DETAILED ACTION
This communication is responsive to Applicant’s amendment for application 16/408,359 dated 3 March 2021, responding to the 17 February 2021 Office Action provided in the rejection of claims 1-20, wherein claim 17 has been amended.
Claims 1-20 remain pending in the application and have been fully considered by the examiner. 


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Examiner Notes
Examiner cites particular paragraphs or columns and lines in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.


Response to Arguments
Applicant’s primary argument is directed to:
(A)	Claim 1 is patentable over the cited references because they do not disclose “…one or more virtual machines (VMs) launched by a standby container runtime…” Specifically, Applicant argues that “in contrast to the default container runtime, the standby container runtime is a VM based container runtime (e.g., runV) capable of launching a plurality of virtual machines” with reference to paragraphs [0086]-[0087] of the instant specification. Applicant further argues that “Folco’s VM hypervisor cannot reasonably be construed as a container runtime…Nowhere does Folco teach that is VM hypervisor 160 is a VM based container runtime”. Thus, Applicant argues, Folco and the Asawa reference, alone and in combination, fail to discloses or reasonably suggest “utilizing a standby container runtime” (see Applicant’s remarks, pages 9-11), independent claims 14 and 18 are patentable for similar reasons, and claims 2-13, 15-17, and 19-20 are patentable as depending upon claims 1, 14, and 18, respectively.

Regarding (A), Examiner respectfully disagrees with this argument. It is made clear by Applicant’s instant specification that claimed “standby container runtime” for launching one or more VMs is explicitly a hypervisor in the same manner as the “VM hypervisor” disclosed by the Folco reference. With reference to paragraph [0086] of the instant specification and Applicant’s argument that “the standby container runtime is a VM based container runtime (e.g., runV) capable of launching a plurality of virtual machines”, paragraph [0086] of the instant specification states that “Hyper runV (also referred to as ‘runV’) is a hypervisor-based runtime … runV does not use cgroups and namespaces, but a hypervisor … One skilled in the art will appreciate that other hypervisor-based runtime implementations … may be used in lieu of, or in addition to, runV. Hypervisor-based runtimes, such as runV, are also referred to herein as ‘VM based container runtimes’…” (emphasis added). 
As such, in light of the plain language of the claim and the instant specification, Applicant’s claimed “standby container runtime” which launches one or more virtual machines cannot reasonably be construed as anything but a “VM hypervisor” as disclosed by Folco (see for example Folco, this limitation is disclosed such that a Linux container provided by a container hypervisor (i.e. claimed “default container runtime”, paragraph [0014]) is migrated to a VM (i.e. claimed “migrating...at least some of the containerized workload running in the one or more containers…to one or more virtual machines (VMs)”) when there is a problem (paragraph [0012]). The VM is created and run by a VM hypervisor (i.e. claimed “standby container runtime”; paragraph [0014]). Therefore, this argument is unpersuasive.


