Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to claims filed 03/25/21.
Claims 1, 4, 6-15 and 18-20 are pending.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/26/21 has been entered.

Claim Objections
Claim 19 is objected to because of the following informalities: Line 20 recites “OMS”, this appears to be intended to recite “DMS”. Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets 
Claims 1, 4, 6-15 and 18-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-15 of U.S. Patent No. 10,168,949 B1 as exemplified in the table below. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of ‘949 are narrower in scope and anticipate the instant claims.

Instant Application
10,168,949
1. A method for pulling a snapshot of data for a virtual machine of a tenant executing on a multi-tenant compute infrastructure, the method comprising:

allocating a computing resource of the multi-tenant compute infrastructure associated with the tenant to an envoy, 

the envoy being connected with the virtual machine and providing a data management and storage (DMS) cluster including peer DMS nodes with access to 



generating the snapshot of the virtual machine;

storing the snapshot of the virtual machine in the virtual disk; and
sending, via the envoy, the snapshot to a DMS node of a DMS cluster. the computing resource including a virtual disk,








wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;

wherein the infrastructure network and the virtual tenant network use different network layers and share a physical layer; and

wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and 




further comprising allocating a computing resource of the multi-tenant compute infrastructure to the envoy.

establishing a connection between an envoy of the tenant and a data management and storage (DMS) cluster including peer DMS nodes, the envoy 

generating the snapshot of the virtual machine; and

sending the snapshot from the virtual machine to a peer DMS node via the envoy; wherein: the compute resource includes a virtual disk; the method further includes storing the snapshot of the virtual machine in the virtual disk; and sending the snapshot to the peer DMS node via the envoy includes sending the snapshot from the virtual disk of the envoy to the peer DMS node via the connection.



the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;

the infrastructure network and the virtual tenant network use different network layers and share a physical layer;


the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and




Similar claim mappings of the remaining claims would have been obvious to a person having ordinary skill in the art but have been omitted for the sake of brevity.

Claims 1, 4, 6-15 and 18-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 3-20 of copending Application No. 16/200,505 (reference application) as exemplified in the table below. Although the claims at issue are not identical, they are not patentably distinct from each other because it would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the embodiments of claims 5 and 17 as it would be combining known techniques to yield predictable results. The techniques as in the instant application were known as in the embodiment of claim 5 and claim 17 and the combination would have yielded predictable results, particularly in view of ‘505 specification ¶ [0089] envisioning combinations and variations of the disclosed embodiments, such as claim 5 and claim 17. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Instant Application
16/200,505



allocating a computing resource of the multi-tenant compute infrastructure associated with the tenant to an envoy, 

the envoy being connected with the virtual machine and providing a data management and storage (DMS) cluster including peer DMS nodes with access to the virtual machine,
providing, by the envoy, the DMS cluster access to the virtual machine via a virtual tenant network of a tenant,







wherein the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure, and

wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;

wherein the infrastructure network and the virtual tenant network use different network layers and share a physical layer; and

wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network 

wherein the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer;

generating the snapshot of the virtual machine;


storing the snapshot of the virtual machine in the virtual disk; and

sending, via the envoy, the snapshot to a DMS node of a DMS cluster.


allocating a computing resource of the multi-tenant compute infrastructure associated with the tenant to an envoy,

the envoy being connected with the first virtual machine via a first virtual tenant network of the multi-tenant compute infrastructure, the envoy providing a data management and storage (DMS) cluster including peer DMS nodes with access to the first virtual machine via the first virtual tenant network, establishing a connection with the DMS cluster including peer DMS nodes to provide the DMS cluster access to the first virtual machine via the virtual tenant network;



the envoy being a second virtual machine within the tenant executing on the multi-tenant compute infrastructure;

wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to the infrastructure network connecting physical machines including a physical machine that executes the first virtual machine

wherein the infrastructure network and the first virtual tenant network use different network layers and share a physical layer

wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network 

wherein the first virtual tenant network and the second virtual tenant network use different network layers and share a physical layer

generating, via the envoy, the snapshot of the first virtual machine by the DMS cluster;

storing the snapshot of the first virtual machine in the virtual disk; and

sending the snapshot to a peer DMS node of the DMS cluster from the virtual disk via the connection.


Similar claim mappings of the remaining claims would have been obvious to a person having ordinary skill in the art but have been omitted for the sake of brevity.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 8-10, 12-14 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Piccinini et al. Pub. No. US 2017/0060569 A1 (hereafter Piccinini).

