Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.
DETAILED ACTION
This office action is in response to amendment/reconsideration filed on 4/13/2021 then further amended on 5/7/2021, the amendment/reconsideration has been considered.  Claims 31-36 and 38-46 are pending for examination.  Claims 25-30 are withdrawn from consideration.
Response to Arguments
Applicant's arguments been fully considered but they are not persuasive. The applicant argues the following issues.
(A)	Rejection under 35 U.S.C. 102 and 103
Issue: The applicant argues with respect to independent claims such as claim 31 that the amended limitations overcome current rejection.
Examiner respectfully disagrees.  See Examiner’s response in the corresponding rejection section below.
Election/Restrictions
3.	Newly submitted/amended claims  directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: 
Group I: claims 25-30 are directed to a Species that requires the first virtual network location being configured to access a second subnet in the virtual network and not a third subnet in the virtual network;
Group II: claims 31-36 and 38-46 are directed to another Species that requires the first virtual network location being configured to not to access a second subnet in the virtual network.  
Group I and II are directed to mutually exclusive species.  Examining both species would require using different search terms and would cause serious burden on the Examiner.  Since applicant has 
Claim Rejections - 35 USC § 102
4.	The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.

5.	Claims 25-27, 29-37, and 39-44 are rejected under pre-AIA  35 U.S.C. 102(b) as being anticipated by Richardson et al (US 2008/0240122).
As to claim 31, Richardson discloses a method for allocating virtual machines to a virtual network provided by a computing resources provider, the system comprising:
by a computer system comprising computer hardware:
receive a request for a virtual machine in the virtual network, the request referencing a resource placement template that comprises a routing path associated with a first subnet in the virtual network and placement policies ([0046] “If it is determined in block 410 that the request is to associate the virtual machine with one or more virtual networks, … the routine associates the virtual machine with one or more virtual networks.  Such an association may include, for example, storing a mapping between a particular virtual machine provided or used by a customer with a particular virtual network. Such associations may be established prior to or during the execution of the virtual machine. For example, in one embodiment, a customer may provide a virtual machine image to be executed at some future time, and in such cases, the customer may also request that the virtual machine image be associated with some virtual network used by the customer. In other embodiments, a registered virtual machine image may be automatically assigned to a virtual network, based on various criteria, such as customer identity, an organizational entity (e.g., a branch, department, group, division, etc.), virtual machine function (e.g., Web server, database server, application server, etc.), protocol type (e.g., HTTP, SSL, IP, UDP, etc.), physical and/or virtual identifiers (e.g., virtual machine identifier, IP and/or MAC addresses, etc.), etc. For example, in some embodiments, a given customer or organization can specify a virtual network for use with one group of virtual machines provided by or operated for that customer.”.  See also [0050] “In block 435, the routine initiates configuration of one or more networking devices to use the virtual network. This may include sending management messages to one or more routers and/or switches to inform such devices of the existence of the virtual network, the identity of the virtual machine, and/or any networking identifiers to use. In other embodiments, such information may be automatically propagated throughout the network automatically by operation of virtual machine manager modules, switches, routers, and/or other networking components.” Here, the customer identifier contained in the request is such a reference referencing a resource placement template that specifies a routing path for the virtual network and placement policies.  For example, determining a specific virtual network based on criteria as disclosed are placement policies, and the virtual networking identifier specified by the customer and then populated to switches and routers is equivalent to a routing path for a packet within a subnet in the virtual network, the subnet comprising the network connection to the specified virtual networking identifier.  It is to be noted that the claim language does not require a complete hop by hop and end-to-end routing path between any specific two entities, but merely require a routing path  “associated with a FIRST subset in a VIRTUAL NETWORK.”  See also [0046], “virtual network can be decomposed into further virtual networks based on the communication protocols used by the virtual machines, so that, for example, all HTTP transmissions are transported on a virtual network that is separate from another virtual network used to transport VoIP ("Voice Over IP") transmissions” wherein the further decomposed virtual networks are subnets, and one of them such as HTTP subnet is a first subnet);
select a first virtual network location in the plurality of virtual network locations based on the resource placement template, wherein access constraints of the first virtual network location define as econd subnet in the virtual network that the first virtual network location cannot access (see citation and explanation in preceding limitations, in particular, [0046], “virtual network can be decomposed into further virtual networks based on the communication protocols used by the virtual machines, so that, for example, all HTTP transmissions are transported on a virtual network that is separate from another virtual network used to transport VoIP ("Voice Over IP") transmissions” wherein the further decomposed virtual networks are subnets, and one of them such as HTTP subnet is a first subnet, and the corresponding HTTP subnet virtual locations cannot access the VoIP virtual subnet); and 
allocate the virtual machine to the selected first virtual network location of the virtual network, wherein allocation of the virtual machine to the first virtual network location causes a behavior of the virtual machine to depend on the access constraints of the first virtual network location such that the virtual machine cannot access the second subject (See citation in preceding limitations.  See also [0046], “associate the virtual machine with one or more virtual networks…Such an association may include, for example,… based on various criteria, such as customer identity, an organizational entity..., virtual machine function,.., protocol type…physical an/or virtual identifier (e.g., virtual machine identifier, IP and/or MAC addresses, etc.), …virtual network can be decomposed into further virtual networks based on the communication protocols used by the virtual machines, so that, for example, all HTTP transmissions are transported on a virtual network that is separate from another virtual network used to transport VoIP ("Voice Over IP") transmissions”.  Here, the virtual network’s grouping based on as part of provisioning a virtual machine on a first host physical computing system to execute one or more software programs, the virtual machine communication manager module for the first host computing system may be configured to associate that virtual machine and its communications with the particular virtual network. For example, if the virtual machine is associated with a first virtual network that uses a first networking protocol for the local physical network (e.g., a first VLAN tag specific to the first virtual network), the virtual machine communication manager module may associate that first VLAN tag with communications sent by that virtual machine, and may similarly forward received communications having that first VLAN tag to that virtual machine”  It is to be noted that the virtual machine’s behavior and the corresponding virtual subnets/locations are mutually dependent).
