Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/05/2021 has been entered.
This communication is responsive to Request for Continued Examination (RCE) filed 2/05/2021
In RCE, claim 17 is cancelled and claim 33 is added. Thus, claims 1-16 and 18-33 are pending in this application.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, and 28-32 are rejected under 35 U.S.C. 103 as being unpatentable over McDonough (US 2016/0055078) in view of Chen (CHEN. "KURMA: Geo-Distributed Secure Middleware for Cloud-Backed Network-Attached Storage." In: Diss. Stony Brook University. November 2015) (cited in parent PCT/US17/33687).

As per claim 1, McDonough discloses a hyper-converged system (a pre-configured hyper-converged computing device [i.e. a hyper-converged system], para 0018), comprising:
an operating system (The physical and/or virtual machines include a variety of applications (e.g., operating system, word processing, etc.), para 0032);
a core layer equipped with hardware which starts and updates the operating system and which provides security features to the operating system (enable installation of the software updates on the pre-configured hyper-converged computing device such that user management of the pre-configured hyper-converged computing device is decreased based on the software updates previously tested on the underlying hardware platform, para 0194, a hardware implementation may employ a look-up table for modification of storage access requests to secure non-disk data, para 0202, Hardware platform 230 includes one or more central processing units (CPUs) 232, system memory 234, and storage 236. Hardware platform 230 may also include one or more network interface controllers (NICs) that connect host computer system 200 to a network, and one or more host bus adapters (HBAs) that connect host computer system 200 to a 
a services layer which provides services utilized by the operating system and which interfaces with the core layer by way of at least one application program interface (Hypervisor 220 is installed on top of hardware platform 230 and supports a virtual machine execution space within which one or more virtual machines (VMs) may be concurrently instantiated and executed. Each virtual machine implements a virtual hardware platform that supports the installation of a guest operating system (OS) which is capable of executing applications [i.e. a services layer which provides services utilized by the operating system and which interfaces with the core layer by way of at least one application program interface], para 0042); and
a user interface layer which interfaces with the core layer by way of at least one application program interface (GUI module 326 is code or instructions that enable the utilization of a graphical user interface to creating and managing appliances (e.g., ESX hosts) and virtual machines of the virtualization infrastructure (i.e. a user interface layer which interfaces with the core layer by way of at least one application program interface], para 0069).
McDonough does not expressly disclose but Chen discloses wherein said core layer includes a system level, and wherein said system level comprises an operating system kernel (Using the cloud as back-end, a cloud gateway gives a SAN or NAS interface to local clients, and can provide features such as replication, security, and caching. There are several cloud gateway technologies, in both industry and academia. In academia, Hybris [33], BlueSky [132], and Iris [117] are examples of cloud storage gateway systems that provide integrity. Hybris additionally gives fault tolerance by using multiple cloud providers, whereas BlueSky also 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the filing to combine said core layer includes a system level, and wherein said system level comprises an operating system kernel as taught in Chen with the invention of McDonough, in order to have the advantages of both public and private clouds (Chen, abstract).

As per claim 2, McDonough does not expressly disclose but Chen discloses wherein said operating system kernel is a host Linux operating system kernel (All machines ran CentOS 7.0.1406 with a vanilla 3.14.17 Linux kernel [i.e. operating system kernel is a host Linux operating system kernel]. Both the OS and the kernel were the latest stable versions at the time we began this study, page 6 sec 2.2.1 para 2).

As per claim 3, McDonough further discloses wherein said operating system kernel provides infrastructure for clustered deployments (the cluster of appliances which are 

As per claim 4, McDonough further discloses wherein said operating system kernel provides functionality for deploying applications inside software containers (the virtual machines may be logically grouped. That is, a subset of virtual machines may be grouped together in a container (e.g., VMware vApp) [i.e. provides functionality for deploying applications inside software containers]. For example, three different virtual machines may be implemented for a particular workload. As such, the three different virtual machines are logically grouped together to facilitate in supporting the workload. The virtual machines in the logical group may execute instructions alone and/or in combination (e g., distributed) with one another. Also, the container of virtual machines and/or individual virtual machines may be controlled by a virtual management system. The virtualization infrastructure may also include a plurality of virtual datacenters. In general, a virtual datacenter is an abstract pool of resources (e.g., memory, CPU, storage). It is understood that a virtual data center is implemented on one or some combination of physical machines, para 0034).