With regard to claim 1, Astete teaches a method for pulling a snapshot of data for a virtual machine of a tenant (the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112]) executing on a multi-tenant compute infrastructure, the method comprising (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources in at least abstract and ¶ [0033] and Fig. 1 and 6):
allocating a computing resource of the multitenant compute infrastructure associated with the tenant (MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants. Various management related tasks performed by MTVMI management application 115 may include, as examples, authenticating users, allocating CPU time and storage space 
to an envoy, (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049] and ¶ [0075]);
the computing resource including a virtual disk (The virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine  in at least ¶ [0046] and the user may have access to a virtual local disk in at least ¶ [0061]),
the envoy being connected with the virtual machine and providing a data management and storage (DMS) cluster including peer DMS nodes with access to the virtual machine (Within MTVMI 100, virtual infrastructure 105 comprises both a physical platform for running virtual machines, virtual storage, and virtual network, and a software platform enabling the creation and management of the virtual machines, virtual storage, and virtual network in at least ¶ [0041] – [0042] and virtual infrastructure 105 comprises a plurality of network nodes 605, a plurality of virtual machine host nodes 610, and a plurality of storage nodes 615, each of which can be implemented using either general purpose commodity server hardware or server hardware more specialized to the roles of network processing, virtual machine execution, and high-volume reliable storage, respectively in at least ¶ [0069] and ¶ [0046]),
wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific objects (e.g., virtual data centers, virtual machines, data files, etc.) within the MTVMI as described earlier in at least ¶ [0146]);
providing, by the envoy, the DMS cluster access to the virtual machine via a virtual tenant network of a tenant (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049]);
wherein infrastructure network and the virtual tenant network use different network layers and share a physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105); and
wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific 
	wherein virtual tenant network and the second virtual tenant network use different network layers and share a physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105);
generating the snapshot of the virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142]);
storing the snapshot of the virtual machine in the library (When a snapshot is generated, complete state for each of the virtual machines is stored in the library. After the snapshot is generated, this item may be selected from the library in order to instantiate any number of new instances of the set of virtual machines that were the subject of the snapshot in at least ¶ [0112]); and
sending, via the envoy, the snapshot to a peer DMS node of a DMS cluster (then a user initiates an operation to instantiate a Snapshot copy of a virtual data center, in some embodiments, the MTVMI management application orchestrates the necessary steps to instantiate the virtual data center. This includes instructing the Network Manager component to assign a dedicated VLAN for each of the Network objects referenced in the virtual data center configuration and create dedicated instances of network services in each of the VLANs with configuration parameters as specified with the attributes of the Network object. This also includes instructing the Storage Manager to make the required disk objects accessible to the virtual machines that will be instantiated in the virtual data center. This also includes instructing the VM Manager to allocate resources for running the virtual machines, configuring the CPU/RAM and network interface attributes of the virtual machines to meet the specifications in the virtual data center configuration object, triggering the execution of the virtual machines from their associated processor, memory, and disk state in at least ¶ [0143]).
Astete does not explicitly recite storing the snapshot in the virtual disk, however, Astete teaches “the virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine, and may also include memory contents of the virtual machine, and/or processor state for the virtual machine, including contents for registers including program counters. In some embodiments, a user may upload a virtual machine image generated outside the MTVMI. This virtual machine image can be stored in the library, and instantiated by the MTVMI in a virtual data center” in at least ¶ [0046] and thus it would have been obvious to person having ordinary skill in the art storing the snapshot of the virtual machine in the virtual disk because the complete state of a virtual machine is stored as an image, including contents of the disk volume and the image may be stored in the library. Therefore, when taking a snapshot of a virtual machine, as in ¶ [0112] and [0142] – [0143] and storing in the library, the snapshot would be a complete state of the virtual and thus would be an image, including contents of the disk volume, and therefore would have been obvious to store the snapshot in the virtual disk.
Astete does not specifically teach that the envoy executes as a virtual machine of the tenant.
However, in analogous art Piccinini teaches wherein the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure (the service agent 335t may start cloning the target individual data of each target tenant into corresponding (auxiliary) individual data of the target tenant in the auxiliary instance in at least ¶ [0037] - [0038] and Fig. 3, service and deployment agents execute within virtual machine of tenant on the multi-tenant compute infrastructure), and
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the envoy executes as a virtual machine of the tenant of Piccinini with the systems and methods of Astete resulting in the envoy of Astete executing in a virtual machine of the tenant as in Piccinini. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of leveraging the rapid provision, configuration and release of hardware 

