy server, as especially now set forth in amended claim 1.” (See page 9-10 of REMARKS, filed 11/30/2020).

In response, it is noted that the applicant’s argument against the cited reference to Deshmukh is relied on the allegation that there is no mentioning of the node being or containing a proxy server and that the node 116 being labeled as proxy server is simply a storage controller. However, in paragraph [0028], Deshmukh discusses about the server functionality of these nodes 116 and 118. More specifically, Deshmukh discloses that the nodes 116, 118 on clustered data storage systems 102, 104 are devices attached to the network as a connection point, redistribution point or communication endpoint (within a data cloud) capable of sending, receiving, and/or forwarding information over a network communications channel. One example of a node may be a data storage and management server attached to a network… and particularly configured to operate as a server in a data storage and management system. Moreover, node 118 (e.g., storage controller) is configured to provide access to a first storage aggregate comprising a logical grouping of one or more storage devices located on a storage site (see [0029]).
Since node 118 is a server device within a data cloud capable of sending, receiving, and/or forwarding information over a network in a data storage and management system, examiner articulates that node 118 is a proxy server of claim 1. The applicant’s conclusory argument that Deshmukh therefore “fails to disclose or render obvious causing an agent device to communicate over a public network with a proxy server to configure the proxy server, as especially now set forth in amended claim 1” is rendered moot as it solely relies on the allegation that Deshmukh fails to disclose or render obvious a proxy server without presenting additional reasons as to why either the findings of fact or the legal conclusion that the claims are patent ineligible under 35 USC § 103 is allegedly in error.
the agent device to communicate over a public network with the proxy server”, Examiner contends that the cited reference to Deshmukh is not different. More specifically, Deshmukh also teaches an agent device (Fig.1:116) other than a first storage node (Fig.1:128) or a second storage node (Fig.1:130). In addition, [0054] lines 21-23 teaches that the first storage controller 116 and the second storage controller 118 may be connected over a public network. Therefore, Deshmukh also teaches that the agent device (Fig.1:116) communicates over a public network with the proxy server (Fig.1:118) that is associated with a second storage node (Fig.1:130).
The applicant previously admitted (see page 11-12 of REMARKS, filed 06/04/2020), and the examiner acknowledged (also see page 4-5 of Non-Final Rejection mailed on 03/05/2020) that in paragraphs [0055]-[0059], Deshmukh states, “the first storage controller 116 may establish an access policy for providing the second storage controller 118 with access to storage resources (for facilitating secure data replication)”. This is the same as causing the agent device to communicate over a public network with a proxy server that is associated with a second storage node to configure the proxy server. In this way, the second storage controller may utilize the parameters for constructing data replication requests to send to the first storage controller for securely accessing the storage resources (also see [0058]).

Applicant's arguments for independent claim 12 (see first paragraph on page 12 of REMARKS filed 11/30/2020) appear to stem from the applicant's assertion that similarly recited limitations of claim 1 are allowable. However, as set forth above, this assertion does not hold ground, and therefore, the current rejection of record for independent claim 12 persists.

Applicant’s arguments with respect to rejection of claim 17 under 35 USC § 103 (against cited references to Deshmukh, Fraser and Kim), regarding the amended claim limitation “wherein the cryptographic credential is to be used by the proxy server to authenticate the first storage node in response to the first storage node initiating the secure network tunnel with the proxy server” (see page 

The Applicant's remaining amendment/ arguments with respect to rejection of claim 17 under 35 USC § 103, see page 12-13 of REMARKS, filed 11/30/2020, have been fully considered but they are not persuasive. In the response filed on 11/30/2020, applicant puts forth in substance that:
“In the § 103 rejection of claim 17, the Final Office Action relies on (Final Office Action, pp. 26 and 27) Deshmukh for the purported disclosure of instructions to cause the machine to communicate over a public network data representing a credential to a proxy server. As set forth above in the discussion of claim 1, Deshmukh fails to, however, disclose or render obvious a proxy server, much less instructions to cause a machine to communicate over a public network data representing a cryptographic credential to a proxy server, where the cryptographic credential is to be used by the proxy server to authenticate a first storage node in response to the first storage node initiating a secure network tunnel with the proxy server, as now recited in the amended claim. Moreover, for at least the same reasons that are set forth above” (See page 13 of REMARKS, filed 11/30/2020).

In response to the applicant’s argument, and as set forth above in reference to applicant’s similar arguments with respect to claim 1, examiner reiterates that since node 118 is a server device within a data cloud capable of sending, receiving, and/or forwarding information over a network in a data storage and management system, examiner articulates that node 118 is a proxy server of claim 1. 
In addition, [0054] lines 21-23 teaches that the first storage controller 116 and the second storage controller 118 may be connected over a public network. Therefore, Deshmukh also teaches that the agent device (Fig.1:116) communicates over a public network with the proxy server (Fig.1:118) that is associated with a second storage node (Fig.1:130), i.e., a machine (Fig.1:116) to communicate over a public network to access the proxy server (Fig.1:118).
fails to disclose or render obvious instructions to cause a machine to communicate..., as Deshmukh does not even discuss a proxy server” is rendered moot as it solely relies on the allegation that Deshmukh fails to disclose or render obvious a proxy server without presenting additional reasons as to why either the findings of fact or the legal conclusion that the claims are patent ineligible under 35 USC § 103 is allegedly in error.