As per claim 6, McDonough further discloses wherein said system level further comprises a hardware layer (Hardware platform 230 includes one or more central processing units (CPUs) 232, system memory 234, and storage 236. Hardware platform 230 may also include one or more network interface controllers (NICs) that connect host computer system 

As per claim 28, McDonough further discloses wherein said services layer is equipped with at least one user space having a plurality of containers (The virtual machines in the logical group may execute instructions alone and/or in combination (e.g., distributed) with one another. Also, the container of virtual machines and/or individual virtual machines may be controlled by a virtual management system. The virtualization infrastructure may also include a plurality of virtual datacenters. In general, a virtual datacenter is an abstract pool of resources (e.g., memory, CPU, storage). It is understood that a virtual data center is implemented on one or some combination of physical machines [i.e. at least one user space having a plurality of containers], para 0034).

As per claim 29, McDonough further discloses wherein each of said plurality of containers contains a virtual machine (a subset of virtual machines may be grouped together in a container [i.e. containers contains a virtual machine], para 0034).

As per claim 30, McDonough further discloses wherein at least one of said plurality of containers runs its own workload (subset of virtual machines may be grouped together in a container (e.g., VMware vApp). For example, three different virtual machines may be implemented for a particular workload. As such, the three different virtual machines are logically grouped together to facilitate in supporting the workload [i.e. at least one of said plurality of containers runs its own workload], para 0034).

As per claim 31, McDonough further discloses wherein said plurality of containers define an application (The physical and/or virtual machines may have the same installed applications or may have different installed applications or software [i.e. plurality of containers define an application]. The installed software may be one or more software applications from one or more vendors, para 0032).

As per claim 32, McDonough further discloses wherein said plurality of containers contains a virtual machine, and wherein the plurality of virtual machines defines an application (a subset of virtual machines may be grouped together in a container [i.e. containers contains a virtual machine], para 0034, The physical and/or virtual machines may have the same installed applications or may have different installed applications or software [i.e. the plurality of virtual machines defines an application]. The installed software may be one or more software applications from one or more vendors, para 0032).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of RIEWRANGBOONYA (US 2015/0312104).

As per claim 5, McDonough does not expressly disclose but RIEWRANGBOONYA discloses wherein said operating system kernel further provides mechanisms for service discovery and configuration sharing (Auto-discovery request 632 includes a service type [i.e. service discovery], par 0091, appliance is authenticated with network 1210 and appliance 1214 requests network configuration information [i.e. configuration sharing] from appliances already 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the filing to combine said operating system kernel further provides mechanisms for service discovery and configuration sharing as taught in Chen with the invention of RIEWRANGBOONYA, in order to auto-discover pre-configured hyper-converged computing devices on a network (RIEWRANGBOONYA abstract).

As per claim 33, it is a system claim having similar limitations as cited in claims 1-6 and is thus rejected under the same rationale.


Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of Ganesh (US 2009/0037718).

As per claim 7, McDonough does not expressly disclose but Ganesh discloses wherein said system level further comprises a system level task manager (Kernel 304 is the central module of global OS 302 and is loaded during OS boot and remains in memory 326 during SWPAR booting. Kernel 304 is responsible for memory management, process and task management [i.e. a system level task manager], and local disk management, para 0049). 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the filing to combine said system level further comprises a system level task manager as taught in Ganesh with the invention of McDonough as modified, in order to partition software in computer systems (Ganesh para 0002).

As per claim 8, McDonough does not expressly disclose but Ganesh discloses wherein said system level task manager implements a daemon process, wherein said daemon process is the initial process activated during system boot, and wherein said daemon process continues until the system is shut down (NFS server 203 implements daemon processes [i.e. implements a daemon process] to permit accessibility to SWPARS file system 201. Devices require NFS protocol 214 for remote booting and access to SWPARS file system 201 on remote DPS 200, para 0045, the specific SWPAR is booted at step 414. Also, at step 414, the NFS kernel resources are loaded and utilized to obtain the daemons required to manage the RPC messaging and advisory locking. Daemons, such as portmap, rpc. lockd, and rpc.statd, operate during the booting [i.e. daemon process is the initial process activated during system boot] process of the SWPAR, performing specific operations at predefined times and/or in response to an event that occurs during booting, para 0056, Remote boot of the SWPAR is independent of the NFS services of the global system, and SWPAR boot and shut down [i.e. daemon process continues until the system is shut down] from a remote client are both supported, independent of the boot of the global system OS, para 0058).