With regard to claim 8, Astete teaches wherein the DMS cluster includes a distributed data store implemented across the peer DMS nodes, and the method further includes storing the snapshot of an application in the distributed data store (Within virtual infrastructure 105, different functional components can be roughly partitioned into three groups, including network nodes, virtual machine host nodes, and storage nodes. Network nodes include both hardware and software components for implementing virtual network functionality (e.g., network services such as DHCP and DNS, VPN services, file share services, etc.), virtual machine nodes include hardware and software components for creating and hosting virtual machines, and storage nodes include hardware and software components for implementing virtual data storage. In some embodiments, the storage nodes are part of a distributed file system management architecture that supports, among other things, fast snapshot and cloning operations in a scalable way, such as data placement, data migration, and load balancing in at least ¶ [0042]).

With regard to claim 9, Astete teaches wherein the computing resource is allocated to the envoy while the virtual machine is executing on the multi-tenant compute infrastructure (Once resources have been configured for the virtual data center, in step 225, the tenant may continue to perform maintenance and monitoring on its virtual data center while the virtual data center is being used by the tenant's users. The maintenance and monitoring may include upgrading and patching various components, modifying the set of users associated with the tenant, measuring the resource usage by different users, and so on in at least ¶ [0056] and the infrastructure may execute a virtual data centers on physical machines within the infrastructure, while users control the virtual machines through personal computers connected to the infrastructure via the Internet in at least ¶ [0031]).

With regard to claim 10, Astete teaches generating another snapshot of another virtual machine in parallel with generating the snapshot of the virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142], multiple nodes may create snapshot therefore generation of snapshot from another node is acting as another envoy generating snapshot and snapshots may be generated for one or more virtual machines, another virtual machine); and
sending the parallel snapshot to the DMS cluster (When a snapshot is generated, complete state for each of the virtual machines is stored in the library. After 

With regard to claim 12, Astete teaches generating a data fetch job for the virtual machine (in response to a retrieval request for particular data that is stored on each of multiple storage nodes, which node to retrieve the data from in at least ¶ [0080]);
placing the data fetch job in a job queue accessible to the peer DMS nodes to schedule the data fetch job; and retrieving the data fetch job from the job queue (the MTVMI management application will maintain runtime information about the virtual data center, including … queue of pending operations on the virtual data center in at least ¶ [0140]); and
in response to retrieving the data fetch job, generating the snapshot of the virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142]).

With regard to claim 13, Astete teaches wherein the DMS node generates the data fetch job and places the data fetch job in the job queue stored in a distributed database of the DMS cluster (client processes 655 execute storage management intelligence which, among other things, determines how to allocate responsibilities to individual storage nodes. For example, the client processes determine: for particular data that is to be stored, on what storage node(s) to store it; when to move particular data from one storage node to another; when to replicate data on one storage node to another; and, in response to a retrieval request for particular data that is stored on each of multiple storage nodes, which node to retrieve the data from in at least ¶ [0080]).

With regard to claim 14, Astete teaches wherein the envoy retrieves the data fetch job from the job queue (the MTVMI management application will maintain runtime information about the virtual data center, including … queue of pending operations on the virtual data center in at least ¶ [0140]).

