Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Applicant's submission filed on 02/01/2021 has been entered. Claims 1-5, 7-15, 17-25, 27-30 have been examined. Claims 6, 16, 26 are cancelled. 

Response to Arguments
Application argument#1
Applicant argues that IDE does not teach or suggest “receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources”, as recited in claim 1. 

Examiner response to Application argument#1
The examiner respectfully disagrees.  IDE teaches receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources. IDE’s invention teaches the enquiry packet response receiver 103 receives responses to the enquiry packets from the servers A to E (i.e., enquiry packet responses). The enquiry packet response receiver 103 records the received enquiry packet responses in a monitored application table in the enquiry packet response database 104. The enquiry packet response database 104 also stores snapshots. The application analyzer then records a snapshot for the applications running on the server A to E at 
Application relied on his argument is that IDE does not receives snapshots from an agent running locally on the servers. 
The examiner respectfully disagrees.  IDE teaches receiving, from the monitoring agent within server A (cloud extension agent), a snapshot of corresponding statuses of the set of resources of monitored server A, and receiving from the monitoring agent within server B (second cloud extension agent), a snapshot of corresponding statuses of the set of resources of monitored server B (See ¶ 0063, ¶ 0082, ¶0121-0122 Fig.20, Fig.23).  

Based on the broadest reasonable interpretation of the claim language, the examiner interprets receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources as equivalent to receiving, from the monitoring agent within server A, a snapshot of corresponding statuses of the set of resources of monitored server A, and receiving from the monitoring agent within server B, a snapshot of corresponding statuses of the set of resources of monitored server B. 
Therefore, the rejection is maintained. 




Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
 
Claims 1-3,7,9,10-13,17,19,20-22,23,27,29,30 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Gladstone et al. Publication No. US 2002/0194495 A1 (Gladstone hereinafter) in view of IDE et al. Publication No. US 2011/0099273 A1 (IDE hereinafter) 
Regarding claim 1,

Gladstone teaches a method comprising:
 providing, by a remote network management platform, a first cloud extension agent that facilitates internet-based management of a first set of local computing resources of a network, wherein the first cloud extension agent is to run locally on the network and initiate a first connection to the remote network management platform through a firewall of the network establishing the first connection to the first cloud extension agent (Fig.3 shows providing by  event processing system , an first event agent ( 45A) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044-  Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall ¶ meters, or other instructions – ¶0044;¶  0047 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated 


providing a second cloud extension agent that facilitates internet-based management of a second set of local computing resources of a network, wherein the second cloud extension agent is to run locally on the network and initiate a second connection to the remote network management platform through the firewall of the network;  establishing the second connection to the second cloud extension agent(Fig.3 shows providing by  event processing system , a second event agent ( 50B) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall ¶ meters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels); and


 providing a first set of instructions to the first cloud extension via the first connection and a second set of instructions to the second cloud extension via the second connection (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).





receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources.  

IDE teaches 
receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources (¶ 0063 - the enquiry packet response receiver 103 receives responses to the enquiry packets from the servers A to E (i.e., enquiry packet responses). The enquiry packet response receiver 103 records the received enquiry packet responses in a monitored application table in the enquiry packet response database 104. The enquiry packet response database 104 also stores snapshots (¶ 0063), ¶ 0082 the application analyzer then records a snapshot for the applications running on the server A to E at that time  - Fig.23 shows that the snapshots received corresponding to the statuses of set of local computer computing resources of application A – See Also ¶ 0121).
 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of IDE. The motivation for doing so is to allow the system to detect operational irregularities in the applications (¶ 0085 – IDE). 
Regarding claim 2,

Gladstone further teaches 
wherein the first set of instructions comprises one or more actions to be performed by the first cloud extension agent on the first set of local computing resources and the second set of instructions comprises one or more actions to be performed by the second cloud extension agent on the second set of local computing resources(¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions  Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .

Regarding claim 3,

Gladstone further teaches 
wherein the first set of local computing resources corresponds to a first region of the network and wherein the second set of local computing resources corresponds to a second region of the network ( Fig.3 shows each computing resources in each nodes corresponds to different region within the network).   

Regarding claim 7,

Gladstone further teaches 
wherein the first set of instructions is different than the second set of instructions (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes placing a particular node in  Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .


Regarding claim 9,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a configuration change (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


Regarding claim 10,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a policy change.  (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset  Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions ).