“Mortensen fails to disclose or render obvious the above-identified elements of claim 17, and the Final Office Action does not rely on Mortensen for these elements. In this manner, the Final Office Action relies on (Final Office Action, pp. 28 and 29) Mortensen for its purported disclosure of communicating with a proxy server to set up port forwarding for a future secure network tunnel.” (See page 13 of REMARKS, filed 11/30/2020).

In response to the applicant’s arguments, it is noted that Mortensen at [0049]-[0051] in view of Fig.3 discloses that the BackupAggregator 325 (a proxy server) may send a task processing assistance request e.g., 306 to the master server 323. The master server may then validate the task, retrieve the task required objects and generate an assistance response e.g., 316 and may send an assisting node reconfiguration request e.g., 309 back to the BackupAggregator 325, which may receive an assisting node reconfiguration request e.g., 309 indicating to add a new mirroring relationship. Thereafter the BackupAggregator may execute the specified commands and may generate authentication credentials to connect to a different storage server as specified by the commands. In addition, an example assisting node reconfiguration request e.g., 309, in the form of an HTTP(S) POST message is provided (after specification paragraph [0051]), which clearly shows cryptographic credential provided to BackupAggregator 325 for SSH tunneling with a storage server. Examiner disagrees that Mortensen fails to disclose 
Applicant's arguments for dependent claims 2-11, 13-16 and 19-21 (see page 13 of REMARKS filed 11/30/2020) appear to stem from the applicant's assertion that the respective independent claims 1, 12 and 17 are allowable. However, as set forth above, this assertion does not hold ground, and therefore, the rejection of record for dependent claims persist.

Claim Objection
Claim 17 is objected to because of the following informalities:
Claim 17 recites the limitation "the secure network tunnel" in lines 8, 14, 16 and 17. There is insufficient antecedent basis for this limitation in the claim. However, the claim recites “a future secure network tunnel” in line 4.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence in the application indicating obviousness or nonobviousness.
Claim(s) 1, 3-4, 9-12 and 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of March et al. (hereinafter, March, US 20030043740 A1) and in further view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1).