With regard to claim 19, a multi-tenant compute infrastructure, comprising (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources in at least abstract and ¶ [0033] and Fig. 1 and 6):
a processor (The MTVMI infrastructure can take advantage of these various embodiments to realize powerful unique capabilities. For example, when the state of all the virtual machines in a virtual data center (e.g., this includes the state of the virtual 
a first virtual machine of a tenant of the multi-tenant compute infrastructure (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources via the Internet in at least abstract and Fig. 1 and 6); and
an envoy allocated from a computing resource of the multi-tenant compute infrastructure (MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants. Various management related tasks performed by MTVMI management application 115 may include, as examples, authenticating users, allocating CPU time and storage space among different tenants, maintaining logical isolation between different tenants, tracking each tenant's usage of MTVMI 100, and many others in at least ¶ [0049]),
the envoy being connected to the first virtual machine via a virtual tenant network (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049] and ¶ [0075]),
the computing resource including a virtual disk (The virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual 
the envoy configured to: providing a data management and storage (DMS) cluster access to the first virtual machine via the virtual tenant network (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049] and Within MTVMI 100, virtual infrastructure 105 comprises both a physical platform for running virtual machines, virtual storage, and virtual network, and a software platform enabling the creation and management of the virtual machines, virtual storage, and virtual network in at least ¶ [0041] – [0042] and virtual infrastructure 105 comprises a plurality of network nodes 605, a plurality of virtual machine host nodes 610, and a plurality of storage nodes 615, each of which can be implemented using either general purpose commodity server hardware or server hardware more specialized to the roles of network processing, virtual machine execution, and high-volume reliable storage, respectively in at least ¶ [0069] and ¶ [0046]);
generate a snapshot of the first virtual machine (in some embodiments these storage nodes may support capabilities to create snapshots, clones, and mirrors for data objects stored on these nodes in at least ¶ [0074] and the virtual lab service enables the user to generate a snapshot of one or more running virtual machines, such as a single virtual machine, all of the virtual machines in a virtual network, or all of the machines in a configuration in at least ¶ [0112] and ¶ [0142]);
store the snapshot of the first virtual machine in the library (When a snapshot is generated, complete state for each of the virtual machines is stored in the library. After the snapshot is generated, this item may be selected from the library in order to instantiate any number of new instances of the set of virtual machines that were the subject of the snapshot in at least ¶ [0112]); and
send, via the envoy, the snapshot to a DMS node of a DMS cluster (then a user initiates an operation to instantiate a Snapshot copy of a virtual data center, in some embodiments, the MTVMI management application orchestrates the necessary steps to instantiate the virtual data center. This includes instructing the Network Manager component to assign a dedicated VLAN for each of the Network objects referenced in the virtual data center configuration and create dedicated instances of network services in each of the VLANs with configuration parameters as specified with the attributes of the Network object. This also includes instructing the Storage Manager to make the required disk objects accessible to the virtual machines that will be instantiated in the virtual data center. This also includes instructing the VM Manager to allocate resources for running the virtual machines, configuring the CPU/RAM and network interface attributes of the virtual machines to meet the specifications in the virtual data center configuration object, triggering the execution of the virtual machines from their associated processor, memory, and disk state in at least ¶ [0143]) wherein:
the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the first virtual machine (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' 
the infrastructure network and the virtual tenant network use different network layers and share a physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105);
the multi-tenant compute infrastructure restricts access by the OMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific objects (e.g., virtual data centers, virtual machines, data files, etc.) within the MTVMI as described earlier in at least ¶ [0146]); and
the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105).
Astete does not explicitly recite storing the snapshot in the virtual disk, however, Astete teaches “the virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine, and may also include memory contents of the virtual machine, and/or processor state for the virtual machine, including contents for registers including program counters. In some embodiments, a user may upload a virtual machine image generated outside the MTVMI. This virtual machine image can be stored in the library, and instantiated by the MTVMI in a virtual data center” in at least ¶ [0046] and thus it would have been obvious to person having ordinary skill in the art prior to the effective filing date of the claimed invention that Astete teaches store the snapshot of the virtual machine in the virtual disk because the complete state of a virtual machine is stored as an image, including contents of the disk volume and the image may be stored in the library. Therefore, when taking a snapshot of a virtual machine, as in ¶ [0112] and [0142] – [0143] and storing in the library, the snapshot would be a complete state of the virtual and thus would be an image, including contents of the disk volume, and therefore would have been obvious to store the snapshot in the virtual disk.
Astete does not specifically teach that the envoy executes as a virtual machine of the tenant.
However, in analogous art Piccinini teaches the envoy being a second virtual machine within the multi-tenant compute infrastructure (the service agent 335t may service and deployment agents execute within virtual machine of tenant on the multi-tenant compute infrastructure).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the envoy executes as a virtual machine of the tenant of Piccinini with the systems and methods of Astete resulting in the envoy of Astete executing in a virtual machine of the tenant as in Piccinini. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of leveraging the rapid provision, configuration and release of hardware and software resources of a cloud computing infrastructure for executing the envoy within a virtual machine of the tenant such that the management of the tenant virtual machines make use of these advantages as well as providing for each tenant to have sole control over the provisioning and management of compute resources as if they were dedicated (see at least Piccinini ¶ [0022] and [0037] – [0038]).