Regarding claim 11,

Gladstone teaches a system comprising: a memory; and a hardware resource operatively coupled to the memory, the hardware resource to:
 provide, by a remote network management platform, a first cloud extension agent that facilitates internet-based management of a first set of local computing resources of a network, wherein the first cloud extension agent is to run locally on the network and initiate a first connection to the remote network management platform through a firewall of the network establishing the first connection to the first cloud extension agent (Fig.3 shows providing by  event processing system , an first event agent ( 45A) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044-  Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0044;¶  0047 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels); 


provide a second cloud extension agent that facilitates internet-based management of a second set of local computing resources of a network, wherein the second cloud extension agent is to run locally on the network and initiate a second connection to the remote network management platform through the firewall of the network;  establishing the second connection to the second cloud extension agent(Fig.3 shows providing by  


 provide a first set of instructions to the first cloud extension via the first connection and a second set of instructions to the second cloud extension via the second connection (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – Para 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).

However, Gladstone does not explicitly teach
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receive, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources.  

IDE teaches 
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receive, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources ¶0063 - the enquiry packet response receiver 103 receives responses to the enquiry packets from the servers A to E (i.e., enquiry packet responses). The enquiry packet response receiver 103 records the received enquiry packet responses in a monitored application table in the enquiry packet response database 104. The enquiry packet response database 104 also stores snapshots  ¶0082 the application analyzer then records a snapshot for the applications running on the server A to E at that time  - Fig.23 shows that the snapshots received corresponding to the statuses of set of local computer computing resources of application A – See Also ¶0121). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of IDE. The motivation for doing so is to allow the system to detect operational irregularities in the applications (¶ 0085 – IDE). 
Regarding claim 12,

Gladstone further teaches 
wherein the first set of instructions comprises one or more actions to be performed by the first cloud extension agent on the first set of local computing resources and the second set of instructions comprises one or more actions to be performed by the second cloud extension agent on the second set of local computing resources(¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .

Regarding claim 13,

Gladstone further teaches 
wherein the first set of local computing resources corresponds to a first region of the network and wherein the second set of local computing resources corresponds to a second region of the network ( Fig.3 shows each computing resources in each nodes corresponds to different region within the network).  

 
Regarding claim 17,

Gladstone further teaches 
wherein the first set of instructions is different than the second set of instructions (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .


Regarding claim 19,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a configuration change (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not  Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


Regarding claim 20,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a policy change.  (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions ).






Regarding claim 21,

Gladstone teaches a non-transitory computer readable medium, having instructions stored thereon which, when executed by a hardware resource, cause the hardware resource to:
 provide, by a remote network management platform, a first cloud extension agent that facilitates internet-based management of a first set of local computing resources of a network, wherein the first cloud extension agent is to run locally on the network and initiate a first connection to the remote network management platform through a firewall of the network establish the first connection to the first cloud extension agent (Fig.3 shows providing by  event processing system , an first event agent ( 45A) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044-  Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0044;¶  0047 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels); 


provide a second cloud extension agent that facilitates internet-based management of a second set of local computing resources of a network, wherein the second cloud extension agent is to run locally on the network and initiate a second connection to the remote network management platform through the firewall of the network;  establish the second connection to the second cloud extension agent(Fig.3 shows providing by  event processing system , a second event agent ( 50B) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network 


 providing a first set of instructions to the first cloud extension via the first connection and a second set of instructions to the second cloud extension via the second connection (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, Instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).

However, Gladstone does not explicitly teach
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources.  

IDE teaches 
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources (¶0063 - the enquiry packet response receiver 103 receives responses to the enquiry packets from the servers A to E (i.e., enquiry packet responses). The enquiry packet response receiver 103 records the received enquiry packet responses in a monitored application table in the enquiry packet response database 104. The enquiry packet response database 104 also stores snapshots, ¶ 0082 the application analyzer then records a snapshot for the applications running on the server A to E at that time  - Fig.23 shows that the snapshots ¶0121). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of IDE. The motivation for doing so is to allow the system to detect operational irregularities in the applications (¶ 0085 – IDE). 
Regarding claim 22,

Gladstone further teaches 
wherein the first set of instructions comprises one or more actions to be performed by the first cloud extension agent on the first set of local computing resources and the second set of instructions comprises one or more actions to be performed by the second cloud extension agent on the second set of local computing resources(¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .






Regarding claim 23,

Gladstone further teaches 
wherein the first set of local computing resources corresponds to a first region of the network and wherein the second set of local computing resources corresponds to a second region of the network ( Fig.3 shows each computing resources in each nodes corresponds to different region within the network).   

Regarding claim 27,

Gladstone further teaches 
wherein the first set of instructions is different than the second set of instructions (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .


Regarding claim 29,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a configuration change (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to  Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


Regarding claim 30,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a policy change.  (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions ).