Regarding claim 1, Deshmukh discloses a method comprising:
causing an agent device (Fig.1:116; Fig.4C:402; also see [0025] lines 15-16; node 116 comprise a primary/ local/ first storage controller) other than a first storage node (Fig.1:128; Fig.4C:408) or a second storage node (Fig.1:130) to set up a replication partnership (Fig.4C:426; also see Fig.3:302-304) between the first storage node (Fig.1:128; Fig.4C:408) and the second storage node (Fig.1:130; also see [0022] lines 7-10; also see [0037]; establishing a replication relationship between the first storage controller (node 116) and the second storage controller (node 118)…secure data replication may be implemented for and/or between any type of computing environment, and may be transferrable between physical devices (e.g., node 116, node 118… a storage device); also see [0054]-[0059]; A first storage controller may host first storage within which storage resources may be stored … a second storage controller may desire to establish a replication relationship with the first storage controller… Accordingly, an access policy for the storage resource may be established for facilitating secure data replication… In this way, the first storage controller may establish an access policy for providing the second storage controller with access to storage resources. The second storage controller may establish a corresponding access policy… In this way, the second storage controller may utilize the parameters for constructing data replication requests to send to the first storage controller for accessing the storage resources… and a replication relationship may be established between the first storage controller and the second storage controller for replicating data from the first storage to second storage hosted by the second storage controller; examiner articulates that establishing a replication relationship between the first storage controller (node 116) and the second storage controller (node 118) based on data replication requests sent from the second storage controller implies that the data replication requests sent from the , wherein causing the agent device to set up the replication partnership (see [0037] and [0054]-[0059]) comprises: 
causing the agent device (Fig.1:116) to communicate over a public network (see Fig.4C:414; also see [0054] lines 21-23; The first storage controller 116 and the second storage controller 118 may be connected over a public network) with a proxy server (Fig.1:118 and Fig.4C:404; also see [0025]; node 118 may comprise a secondary or remote storage controller) that is associated with the second storage node (Fig.1:130) to configure the proxy server (Fig.1:118; also see [0003] lines 1-3; the storage controllers within a storage cluster are configured; also see [0028] and [0038]; node 118 may be configured to operate as a storage server to provide access to files and/or other data stored on the data storage device) to establish a secure communication channel for the replication partnership (Fig.4C:426; also see [0037]; also see [0055]-[0059]; an access policy (e.g., authentication, authorization, and access control) for the storage resource may be established for facilitating secure data replication… second storage controller may establish a corresponding access policy comprising parameters associated with the authentication mechanism (e.g., a password), the authorization mechanism, and/or the access control mechanism (e.g., a decryption key)… the access policy may be attached to the replication relationship; also see [0028] lines 9-11; node 118 is capable of sending, receiving, and/or forwarding information over a network communications channel; also see [0068]; the first storage controller may provide encrypted data of the first storage resource to the second storage controller based upon the access control mechanism; examiner articulates that attaching the access policy (e.g., authentication, authorization, and access control) from the second storage controller to facilitate secure (encrypted) data replication over a network communications channel encompasses the second storage controller establishing a secure communication channel for the replication) over the public network (Fig.4C:414; also see [0054] lines 21-23), wherein configuring the proxy server (see [0028] and [0038]) comprises: 
storing in the proxy server (Fig.1:118; Fig.4C:404; also see [0025] lines 16-17; node 118 may comprise a secondary or remote storage controller) a cryptographic credential (Fig.4C:425 and 424; also see [0064]; first access policy 423 comprises parameters 425 corresponding to the authentication mechanism 420, the authorization mechanism 422, and/or the access control mechanism 424), wherein the cryptographic credential corresponds to the secure communication channel (see Abstract: data replication requests may be authenticated and authorized so that data may be provided, according to the access control mechanism, in a secure manner) and is to be used by the proxy server to authenticating the first storage node (Fig.1:128; Fig.4C:408; also see [0064]-[0065]; also see [0053]; The access policy may be attached to a replication relationship between the node 202 and the second node so that data of the volume 230 may be securely replicated from the node 202 to the second node; secure data replication may be implemented for and/or between any type of computing environment, and may be transferrable between physical devices such as node 202, host device 205, a desktop computer, a tablet, a laptop, a wearable device, a mobile device, a storage device, a server, etc.; examiner articulates that authentication mechanism (e.g., a password authentication mechanism specifying a password) establish in the second storage controller 404 corresponds to credentials for authenticating the first storage node); and 
communicating replication partnership information to the second storage node (see last 8 lines of [0061]; the access policy may be shared with other storage controllers). 
Although, and as set forth above, Deshmukh discloses causing the agent device to communicate over a public network with a proxy server that is associated with the second storage node to configure the proxy server to establish a secure communication channel in communicating replication data between the first storage node and the second storage node (see [0028], [0038] and [0055]), as well as that data storage devices can have one or more physical ports (see [0051]), Deshmukh does not explicitly disclose storing in the proxy server a cryptographic credential, wherein the cryptographic credential corresponds to 
However, Fletcher discloses wherein configuring the proxy server (see Fig.7:704; also see [0082]-[0084]; gateway server generally located at the customer's data center close to the target server has its own CDN-specific IP address used for secure access, and provides the following functions: connection tracking, state synchronization, network address translation) comprises:
 port translations (see Fig.7:6; also see [0051]; At step 6, the packets are received by a server in the gateway region 704, destination NAT translates the virtual IP to the target address and source Network Address Port Translation is applied to the packet before it is sent; also see [0092]) to be used by the proxy server in the secure communication channel in communicating replication data (see [0090]-[0092]; synchronization data corresponds to replication data; also see [0083] and [0210]; Each machine in the gateway region preferably has its own CDN-specific IP address used for secure access… CDN regions support secure content (e.g., via SSL) implying use of the secure communication channel) between the first storage node and the second storage node (see last 8 lines of [0035]; two or more fixed endpoints desire to communicate with each other… the overlay mechanism operates by receiving IP packets at one set of servers, tunneling these packets through a series of CDN servers, and delivering them to a fixed, defined IP address; also see [0006]; the CDN are used in the storage/ caching of content, implying that the CDN servers comprise storage nodes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fletcher with Deshmukh to establish port translations to be used by the proxy server in the secure communication channel in communicating replication data between the first storage node and the second storage node.