Claims 9-15 are rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of Shau (US 2015/0264122).

As per claim 9, McDonough does not expressly disclose but Shau discloses wherein said system level further comprises a system provisioner that handles early initialization of a cloud instance (provisioning nodes (e.g., creating nodes) from cloud providers [i.e. early initialization of a cloud instance], installing/configuring software (e.g., bootstrapping nodes), configuring services on nodes, starting services on nodes, initializing services on nodes, stopping services, 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the filing to combine said system level further comprises a system provisioner that handles early initialization of a cloud instance as taught in Shau with the invention of McDonough as modified, in order to provision and manage a cluster as a single entity (Shau para 0002).

As per claim 10, McDonough does not expressly disclose but Shau discloses wherein said system provisioner provides a means by which a configuration may be sent over a network (provisioned 230A-230N are not directly installed on the target host or node, but rather use SSH (e.g., SSHD) to interact with the remote host [i.e. a configuration may be sent over a network], para 0090).

As per claim 11, McDonough does not expressly disclose but Shau discloses wherein said system provisioner configures at least one service selected from the group consisting of: setting a default locale, setting a hostname, generating ssh private keys, adding ssh keys to a user's authorized keys, and setting up ephemeral mount points (provisioner 1430 and/or server 1425 may also automatically provide additional metadata regarding cluster layout. For example, once the nodes of a cluster are established, server 1425 may include a “nodes'' hash in a task JSON which contains the hostnames [i.e. provisioner configures a hostname], para 00160).

As per claim 12, McDonough does not expressly disclose but Shau discloses wherein said system provisioner provides at least one service selected from the group consisting of: license entitlements, user authentication, and the support purchased by a user in terms of configuration options (perform authentication and authorization operations to authenticate users and/or determine their permissions [i.e. provides user authentication], para 0044).

As per claim 13, McDonough does not expressly disclose but Shau discloses wherein the behavior of said system provisioner may be configured via data supplied by the user at instance launch time (for a cluster create operation, each node must be created, then each service on it must be installed, then configured, then initialized, then started [i.e. configured via data supplied by the user at instance launch time], para 0139).

As per claim 14, McDonough does not expressly disclose but Shau discloses wherein said system provisioner interfaces with said system level task manager by way of at least one exec function (An execute permission applies to certain types of entities, and gives the user the ability to perform one or more operations on those entities. For example, an execute permission [i.e. at least one exec function] on a cluster template means the user is able to create a cluster with the template, para 0046).

As per claim 15, McDonough does not expressly disclose but Shau discloses wherein said system provisioner interfaces with said system level task manager by way of at least one exec function (An execute permission applies to certain types of entities, and gives the user the ability to perform one or more operations on those entities. For example, an execute permission .


Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of Paul (US 2006/0230395).

As per claim 16, McDonough does not expressly disclose but Paul discloses wherein said system level further comprises a configuration service that updates the operating system (system 400, embedded device 201 includes a SMS listener 401, a firmware Configuration Service Provider (CSP) 403, para 0046, datacenter 207 can also store and provide access to information to update the operating systems of embedded devices [i.e. a configuration service that updates the operating system], para 0033).
Therefore it would have been obvious to one of ordinary skill in the art at the time of filing to combine said system level further comprises a configuration service that updates the operating system as taught in Paul with the invention of McDonough, in order to update an OS of an embedded device (Paul abstract).


Claims 18-23, 26, and 27 are rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of Paul in further view of Varney (US 2014/0222977).

As per claim 18, McDonough does not expressly disclose but Varney discloses wherein said configuration service is responsible for the initial configuration of the system (Each machine is preferably initially configured with at least sufficient core program(s) 302 and at least one provisioning service SO (i.e., the application code for at least one provisioning service SO) to enable initial provisioning of the machine within the CDN. The provisioning service SO may then be used to provision the machine, both for initial provisioning [i.e. configuration service is responsible for the initial configuration of the system] and, potentially, for ongoing provisioning, configuration and reconfiguration, para 0202). 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the filing to combine said configuration service is responsible for the initial configuration of the system as taught in Varney with the invention of McDonough, in order to support content delivery and content delivery networks (Varney para 0019).