With regard to claim 20, Astete teaches a non-transitory computer-readable medium comprising instructions that when executed by one or more processors configures the one or more processors to (A computer-readable medium storing contents adapted to cause a computing system to perform in at least claim 94 and a computing system having a processor in at least claim 90):
allocate a computing resource of a multi-tenant compute infrastructure (A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to associated with a tenant (MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants. Various management related tasks performed by MTVMI management application 115 may include, as examples, authenticating users, allocating CPU time and storage space among different tenants, maintaining logical isolation between different tenants, tracking each tenant's usage of MTVMI 100, and many others in at least ¶ [0049])
to an envoy, the computing resource including a virtual disk, the envoy being connected with a first virtual machine via a virtual tenant network of the multi-tenant compute infrastructure (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049] and ¶ [0075]),
the envoy providing a data management and storage (DMS) cluster including peer DMS nodes with access to the virtual machine via the virtual tenant network (Within MTVMI 100, virtual infrastructure 105 comprises both a physical platform for running virtual machines, virtual storage, and virtual network, and a software platform enabling the creation and management of the virtual machines, virtual storage, and virtual network in at least ¶ [0041] – [0042] and virtual infrastructure 105 comprises a plurality of network nodes 605, a plurality of virtual machine host nodes 610, and a plurality of storage nodes 615, each of which can be implemented using 
wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the first virtual machine (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific objects (e.g., virtual data centers, virtual machines, data files, etc.) within the MTVMI as described earlier in at least ¶ [0146]);
provide, by the envoy, the (DMS) cluster access to the first virtual machine via a virtual tenant network of a tenant (The virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine  in at least ¶ [0046] and the user may have access to a virtual local disk in at least ¶ [0061]);
wherein the infrastructure network and the virtual tenant network use different network layers and share a physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105); and
wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure (MTVMI management application 115 supports access control mechanisms to enable tenants to restrict their users' access rights to specific objects (e.g., virtual data centers, virtual machines, data files, etc.) within the MTVMI as described earlier in at least ¶ [0146]); and
wherein the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer (the shared computing infrastructure will be referred to as a multi-tenant virtual machine infrastructure (MTVMI). A MTVMI is a VMI adapted for use by multiple tenants, where each "tenant" is an independent entity (e.g., a set of users within a single company or other organization) whose access to and use of the MTVMI is governed by a unique and independent set of rules in at least ¶ [0033], Fig. 6 and ¶ [0041] – [0042], Tenant and MTVMI are different network layers but share physical resources underlying the virtual infrastructure 105);
generate a snapshot of the first virtual machine (MTVMI management application 115 controls and monitors interactions between tenants and MTVMI 100. Additionally, MTVMI management application 115 allocates resources among different tenants and coordinates the use of MTVMI 100 by the different tenants in at least ¶ [0049]); and
send, via the envoy, the snapshot to a DMS node of a DMS cluster (then a user initiates an operation to instantiate a Snapshot copy of a virtual data center, in some embodiments, the MTVMI management application orchestrates the necessary 
Astete does not explicitly recite storing the snapshot in the virtual disk, however, Astete teaches “the virtual data center configuration further contains complete state for each virtual machine to be instantiated. Such state generally includes contents of a disk volume to be accessible by the virtual machine, and may also include memory contents of the virtual machine, and/or processor state for the virtual machine, including contents for registers including program counters. In some embodiments, a user may upload a virtual machine image generated outside the MTVMI. This virtual machine image can be stored in the library, and instantiated by the MTVMI in a virtual data center” in at least ¶ [0046] and thus it would have been obvious to person having ordinary skill in the art prior to the effective filing date of the claimed invention that Astete teaches send the snapshot … from the virtual disk because the complete state of a virtual machine is 
Astete does not specifically teach that the envoy executes as a virtual machine of the tenant.
However, in analogous art Piccinini teaches the envoy being a second virtual machine within the multi-tenant compute infrastructure (the service agent 335t may start cloning the target individual data of each target tenant into corresponding (auxiliary) individual data of the target tenant in the auxiliary instance in at least ¶ [0037] - [0038] and Fig. 3, service and deployment agents execute within virtual machine of tenant on the multi-tenant compute infrastructure).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the envoy executes as a virtual machine of the tenant of Piccinini with the systems and methods of Astete resulting in the envoy of Astete executing in a virtual machine of the tenant as in Piccinini. A person having ordinary skill in the art would have been motivated to make this combination for the purpose of leveraging the rapid provision, configuration and release of hardware and software resources of a cloud computing infrastructure for executing the envoy within a virtual machine of the tenant such that the management of the tenant virtual machines make use of these advantages as well as providing for each tenant to have .