Deshmukh (modified by Fletcher) does not explicitly disclose storing in the proxy server a cryptographic credential, wherein the cryptographic credential corresponds to the secure communication channel and is to be used by the proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server. In addition, although, and as set forth above, Fletcher discloses port translations to be used by the proxy server in the secure communication channel in communicating replication data (see [0090]-[0092]; also see [0083] and [0210]), Deshmukh (modified by Fletcher) does not explicitly disclose that the port translation to be used by the proxy server is requested by the agent device.
March discloses wherein configuring the proxy server (see MEDIA PORTAL 44 and/or 45 on Fig.1 and Fig.2) comprises: 
the agent device (see Application Server 42 in Fig.1 and Fig.2) requesting port translation (Fig.3:302 and 304) to be used by the proxy server (see MEDIA PORTAL 44 and/or 45 on Fig.1 and Fig.2; also see [0030]-[0031]; the media portal 44 or 45 includes a network address and port translation (NAPT) module that translates both the source and destination addresses (e.g., IP addresses) and ports (e.g., UDP ports) of each received packet; also see [0036]-[0037]; also see [0044]-[0057] in view of Fig.3; the application server 42 sends a request (at 302) to the media portal 44 to allocate NAPT resources for performing a network address and port translation of packets in the requested session… In response to the request, the media portal 44 allocates (at 304) the necessary resources (addresses and ports) to support NAPT for the call session) in the secured communication channel (see [0007]; Security of a private network is enhanced… to prevent malicious attacks by filtering on certain information in incoming data units; also see [0107]) in communicating data (see Fig.3:330 and 332) between first node (see Fig.3: user station A) and the second node (see Fig.3: user station B; also see [0086]-[0088]; 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of March with Deshmukh and Fletcher to have a method wherein configuring the proxy server comprises the agent device requesting port translations to be used by the proxy server in the secure communication channel in communicating replication data between the first storage node and the second storage node.
One of ordinary skill in the art would have been motivated to perform network address and port translation (NAPT) functions using the NAPT table entries during the established session between user stations A and B (March: [0087]).
Deshmukh (modified by Fletcher and March) does not explicitly disclose storing in the proxy server a cryptographic credential, wherein the cryptographic credential corresponds to the secure communication channel and is to be used by the proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server.
Mortensen discloses storing in the proxy server (Fig.2:204) a cryptographic credential (see [0050]; connection is denied if/ because the BackupAggregator does not have an adequate authentication credential (e.g., ssh key) otherwise the connection may be established), wherein the cryptographic credential corresponds to the secure communication channel (see [0040]; file transfer path is secured via automatically rotating SSH keys; also see Fig.2:221) and is to be used by the proxy server to authenticate the first storage node (see Fig.2:206) in response to the first storage node initiating the secure communication channel (Fig.2:221) with the proxy server (see [0049] in view of [0041]; authentication mechanisms (e.g., ssh keys) employed by the BackupAggregator to establish a connection tunneling to synchronize files; storage server 206 may start a port forwarding or TCP/IP connection tunneling- e.g. secure shell session; also see [0049]-[0051]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mortensen with Deshmukh, Fletcher and 
One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).

Regarding claim 3, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, including port translations to be used by the proxy server to tunnel IP packets (see Fletcher: Fig.7:6; also see [0035] and [0051]), as set forth above. In addition, March further discloses wherein the agent device requesting the port translation comprises the agent device (see Application Server 42 in Fig.1 and Fig.2) requesting local tunnel and reverse tunnel port translations associated with a public Internet Protocol (IP) address of the proxy server (see MEDIA PORTAL 44 and/or 45 on Fig.1 and Fig.2; also see [0044]-[0057] in view of Fig.3; the application server 42 sends a request (at 302) to the media portal 44 to allocate NAPT resources for performing a network address and port translation of packets in the requested session… In response to the request, the media portal 44 allocates (at 304) the necessary resources (addresses and ports) to support NAPT for the call session; also see [0086]-[0088]; User station A communicates with network address and port B.sub.media' (in the public interface of the media portal 44) at 330, and user station B communicates with network address and port A.sub.media' (in the public interface of the media portal 44) at 332. Media packets are routed between B' and A' in the media portal 44 by performing translations at 334 using the mapping table entry shown above; similar translation process is performed in the reverse direction).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of March with Deshmukh, Fletcher and Mortensen so that the agent device requesting the port translation comprises the agent device requesting 
One of ordinary skill in the art would have been motivated to perform network address and port translation (NAPT) functions using the NAPT table entries during the established session between user stations A and B (March: [0087]).

Regarding claim 4, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server comprises configuring the proxy server to communicate with a tunnel endpoint associated with the first storage node (see [0051]; data storage devices 234 can have one or more physical ports, wherein each physical port can be assigned a target address on the data storage device that can be used to identify one or more LUNs … when the node connects to a volume, a connection between the node and the one or more logical unit numbers (LUNs) underlying the volume is created; examiner articulates that a target address on the data storage device that can be used to identify logical unit numbers (LUNs) corresponds to a tunnel endpoint associated with the first storage node).

Regarding claim 9, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, as set forth above. Mortensen further discloses wherein configuring the proxy server (see Fig.3:325 “BackupAggregator”) further comprises: causing the agent device (see Fig.3:323 “master server”) to communicate a Secure Shell (SSH) key associated with the first storage node to the proxy server (see [0049]-[0051] in view of Fig.3; the BackupAggregator 325 may send a task processing assistance request e.g., 306 to the master server 323. The master server may then validate the task, retrieve the task required objects and generate an assistance response e.g., 316 and may send an assisting node reconfiguration request e.g., 309 back to the BackupAggregator 325… the BackupAggregator 325 may receive an assisting node reconfiguration request e.g., 309 indicating to add a new mirroring relationship. Thereafter the BackupAggregator may execute the specified commands and may generate authentication credentials to connect to a different storage server as specified by the commands. In 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mortensen with Deshmukh, Fletcher and March so that configuring the proxy server further comprises: causing the agent device to communicate a Secure Shell (SSH) key associated with the first storage node to the proxy server.
One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).