Allowable Subject Matter
Claims 6-13, 15-17, and 19-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Folco et al. (U.S. 2018/0053001) (Hereinafter Folco – art of record, see IDS dated 9 May 2019) in view of Asawa et al. (U.S. 2019/0235906) (Hereinafter Asawa).
As per claim 1, Folco discloses a method of changing containerized workload isolation in a system having one or more compute nodes each having a host kernel (see for example Folco, this limitation is disclosed such that there is a method of performing live migration of a container to a VM; paragraph [0011]. The containers are isolated systems (i.e. “containerized workload isolation) that use an operating-system-level virtualization method of a control host (i.e. claimed “one or more compute nodes”) using a kernel (i.e. claimed “each having a host kernel”); paragraph [0014]), the method comprising: 
containerizing workload using a default container runtime, wherein the default container runtime has one or more containers on a compute node using resource limiting capabilities of the compute node's host kernel (see for example Folco, this limitation is disclosed such that the system includes a container hypervisor (i.e. claimed “default container runtime”) that provides a set of Linux containers 110, 120, 130 (i.e. “default container runtime” that runs “one or more containers”) and management tools that provide isolation using the operating-system-level virtualization method of the control host using its kernel; paragraph [0014], Fig.1 Items 110, 120, 130, 140 and associated text. An application runs in the container (i.e. there is a “containerize[ed] workload”); paragraph [0012]); 
migrating, in response to detection of a triggering factor, at least some of the containerized workload running in the one or more containers of the default container runtime to one or more virtual machines (VMs) launched by a standby container runtime, wherein the triggering factor is selected from the group consisting of a perceived threat, a compliance requirement change, and combinations thereof (see for example Folco, this limitation is disclosed such that a container is migrated to a VM (i.e. claimed “migrating...at least some of the containerized workload running in the one or more containers…to one or more virtual machines (VMs)”) when there is a problem such that a monitoring tool detects some potential security flaws, there is performance problems in the container, or an application in the container does not behave well (i.e. claimed “in response to detection of a triggering factor…wherein the triggering factor is selected from the group consisting of a perceived thread, a compliance requirement change, and combinations thereof”); paragraph [0012]. The VM is created and run by a VM hypervisor (i.e. claimed “standby container runtime”; paragraph [0014]).
Although Folco discloses containerizing workload using a default container runtime, wherein the default container runtime has one or more containers on a compute node using resource limiting capabilities of the compute node's host kernel, and migrating, in response to detection of a triggering factor, at least some of the containerized workload running in the one or more containers of the default container runtime to one or more virtual machines (VMs) launched by a standby container runtime, wherein the triggering factor is selected from the group consisting of a perceived threat, a compliance requirement change, and combinations thereof, 
However, Asawa discloses that a container runtime spawns one or more cgroup-based containers on a compute node using resource limiting capabilities of the compute node's host kernel including cgroups and namespaces (see for example Asawa, this limitation is disclosed such that a system uses a Docker OS-level virtualization layer (i.e. “container runtime”) to create (i.e. spawn) a new container); paragraphs [0016], [0030]. The containers are created using a combination of namespace capabilities and Cgroups; paragraph [0036]. The containers run on top of the kernel of the host platform in order to enable isolation, relying on the kernel’s functionality; paragraphs [0018]-[0019]); and
migrating at least some of the containerized workload running in the one or more cgroup-based containers spawned by the container runtime (see for example Asawa, this limitation is disclosed such that one or more containers are migrated; paragraph [0044]. The containers created using Cgroups (paragraph [0036]) are running applications (i.e. “containerized workload running in the one or more cgroup-based containers” that is migrated as part of migrating the containers); paragraph [0005]).
Folco in view of Asawa is analogous art because they are from the same field of endeavor, virtualization.
It would have been obvious to one of ordinary skill in the art at the time the application at hand was filed to modify the method as taught by Folco by using Cgroups and namespaces in container creation as taught by Asawa because it would enhance the teaching of Folco with an paragraph [0019]).
As per claim 2, Folco in view of Asawa discloses the method as recited in claim 1, wherein migrating at least some of the containerized workload is performed without service interruption (see for example Folco, this limitation is disclosed such that the migration of the container to the created VM is performed as a live migration (i.e. claimed “migrating…without service interruption”; paragraph [0004]).
As per claim 3, Folco in view of Asawa discloses the method as recited in claim 1 (see rejection of claim 1 above). Folco does not explicitly teach the limitation wherein the default container runtime is a cgroup and namespace based container runtime.
However, Asawa discloses the limitation wherein the default container runtime is a cgroup and namespace based container runtime (see for example Asawa, this limitation is disclosed such that Docker OS-level container virtualization (i.e. a “default container runtime”) creates containers using Cgroups and namespaces (i.e. claimed “cgroup and namespace based container runtime”); paragraph [0036]).
It would have been obvious to one of ordinary skill in the art at the time the application at hand was filed to modify the method as taught by Folco by using Cgroups and namespaces in container creation as taught by Asawa because it would enhance the teaching of Folco with an effective means of completely isolating a container application’s view of operating environments (as suggested by Asawa, see for example paragraph [0019])
As per claim 4, Folco in view of Asawa discloses the method as recited in claim 3, wherein the standby container runtime is a VM based container runtime (see for example paragraph [0014]).  
As per claim 5, Folco in view of Asawa discloses the method as recited in claim 1, wherein the standby container runtime is VM based container runtime (see for example Folco, this limitation is disclosed such that the VMs are created and run by a VM hypervisor (i.e. “standby container runtime is a VM based container runtime”); paragraph [0014]).  
Regarding claim 14, it is a system claim having similar limitations cited in claim 1. Moreover, Folco in view of Asawa discloses one or more processors, one or more computer readable storage devices, and program instructions stored on at least one of the one or more computer readable storage devices for execution by at least one of the one or more processors (see for example Folco, this limitation is disclosed such that the system includes processors 320 and storage devices 330 with computing programs 333 for execution by the processors; paragraph [0006], Fig.3 and associated text). Thus, claim 14 is also rejected under the same rationales as cited in the rejection of claim 1.
Regarding claim 18, it is a product claim having similar limitations cited in claim 1. Moreover, Folco in view of Asawa discloses a computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by a processor (see for example Folco, this limitation is disclosed such that there is a computer readable storage medium having computer program instructions thereon for causing the processor to carry out the invention; paragraph [0023], Fig.3 and associated text). Thus, claim 18 is also rejected under the same rationales as cited in the rejection of claim 1.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN R LABUD whose telephone number is (571)270-5174.  The examiner can normally be reached on Monday - Thursday 10am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, EMERSON PUENTE can be reached on (571)272-3652.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/J.R.L/Examiner, Art Unit 2196                                                                                                                                                                                                        
/EMERSON C PUENTE/Supervisory Patent Examiner, Art Unit 2196