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Piccinini et al. Pub. No. US 2017/0060569 A1 (hereafter Piccinini) as applied to claims 1, 8-10, 12-14 and 19-20 above and in further view of Williams et al. Pub. No. US 2015/0188943 A1 (hereafter Williams).

With regard to claim 4, Astete and Piccinini teach the method of claim 3,
Astete and Piccinini do not specifically teach isolated TCP networks.
However, in analogous art Williams teaches wherein the infrastructure network includes a first transmission control protocol (TCP) network and a virtual tenant network including a second TCP network isolated from the first TCP network (the overlay network provides an encrypted mesh overlay network with independent authentication from appliance to edge, customer-specific and isolated private IP routing, multi-path delivery with data packet replication (using the approach shown in FIG. 3), and, as will be described in the context of FIG. 16, TCP termination of private TCP/IP flows … The overlay, as shown in FIG. 12, preferably is multi-tenant in that multiple customers use the encrypted mesh overlay network at the same time once the network appliances are positioned and configured in at least ¶ [0066]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the isolated TCP networks of .

Claims 6-7 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Piccinini et al. Pub. No. US 2017/0060569 A1 (hereafter Piccinini) as applied to claims 1, 8-10, 12-14 and 19-20 above and in further view of AHMAD et al. Pub. No. US 2011/0302415 A1 (hereafter Ahmad).

With regard to claim 6, Astete and Piccinini teach the method of claim 1,
Astete and Piccinini do not specifically teach sending an SSL certificate.
However, in analogous art Ahmad teaches wherein establishing the connection with the DMS cluster includes sending a secure socket layer (SSL) certificate to the DMS cluster (At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider. This step includes first obtaining the SSL certificate for the key provider and then verifying that the SSL certificate has been signed by a proper certificate authority in at least ¶ [0032]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the sending an SSL certificate of 

With regard to claim 7, Astete and Piccinini teach the method of claim 1, further comprising,
Astete and Piccinini do not specifically teach encrypting the snapshot prior to sending.
However, in analogous art Ahmad teaches prior to sending the snapshot from the virtual machine to the DMS node, encrypting the snapshot (the TVP retrieves a VM configuration file corresponding to the requested virtual machine from storage. The VM configuration file provides encrypted configuration information and includes a plain text portion including the customer ID and the domain name of the customer (or "user") or the customer's trusted third party (hereinafter referred to as "key provider"). At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider in at least ¶ [0032]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the encrypting the snapshot prior to sending of Ahmad with the systems and methods of Astete and Piccinini resulting in a system in which prior to sending the snapshot of Astete, virtual machine 

With regard to claim 11, Astete and Piccinini teach the method of claim 1, further comprising
Astete and Piccinini do not specifically teach sending an SSL certificate.
However, in analogous art Ahmad teaches establishing another connection between the envoy and the virtual machine based on sending a secure socket layer (SSL) certificate to the virtual machine (At step 418, the TVP establishes a secure connection (e.g., SSL-encrypted session) with the key provider. This step includes first obtaining the SSL certificate for the key provider and then verifying that the SSL certificate has been signed by a proper certificate authority in at least ¶ [0032]).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the sending an SSL certificate of Ahmad with the systems and methods of Astete and Piccinini resulting in a system in which during the establishment of a connection of Astete (with the virtual machine), an SSL certificate is sent as in Ahmad. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of improving security through use of encryption and SSL and preventing unauthorized access (see at least Ahmad ¶ [0004] and [0032]).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) in view of Piccinini et al. Pub. No. US 2017/0060569 A1 (hereafter Piccinini) as applied to claims 1, 8-10, 12-14 and 19-20 above and in further view of Chelur et al. Pat. No. US 9,442,937 B2 (hereafter Chelur).