Regarding claim 10, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server further comprises causing the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node (see [0064]-[0067] in view of Fig.4E; a first access policy is established in the first storage controller…first storage controller 402 may attach the first access policy 418 to the replication relationship established between the first storage controller and the second storage controller; similarly, a second access policy is established in the first storage controller… The first storage controller 402 may attach the second access policy 430 to the second replication relationship established between the first storage controller and the third storage controller; examiner interprets that since the second storage controller is aware of replication relationship 426 established between the first storage controller and the second storage controller, it would be obvious that a unique replication partnership identification is communicated to the second storage controller) and a replication partnership credential associated with the first storage node (see last 8 lines of [0061]; the access policy may be shared with other storage controllers; also see [0023]; access policy may define an authentication mechanism to authenticate (e.g., password authentication
Regarding claim 11, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server further comprises causing the agent device to communicate data representing an identification of the first storage node (see last 8 lines of [0061]; the access policy may be shared with other storage controllers; also see [0023] and [0064]-[0065]; access policy may define an authentication mechanism for the storage controller to authenticate other storage controller (e.g., password authentication, public/private key authentication, certificate authentication, or other authentication used to determine that a data replication request originated from the other storage controller is not being spoofed; examiner interprets that the authentication data/ information shared with other storage controllers that authenticates first storage controller is data representing an identification of the first storage node).

As for Claim 12, the claims list all the same elements of claim 1, but in an apparatus form (see Deshmukh: Fig.2:202 and Fig.5:500) comprising at least one processor (see Deshmukh: Fig.2:204); and a memory (see Deshmukh: Fig.2:206 and Fig.5:508) that stores instructions (see Deshmukh: Fig.5:504; also see [0073]) to carry out the steps of claim 1, rather than the method form. Therefore, the supporting rationale of the rejection to claim 1 applies equally as well to claim 12.  

Regarding claim 15, Deshmukh (modified by Fletcher, March and Mortensen) discloses the apparatus of claim 12, as set forth above. Mortensen further discloses configure the proxy server to set up a network tunnel (see [0039]; port forwarding or TCP/IP connection tunneling (e.g., secure shell session) e.g., 221 corresponds to a network tunnel).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mortensen with Deshmukh, Fletcher and March to configure the proxy server to set up a network tunnel.
One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).
Regarding claim 16, Deshmukh (modified by Fletcher, March and Mortensen) discloses the apparatus of claim 15, as set forth above. Mortensen further discloses wherein the network tunnel comprises a Secure SHell (SSH) tunnel (see [0039]), the cryptographic credential comprises an SSH key (see [0049]-[0051]; also see an example assisting node reconfiguration request e.g., 309, in the form of an HTTP(S) POST message provided (after specification paragraph [0051]), which clearly shows cryptographic credential (key) provided to BackupAggregator 325 for SSH tunneling with a storage server), and the proxy server comprises an SSH proxy server (see [0049]-[0051]; the BackupAggregator 325 for SSH tunneling with a storage server corresponds to an SSH proxy server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mortensen with Deshmukh, Fletcher and March so that the network tunnel comprises a Secure SHell (SSH) tunnel, the cryptographic credential comprises an SSH key, and the proxy server comprises an SSH proxy serve.
One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of March et al. (hereinafter, March, US 20030043740 A1) and in view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in further view of Peterson et al. (hereinafter, Peterson, US 20130219469 A1).
Regarding claim 2, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, as set forth above. Deshmukh (modified by Fletcher, March and Mortensen) does not explicitly disclose wherein the proxy server and the second storage node comprise part of a private network; the private network comprises a plurality of storage nodes, including the second storage node; and configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.
wherein the proxy server (Fig.1:120) and the second storage node (Fig.1:135; also see Fig.6:620-640 and [0010]) comprise part of a private network (Fig.1:125; also see [0015]); 
the private network (Fig.1:125) comprises a plurality of storage nodes (Fig.1:130-140), including the second storage node (Fig.1:135; also see Fig.6:620-640 and [0010]); and
configuring the proxy server further comprises selecting the second storage node (Fig.1:135) from among the plurality of storage nodes (see Fig.1:130-140; also see [0014]-[0015]; also see [0023]; VPN gateway server 120 may receive and process VPN connection requests from client device 110. Computing devices 130, 135 and 140 may be accessible to client device 100 through a secure VPN connection established via VPN gateway server 120… registered users may be allowed to access computing devices 130 and 135; examiner interprets that “gateway server allowing access to device 135 for registered users” indicate selection of device 135 from among available devices by gateway server). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Peterson with Deshmukh, Fletcher, March and Mortensen so that proxy server and the second storage node comprise part of a private network; the private network comprises a plurality of storage nodes, including the second storage node and configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.
One of ordinary skill in the art would have been motivated so that the computing/ storage devices may be accessible through a secure VPN connection established via VPN gateway server (Peterson: [0015]).