Claims 4-5, 14-15, 24-25 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Gladstone in view of IDE further in view of Safruti et al. Publication No. US 2011/0231477 A1 (Safruti hereinafter)

Regarding claim 4,

Gladstone does not explicitly teach
wherein the first region corresponds to a first geographic location and the second region corresponds to a second geographic location 

However, Safruti teaches 

first region corresponds to a first geographic location and the second region corresponds to a second geographic location (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322 – See Also ¶ 0077, ¶ 0106 & 0108) 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise, (¶ 0042 – Safruti). 
Regarding claim 5,

Gladstone does not explicitly teach
wherein providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the network.  

However, Safruti teaches 
providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the network (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322-   ¶ 0108 -For example, number of servers to service a request may be selectively configured for each of the delivery servers. Dynamic load balancing between different servers may be performed based on measurements by monitoring agents, needs of the enterprise, costs of resources, time of day, amount of load on various servers and the like. ). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti). 


Regarding claim 14,

Gladstone does not explicitly teach
wherein the first region corresponds to a first geographic location and the second region corresponds to a second geographic location 

However, Safruti teaches 

first region corresponds to a first geographic location and the second region corresponds to a second geographic location (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322 – See Also ¶ 0077, ¶ 0106 & 0108) 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti).
Regarding claim 15,

Gladstone does not explicitly teach
wherein providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the network.  


providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the network (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322-   ¶ 0108 -For example, number of servers to service a request may be selectively configured for each of the delivery servers. Dynamic load balancing between different servers may be performed based on measurements by monitoring agents, needs of the enterprise, costs of resources, time of day, amount of load on various servers and the like. ). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise, (¶ 0042 – Safruti). 
Regarding claim 24,

Gladstone does not explicitly teach
wherein the first region corresponds to a first geographic location and the second region corresponds to a second geographic location 

However, Safruti teaches 

first region corresponds to a first geographic location and the second region corresponds to a second geographic location (¶ 0064 -The source management input interface 510 is configured to receive input regarding various 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti).  
Regarding claim 25,

Gladstone does not explicitly teach
wherein providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the network.  

However, Safruti teaches 
providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the network (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti). 
Claims 8, 18, 28 are rejected under 35 U.S.C. 103 (a) as being unpatentable over Gladstone in view of  IDE further in view  Kacin et al. Publication No. US 2009/0070442 A1 (Kacin hereinafter)

Regarding claim 8,

Gladstone does not explicitly teach

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade  

Kacin teaches 

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade (Fig.1;¶  0035 -0038 – Ibis plugin management module 410 can send commands to plugin management modules on the various managed endpoints 108, requesting them to install, remove, or upgrade functional plugins. A command to install or upgrade a plugin may be accompanied by information specifying a location from where the installation or upgrade image can be downloaded. [0036] the plugin management module 410 on the appliance 102 can also automatically send commands to the 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Kacin. The motivation for doing so is to allow the system to upgrade the resource (¶ 0035-0036 – Kacin). 

Regarding claim 18,

Gladstone does not explicitly teach

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade  

Kacin teaches 

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade (Fig.1;¶  0035 -0038 – Ibis plugin management module 410 can send commands to plugin management modules on the various managed endpoints 108, requesting them to install, remove, or upgrade functional plugins. A command to install or upgrade a plugin may be accompanied by information specifying a location from where the installation or upgrade image can be downloaded. [0036] the plugin management module 410 on the appliance 102 can also automatically send commands to the plugin management modules on the various managed endpoints 108. For example, the plugin management module 410 can analyze the plug-in data 402 to determine the versions of the functional plugins 104C on the managed endpoints 108. The plugin management module 410 can determine whether the versions are the most recent versions available. If the versions are out of date, the plugin management module 410 can send upgrade commands to the plugin management modules on the managed endpoints 108). 


Regarding claim 28,

Gladstone does not explicitly teach

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade  

Kacin teaches 

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade (Fig.1;¶  0035 -0038 – Ibis plugin management module 410 can send commands to plugin management modules on the various managed endpoints 108, requesting them to install, remove, or upgrade functional plugins. A command to install or upgrade a plugin may be accompanied by information specifying a location from where the installation or upgrade image can be downloaded. [0036] the plugin management module 410 on the appliance 102 can also automatically send commands to the plugin management modules on the various managed endpoints 108. For example, the plugin management module 410 can analyze the plug-in data 402 to determine the versions of the functional plugins 104C on the managed endpoints 108. The plugin management module 410 can determine whether the versions are the most recent versions available. If the versions are out of date, the plugin management module 410 can send upgrade commands to the plugin management modules on the managed endpoints 108). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Kacin. The motivation for doing so is to allow the system to upgrade the resource (¶ 0035-0036 – Kacin). 


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659.  The examiner can normally be reached on Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/YOUNES NAJI/
Primary Examiner, Art Unit 2445