As to claim 32, see citation and explanation in rejection to claim 31.
As to claim 33, see citation and explanation in rejection to claim 31.
As to claim 34, see citation and explanation in rejection to claim 31.
As to claim 41, see similar rejection to claim 31.
As to claim 42, see citation and explanation in rejection to claim 31.
As to claim 43, see citation and explanation in rejection to claim 31.
As to claim 44, see citation and explanation in rejection to claim 31.
As to claim 39, Richardson discloses the method of claim 31, wherein the first virtual network location is a third subset ([0046], “virtual network can be decomposed into further virtual networks based on the communication protocols used by the virtual machines, so that, for example, all HTTP 
As to claim 35, Richardson discloses the method of claim 31, wherein selecting a first virtual network location in the virtual network based on the resource placement template comprises selecting the first virtual network location identified by the resource placement template (see citation in rejection to claim 31 above).
As to claim 36, Richardson discloses the method of claim 31, wherein selecting a first virtual network location in the virtual network based on the resource placement template comprises selecting the first virtual network location using selection criteria specified by the resource placement template (see citation and explanation in rejection to claim 31 above).
As to claim 40, Richardson discloses the method of claim 31, wherein a topology of the virtual network at least partly determines access constraints for the first virtual network location ([0046], “virtual network can be decomposed into further virtual networks based on the communication protocols used by the virtual machines, so that, for example, all HTTP transmissions are transported on a virtual network that is separate from another virtual network used to transport VoIP ("Voice Over IP") transmissions”, wherein the topology of the subnetwork determines access constraint for the first virtual network location being only transporting the corresponding protocol).
As to claim 37, Richardson discloses the method of claim 31, wherein the access constraints of the first virtual network location prevent the virtual computing resource from accessing at least one other virtual network location ([0046], “virtual network can be decomposed into further virtual networks based on the communication protocols used by the virtual machines, so that, for example, all HTTP transmissions are transported on a virtual network that is separate from another virtual network used to transport VoIP ("Voice Over IP") transmissions”).
Claim Rejections - 35 USC § 103
6.	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

7.	Claim 38 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Richardson, as applied to claim 25 above, and further in view of Sinn (US 20080271137 A1). 
As to claim 38, Richardson disclose the claimed invention substantially as discussed in claim 31 above, but does not expressly disclose  wherein a topology of the virtual network includes at least one firewall.  Sinn discloses a concept of a topology of a virtual network includes at least one firewall ([0027)).
At the time of the invention, it would have been obvious for an ordinarily skilled in the art to combine Richardson with Sinn.  The motivation/suggestion of the combination would have been to improve security.
8.	Claims 45-46 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Richardson, as applied to claim 25 above, and further in view of Nguyen (US 2010/0074141). 
As to claim 45, Richardson discloses the system of claim 25, wherein the resource manager is further configured to: generate a network topology of the virtual network using a network layout; and determine the access constraints of the first virtual network location using the generated network topology (see citation in rejection to claim 25, wherein the grouped virtual machines in the subnetwork group constitute the network layout), but does not expressly disclose that the network layout is created 
At the time of the invention, it would have been obvious for an ordinary skilled in the art to combine Richardson with Nguyen.  The suggestion/motivation of the combination would have been to enable a user to confirm network topology (Nguyen, [0120]).
As to claim 46, Richardson-Nguyen discloses the system of claim 45, wherein the network topology comprises at least one of the network layout, traffic rules for the virtual network, or bandwidth for nodes in the virtual network (Richardson, see citation in rejection to claim 25, wherein the grouped virtual machines in the subnetwork group constitute the network layout).
Conclusion
9.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUA FAN whose telephone number is (571)270-5311.  The examiner can normally be reached on 9-6.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571)272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HUA FAN/, J.D., Ph.D.               Primary Examiner, Art Unit 2449