Claim(s) 5 and 13Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of March et al. (hereinafter, March, US 20030043740 A1) and in view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1).
Regarding claim 5, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, as set forth above. Deshmukh (modified by Fletcher, March and Mortensen) does not explicitly disclose providing a portal accessible through a public network to receive data representing the credentials of the first storage node.
Fraser discloses providing a portal associated with the agent device and accessible through the public network to receive data representing the credentials (see [0026]-[0031]; input device 5 on client terminal 1 is used by the user to input authentication data… The authentication data is then communicated from the client terminal 1 via the Internet to either the security server 3 or the target server 2 to enable the identity of the user to be verified… where a user has entered valid authentication data via the client terminal 1 which has been successfully matched to the user's stored identity and authentication data, the user is then granted access to data 10 stored on the target server 2).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fraser with Deshmukh, Fletcher, March and Mortensen to provide a portal associated with the agent device and accessible through the public network to receive data representing the credentials.
One of ordinary skill in the art would have been motivated to verify identity data for existing customers or users (Fraser: [0031] lines 1-5).

As for Claim 13, the claim does not teach or further define over the limitations in claim 5. Therefore, claim 13 is rejected for the same reasons as set forth in claim 5.

Claim(s) 6 and 14Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of March et al. (hereinafter, March, US 20030043740 A1) and in view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in view of Herne (US 20090177856 A1) and in further view of Bachu et al. (hereinafter, Bachu, US 8135861 B1).
Regarding claim 6, Deshmukh (modified by Fletcher, March, Mortensen and Fraser) discloses the method of claim 5, as set forth above. Deshmukh (modified by Fletcher, March, Mortensen and Fraser) does not explicitly disclose using the portal to receive input identifying a geographic region for a replication partner for the first storage node; selecting the second storage node based on the identified geographic region; and causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.
Kim discloses using the portal to receive input identifying a geographic region for a replication partner for the first storage node (see Fig.12:400; also see [0052]-[0057]; selection of a position / location of, or a selection between the private cloud server or the public cloud server where a service is to be executed, selection of a number of pieces of duplicate data in the private cloud server and/or the public cloud server are received from the client 4000; also see [0143]-[0146]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kim with Deshmukh, Fletcher, March, Mortensen and Fraser to use the portal to receive input identifying a geographic region for a replication partner for the first storage node.
One of ordinary skill in the art would have been motivated to distribute data in a hybrid cloud environment (Kim: Abstract).
Deshmukh (modified by Fletcher, March, Mortensen, Fraser and Kim) does not explicitly disclose selecting the second storage node based on the identified geographic region; and causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.
Herne disclose selecting the second storage node based on the identified geographic region (see [0050]; backup process 308 may identify the location of storage system 314 as a target for backup data 322… a user may input an address or name for storage system 314).

One of ordinary skill in the art would have been motivated so that the data is backed up to a storage device located on another data processing system (Herne: [0040]).
Deshmukh (modified by Fletcher, March, Mortensen, Fraser, Kim and Herne) does not explicitly causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.
Bachu disclose causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node (see Col.4: lines 5-9; proxy receives data through the selected port IP address and writes the data to a requested location, such as a specific storage node or device; examiner interprets that the location of a specific storage node or device to where data is written corresponds to the identifier that identifies the second storage node; examiner also interprets that write location is requested to the proxy implies that the location is communicated to the proxy server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Bachu with Deshmukh, Fletcher, March, Mortensen, Fraser, Kim and Herne to causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.
One of ordinary skill in the art would have been motivated so that backup data can be sent to backup server (Bachu: Col.2: lines 30-33).

As for Claim 14, the claim does not teach or further define over the limitations in claim 6. Therefore, claim 14 is rejected for the same reasons as set forth in claim 6.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US .
Regarding claim 7, Deshmukh (modified by Fletcher, March, Mortensen, Fraser, Kim, Herne and Bachu) discloses the method of claim 6, as set forth above. Deshmukh (modified by Fletcher, March, Mortensen, Fraser, Kim, Herne and Bachu) does not disclose further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.
Noble discloses further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership (Col.5: lines 1-19 in view of Fig.3B; the backup server 303 is the parent computer system of the stored data on the mirror 313; the user may instruct the backup software (on the backup server) to identify a computer system other than the backup server as the parent computer system of the backed-up files. The backup software may receive the name of this second computer system as input… For example, the application server 301 may be specified as the device name alias for a particular backup task; examiner articulates that back-up relation indicating the parent computer system of the stored data on a mirror corresponds to storage tier associated with the replication partnership; examiner also articulates that application server 301 is selected as the parent computer system for a particular backup task based on an user input).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Noble with Deshmukh, Fletcher, March, Mortensen, Fraser, Kim, Herne and Bachu to further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.
One of ordinary skill in the art would have been motivated for backing up data using a backup server based on user instruction/input (Noble: Col.1: lines 53-62).

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of March et al. (hereinafter, March, US 20030043740 A1) and in view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in view of Clare et al. (hereinafter, Clare, US 20170060695 A1).
Regarding claim 8, Deshmukh (modified by Fletcher, March and Mortensen) discloses the method of claim 1, including causing the agent device to configure the proxy server, as set forth above (see Deshmukh [0028] and [0038]). Deshmukh (modified by Fletcher, March and Mortensen does not explicitly disclose wherein configuring the proxy server further comprises causing the agent device to configure the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.
Clare discloses configure the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target (see [0020] and [0024]; the intermediary server may determine which target servers to use as source servers…For example, a target database, after having an incremental applied to it, may be used as a source database for another target database; also see [0016]-[0017]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Clare with Deshmukh, Fletcher, March and Mortensen to cause the agent device to configure the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.
One of ordinary skill in the art would have been motivated to conduct one or more of the processes for data replication (Clare: [0021]).