With regard to claim 18, Astete and Piccinini teach the method of claim 1, further comprising
Astete and Piccinini do not specifically teach removing the snapshot.
However, in analogous art Chelur teaches removing the snapshot from the virtual disk subsequent to sending the snapshot to the DMS node (subsequent to the storage system taking a snapshot of the volume, receiving by the hypervisor manager a second request to remove the snapshots of all of the virtual machines associated with the volume in at least claim 1).
It would have been obvious to a person having ordinary skill in the art prior to the effective filing date of the claimed invention to combine the removing a snapshot of Chelur with the systems and methods of Astete and Piccinini resulting in the snapshot taken and sent to DMS of Astete being subsequently removed as in Chelur. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of minimizing the performance impact of virtual machine snapshots on virtual machines and hypervisors (See at least Chelur col. 4 lines 10-34 and claim 1).

Response to Arguments
Applicant's arguments filed 03/25/21 have been fully considered but they are not persuasive. Applicant argues in substance:

Nevertheless, in the light of reduced budgets and in the interest of compact prosecution only, Applicant has amended each of the independent claims to cite the same or similar claim elements that give rise to allowance in the Track One parent application, now U.S. Patent No. 10168949. Applicant has, for now and without prejudice, removed the wording giving rise to the question of an alleged admission. In the parent application, the amendments were kindly made by way of Examiner’s amendment after an apparent agreement to their terms by Applicant’s then representative. Examiner is kindly requested to enter the same or similar amendments now and allow the present, application, accordingly.
Further, Applicant respectfully disagrees with Examiner’s rejection, and in particular denies any admission of prior art (AAPA), as alleged. In light of Applicant’s prior response, Examiner has agreed that Astete and fails to teach or disclose the claimed subject matter. (“Astete does not explicitly recite that the DMS cluster, via the envoy, is without direct access to an independent network” - Office Action, page 13). The Examiner seeks to remedy this acknowledged failing using the alleged AAPA (Office .Action, page 14). The rejection is denied for at least the following reasons: First, Examiner appears to have misquoted what was actually claimed by way of amendment in Applicant’s prior response. The correct wording of the previously amended claims reads without direct access to an infrastructure network of the multi-tenant compute infrastructure. Second, based on the content Examiner has cited from the application specification, Examiner appears to have referenced the wrong paragraph in which the alleged admission is made … Third, Examiner has, respectfully mistakenly, tried to comport the misquoted claim elements, conceded as being missing from Astete, with an alleged “admission” made by Applicant, in paragraph [0003] of the application specification. In this regard, any admission of a disclosure of prior art is strongly denied by Applicant. It is in any event, unclear what admission is alleged to have been made. Examiner is requested to clarify in the event the alleged AAPA is sought to be maintained…
With regard to point (a), Examiner respectfully disagrees with Applicant. Although the prosecution history of related applications may be instructive, it is the prosecution of the instant application at issue. Not only is the instant application not verbatim the same as the parent application, although there is still an obviousness-type double patenting rejection (see above), also, the instant prosecution has presented a rejection of the claims over the prior art. Applicant’s assertion that the instant application is allowable by virtue of the allowance of the parent application is not commensurate with the prosecution history of the instant application and amounts to a mere allegation of patentability. That is, Applicant's 
With regard to point (b), Examiner respectfully disagrees with Applicant. First, the argument is moot as the limitation being argued has been removed from the claim. Second, for the clarity of the record, the citation by Examiner in the previous Office Action does represent Applicant Admitted Prior Art (AAPA). Applicant first asserts that the Office Action misquoted the limitation, this is false, the limitation was cited verbatim. Applicant second asserts that the wrong paragraph was cited by Examiner, again this is false. Examiner cited ¶ [0004] and this is the paragraph that was intended to be cited. Applicant third asserts that this material is not being admitted by Applicant as Prior Art. Examiner notes the paragraph not only comes from the background section of the instant application but explicitly recites that the contents of the citation are “typical”, “While user may desire to have their application and data be machine agnostic, it typically is not easy to port applications and data between different platforms”. That is, the background section is laying out what is typical, or known in the Prior Art. Examiner does not concede that 

Conclusion
Examiner respectfully requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist Examiner in prosecuting the application.

When responding to this Office Action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections.  See 37 CFR 1.111(c).

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY A TEETS whose telephone number is (571)272-3338.  The examiner can normally be reached on Monday - Friday, 6am-2pm.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/BRADLEY A TEETS/Primary Examiner, Art Unit 2195