As per claim 19, McDonough does not expressly disclose but Varney discloses wherein said configuration service configures multiple servers in a chain-by-chain manner (The function of the object distribution network is to distribute object updates to all connected nodes in a way that preserves the partial order of all updates and achieves eventual consistency between all nodes [i.e. configures multiple servers in a chain-by-chain manner], including support for implicit values, automatic conflict resolution, and derived objects, para 0243).
 
As per claim 20, McDonough does not expressly disclose but Varney discloses wherein said configuration service monitors the health of running containers (the data produced by stream #k are provided (e.g., pushed) via reducer(s) 107-k through a series of collectors. In this example, it is assumed that the data produced by log stream #k relate to health information about the cache. This health information may be used, e g., by the rendezvous system in order to select caches for resource requests and by the control mechanism to maintain configuration information about the CDN [i.e. monitors the health of running containers], para 0906).

As per claim 21, McDonough does not expressly disclose but Varney discloses wherein said configuration service rectifies the health of any running containers whose health has been compromised (When a machine (via Autognome’s consumption of the new agent configuration) learns that it needs to run a different version of CDN software it issues a stop command to the services that need to be stopped (at least the service being updated, possibly others), it installs the proper version of the RPMs needed, and then restarts the required services. The machine (perhaps via Autognome) then runs a local health check to determine whether or not the change 

As per claim 22, McDonough does not expressly disclose but Varney discloses wherein said configuration service rectifies the health, of any running containers whose health has been compromised, by rebooting the container (When a machine (via Autognome's consumption of the new agent configuration) learns that it needs to run a different version of CDN software it issues a stop command to the services that need to be stopped (at least the service being updated, possibly others), it installs the proper version of the RPMs needed, and then restarts the required services. The machine (perhaps via Autognome) then runs a local health check to determine whether or not the change was successful. If unsuccessful, the change is undone. If the undo fails, the machine will attempt a recovery (as defined by the agent's configuration, and may involve a restart of the machine) [i.e. rectifies the health, of any running containers whose health has been compromised, by rebooting the container]. Such reconfiguration would generally be performed by machines coordinating the activity amongst themselves, para 1565).

As per claim 23, McDonough does not expressly disclose but Varney discloses wherein said configuration service rectifies the health, of any running containers whose health has been compromised, by regenerating the workload of the container elsewhere (Overloaded control sites will be detected and a portion of their workload will be transferred to other less busy control sites 

As per claim 26, McDonough does not expressly disclose but Chen discloses wherein said configuration service determines that the health of a running container has been compromised by subjecting the container to security standard testing (We verified that all SeMiNAS's security features work correctly. To test the correctness of integrity check, we created files on a client, changed different parts of the files on the cloud server, and verified that SeMiNAS detected all the changes. To test the correctness of encryption, we manually confirmed that file data was unreadable cipher text when reading from the server, but was plaintext identical to what was written when reading from clients. We also verified that malware were detected by SeMiNAS when clients attempted to write malware files. Our malware detection experiments also showed that scanning malware files took about the same amount of time (lessthan 1% difference) as scanning equal-sized good files [i.e. subjecting the container to security standard testing], sec 3.5.1 para 4).

As per claim 27, McDonough does not expressly disclose but Varney discloses wherein said configuration service determines that the health of a running container has been compromised by determining that a specific user authentication has been denied or does not work (Other modules may be available for error message generation, authentication, logging, throttling, etc., para 1305, The proxy-auth handler launches a sequence of its own to perform the actual authentication request and waits for the response. This is an example of a blocking handler which launches a helper request. Based on the response to the authentication request, the proxy-.


Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of Paul in further view of Varney in further view of Schryer (US 2010/0149998).

As per claim 24, McDonough does not expressly disclose but Schryer discloses wherein said configuration service determines that the health of a running container has been compromised by determining that the number of pings the container has dropped exceed a threshold value (in 330 it is determined whether the ping packet loss count has exceeded a threshold value, such as three percent (3%). In 340 a tally is kept of the ping tests that exceed the threshold value (failure) and that do not exceed that threshold value (pass). In 350, if all the test pings have noted yet been transmitted for a select line, the process will resume at 320. If all the pings have been transmitted for that line, then in 360 it is determined whether the ping failure count has exceeded its threshold value [i.e. determining that the number of pings the container has dropped exceed a threshold value]. The ping failure count represents the total number of pings registered as a failure, for example those pings having packet loss in excess of three percent, para 0025).
Therefore it would have been obvious to one of ordinary skill in the art at the time of filing to combine said configuration service determines that the health of a running container has .


Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over McDonough in view of Chen in further view of Paul in further view of Varney in further view of Gabay (US 2015/0254152).

As per claim 25, McDonough does not expressly disclose but Gabay discloses wherein said configuration service determines that the health of a running container has been compromised by determining that the IOPS of the container has dropped below a threshold value (data gathered by the data acquisition engine may comprise performance data of various performance measures, such as Input/Output Operations Per Second (IOPS), para 0013, The received parameters may identify, for example, particular performance measures, threshold values, and time periods to be used for identifying underutilized storage objects. For example, in some embodiments, underutilized storage objects are identified by computing the average performance of storage objects over the course of a time period, comparing the average performance of the storage objects to a threshold value, and flagging storage objects whose average performance falls below the threshold [i.e. determining that the IOPS of the container has dropped below a threshold value], para 0015). 
Therefore it would have been obvious to one of ordinary skill in the art at the time of filing to combine said configuration service determines that the health of a running container has 

Response to Arguments
Applicant's arguments filed 6/23/2020 have been fully considered but are not persuasive. 

On page 11, Applicant argues:
When construed as a whole for what it fairly teaches to one skilled in the art, McDonough clearly teaches that the system described therein has all of the advantages that the Examiner is ascribing to Chen. Hence, Applicant's previous argument stands: one skilled in the art would have no incentive to combine the teachings of McDonough and Chen in the manner required to arrive at the presently claimed invention, because the resulting combination would not have any advantage not already possessed by the system of McDonough alone. Therefore, the Examiner has failed to establish a prima facie case of obviousness with respect to the presently claimed invention.

The examiner respectfully disagrees. While Applicant argues that McDonough alone would already possess the advantages of the claimed invention, the examiner respectfully disagrees because McDonough is missing the claimed features as taught by Chen (ie, the claimed limitation wherein said core layer includes a system level, and wherein said system level comprises an operating system kernel). By adding the missing claimed features, the combination provides an advantage when combined with McDonough because it allows the core layer to include a system level by using the cloud as a back-end.

On pages 12-13 Applicant argues:
Regarding the Examiner's comment that the system of Chen "allows the core layer to include a system level by using the cloud as a back-end. In this way, the combination benefits because it is using the most up to date advances in technology which allows for "high accessibility (from multiple devices, at multiple locations) availability, flexibility, scalability, and cost-effectiveness", Applicant respectfully notes that these features are merely the features of a cloud hypervisor.

…

It will be appreciated from the foregoing that the system of McDonough has a core layer which includes a system level, and the system level comprises an operating system kernel. It will further be appreciated that this system has all of the features and advantages that the Examiner ascribes to the system of Chen, namely, it allows the core layer to include a system level by using the cloud as a back-end, with all of the attendant benefits noted by the Examiner. One skilled in the art would have no incentive to combine the teachings of McDonough and Chen in the manner required to arrive at the presently claimed invention, because the resulting combination would not have any advantage not already possessed by the system of McDonough alone. Therefore, the Examiner has failed to establish a prima facie case of obviousness with respect to the presently claimed invention.

The examiner respectfully disagrees. While Applicant may be correct the disclosure of McDonough overlaps with the disclosure of Chen regarding cloud hypervisors, that allegation alone is not enough to conclude that the combination of references is improper. In fact, the examiner respectfully submits that overlapping disclosure is a factor to consider when deciding whether two references can be rightfully combined because it shows evidence that the references are of an analogous art. Two references which have similar disclosures is a clue to one of ordinary skill in the art that the references are in the same field of invention and are likely to be combinable. 
The examiner further notes that Applicant’s statements regarding the cloud hypervisor being present in McDonough is considered to be Applicant Admitted Prior Art. For example on page 13, beginning on the final paragraph and continuing onto page 14, Applicant states:
It will be appreciated from the foregoing that the system of McDonough has a core layer which includes a system level, and the system level comprises an operating system kernel.



On pages 14-17, Applicant argues that the dependent claims should be allowable for at least the reason that the independent claims are not properly rejected.
The examiner respectfully disagrees and submits that the rejection of the independent claims is properly laid out above. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TIMOTHY A MUDRICK whose telephone number is (571)270-3374.  The examiner can normally be reached on 9am-5pm Central Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Dennis Chow can be reached on (571) 272-7767.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TIMOTHY A MUDRICK/Primary Examiner, Art Unit 2194                                                                                                                                                                                                        3/22/2021