Claim(s) 17 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fraser et al. (hereinafter, Fraser, US .

Regarding claim 17, Deshmukh discloses a non-transitory storage medium (Fig.5:508; also see [0073]) storing instructions (Fig.5:504) that, when executed by a machine (see Fig.1:116; Fig.2:202 and Fig.5:500), cause the machine to: 
communicate over the public network (see Fig.4C:414; also see [0054] lines 21-23; The first storage controller 116 and the second storage controller 118 may be connected over a public network) to access the proxy server (Fig.1:118 and Fig.4C:404; also see [0025] lines 16-17; node 118 may comprise a secondary or remote storage controller) for the replication partner storage node (Fig.1:130; also see [0028] and [0038]; node 118 may be configured to operate as a storage server to provide access to files and/or other data stored on the data storage device); and
communicate over the public network (see Fig.4C:414; also see [0054] lines 21-23) data representing the cryptographic credential (see Fig.4C:420-424 and 425; also see [0064]; first access policy 423 comprises parameters 425 corresponding to the authentication mechanism 420, the authorization mechanism 422, and/or the access control mechanism 424) to the proxy server (Fig.4C:404; also see [0054]-[0059]; A first storage controller may host first storage within which storage resources may be stored … a second storage controller may desire to establish a replication relationship with the first storage controller… Accordingly, an access policy (e.g., authentication, authorization, and access control) for the storage resource may be established for facilitating secure data replication… In this way, the first storage controller may establish an access policy for providing the second storage controller with access to storage resources. The second storage controller may establish a corresponding access policy; also see last 8 lines of [0061]; the access policy may be shared with other storage controllers; see [0064]-[0065]; authentication mechanism (e.g., a password authentication mechanism specifying a password) included within the first access policy that is shared with node 118 corresponds to credentials communicated to the proxy server),
the cryptographic credential (Fig.4C:425 and 424) corresponding to a future secure network tunnel (see Abstract: data replication requests may be authenticated and authorized so that data may be provided, according to the access control mechanism, in a secure manner),
wherein the cryptographic credential (Fig.4C:425 and 424) is to be used by a proxy server (Fig.1:118; Fig.4C:404) to authenticate the first storage node (Fig.1:128; Fig.4C:408; also see [0064]-[0065]; also see [0053]; The access policy may be attached to a replication relationship between the node 202 and the second node so that data of the volume 230 may be securely replicated from the node 202 to the second node; secure data replication may be implemented for and/or between any type of computing environment, and may be transferrable between physical devices such as node 202, host device 205, a desktop computer, a tablet, a laptop, a wearable device, a mobile device, a storage device, a server, etc.; examiner articulates that password authentication mechanism established in the second storage controller 404 corresponds to credentials for authenticating the first storage node).
Deshmukh does not explicitly disclose provide, via a public network, access to an interface to receive input representing a cryptographic credential corresponding to a future secure network tunnel and input representing criteria to select a replication partner storage node for a first storage node, wherein the cryptographic credential is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure network tunnel with the proxy server; and communicate with the proxy server to set up port forwarding for the future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Fraser discloses provide, via a public network, access to an interface to receive input representing a cryptographic credential corresponding to a future secure network tunnel (see [0026]-[0031]; input device 5 on client terminal 1 is used by the user to input authentication data… The authentication data is then communicated from the client terminal 1 via the Internet to either the security server 3 or the target server 2 to enable the identity of the user to be verified… where a user has entered .
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fraser with Deshmukh to provide, via a public network, access to an interface to receive input representing a cryptographic credential corresponding to a future secure network tunnel.
One of ordinary skill in the art would have been motivated to verify identity data for existing customers or users (Fraser: [0031] lines 1-5).
Deshmukh (modified by Fraser) does not explicitly disclose provide an interface to receive input representing criteria to select a replication partner storage node for a first storage node; wherein the cryptographic credential is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure network tunnel with the proxy server; and communicate with the proxy server over the public network to set up port forwarding for the future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Kim discloses provide an interface to receive input representing criteria to select a replication partner storage node for a first storage node (see Fig.12:400; also see [0052]-[0057]; selection of a position / location of, or a selection between the private cloud server or the public cloud server where a service is to be executed, selection of a number of pieces of duplicate data in the private cloud server and/or the public cloud server are received from the client 4000; also see [0143]-[0146]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kim with Deshmukh and Fraser to provide, via a public network, access to an interface to receive input representing a cryptographic credential corresponding to a future secure network tunnel and input representing criteria to select a replication partner storage node for a first storage node.

 Deshmukh (modified by Fraser and Kim) does not explicitly disclose wherein the cryptographic credential is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure network tunnel with the proxy server; and communicate with the proxy server over the public network to set up port forwarding for the future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Mortensen discloses cryptographic credential (see [0050]; authentication credential (e.g., ssh key) used to establish connection corresponds to cryptographic credential) corresponding to a future secure network tunnel (see [0040]; file transfer path is secured via automatically rotating SSH keys; also see Fig.2:221), wherein the cryptographic credential is to be used by a proxy server (Fig.2:204) to authenticate the first storage node (see Fig.2:206) in response to the first storage node initiating the secure network tunnel (Fig.2:221) with the proxy server (see [0049] in view of [0041]; authentication mechanisms (e.g., ssh keys) employed by the BackupAggregator to establish a connection tunneling to synchronize files; storage server 206 may start a port forwarding or TCP/IP connection tunneling- e.g. secure shell session; also see [0049]-[0051]); and
communicate with the proxy server (Fig.2:204) over the public network (see [0064]; remote clients and servers may access and interoperate with one another over the Internet) to set up port forwarding for the future secure network tunnel to communicate replication data between the first storage node (Fig.2:206) and the replication partner storage node (see Fig.2:201; also see [0039]; BackupAggregator 204 may start a port forwarding or TCP/IP connection tunneling 221 with the storage server 206 to transfer a replication file), wherein the proxy server (Fig.2:204) forms an endpoint of the secure network tunnel and the first storage node (Fig.2:206) forms another endpoint of the secure network tunnel (see [0039] in view of Fig.2:221).

One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).

Regarding claim 21, Deshmukh (modified by Fraser, Kim and Mortensen) discloses the non-transitory storage medium of claim 17, as set forth above. Mortensen further discloses wherein the cryptographic credential comprises a Secure Shell (SSH) key (see [0049]-[0051]; also see an example assisting node reconfiguration request e.g., 309, in the form of an HTTP(S) POST message provided (after specification paragraph [0051]), which clearly shows cryptographic credential (key) provided to BackupAggregator 325 for SSH tunneling with a storage server), and the proxy server comprises an SSH proxy server (see [0049]-[0051]; the BackupAggregator 325 for SSH tunneling with a storage server corresponds to an SSH proxy server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mortensen with Deshmukh, Fraser and Kim so that the cryptographic credential comprises an SSH key, and the proxy server comprises an SSH proxy server.
One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).
Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in further view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in further view Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1).
Regarding claim 19, Deshmukh (modified by Fraser, Kim and Mortensen) discloses the non-transitory storage medium of claim 17, as set forth above. Deshmukh (modified by Fraser, Kim and Mortensen) does not disclose communicate with the proxy server to reserve a public network port of the proxy server and map public network port to private network port of the replication partner storage node.
Fletcher disclose communicate with the proxy server to reserve a public network port of the proxy server (see Fig.7:5-8; also see [0051]; clients desire to send packets to a single IP address… several intermediate servers receive the encapsulated packets and forward them to the gateway region… Destination NAT translates the virtual IP to the target address and source Network Address Port Translation is applied to the packet before it is sent; the single IP address used by several intermediate servers before Network Address Port Translation is applied corresponds to a reserved public network port of the proxy server) and map the public network port to a private network port of the replication partner storage node (see [0029]; client behind a corporate firewall IP is mapped directly to a gateway region while other clients are mapped to public regions; also see [0051]; Destination NAT translates the virtual IP to the target address and source Network Address Port Translation is applied to the packet before it is sent).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fletcher with Deshmukh, Fraser, Kim and Mortensen to reserve a public network port of the proxy server and map the public network port to a private network port of the replication partner storage node.
One of ordinary skill in the art would have been motivated to ensure improved application performance and reliability (Fletcher: [0014]).
Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in further view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in further view Clare et al. (hereinafter, Clare, US 20170060695 A1).
Regarding claim 20, Deshmukh (modified by Fraser, Kim and Mortensen) discloses the non-transitory storage medium of claim 17, as set forth above. Deshmukh (modified by Fraser, Kim and Mortensen) does not disclose select the replication partner based on a selection criteria.
Clare discloses select the replication partner based on a selection criteria ([0020]-[0021]; intermediary server may instruct the source or target database to conduct one or more of the processes for data replication when one or more of the monitored resources meet one or more criteria. In some embodiments, the criteria may be predetermined).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Clare with Deshmukh, Fraser, Kim and Mortensen to select the replication partner based on a selection criteria.
One of ordinary skill in the art would have been motivated to conduct one or more of the processes for data replication (Clare: [0021]).

Additional References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Deutsch et al. (US 20150020186 A1) discloses a central management station for automatic distribution of configuration information to remote devices.
Marcelin et al. (US 20160266801 A1) teaches data processing and storage, based on low cost components, ensuring the integrity and availability of the data for the administration of same.
Ayvaz et al. (US 20130291064 A1) discloses SSH authentication using user submitted authentication data (using lights-out management credentials). 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANDARVA KHANAL whose telephone number is (571)272-8107.  The examiner can normally be reached on MON-FRI, 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SANDARVA KHANAL/Examiner, Art Unit 2453                                                                                                                                                                                                        
/KAMAL B DIVECHA/Supervisory Patent Examiner, Art Unit 2453