DETAILED ACTION

The applicant amended claims 1, 6, 11, and 18 in the amendment received on 04-01-2021.

The applicant canceled claims 5 and 17 in the amendment received on 04-01-2021.

The claims 1-4, 6-16, and 18-20 are pending.

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments

Applicant's arguments with respect to claims 1-4, 6-16, and 18-20 have been considered but are moot in view of the new ground(s) of rejection. 

A.  Applicant's argument with respect to claims 1-4, 6-16, and 18-20, are based on newly amended matter and are addressed in the rejection below.  

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Cencini et al. (US 20170264493 A1) in view of Nimmagadda et al. (20180176252 A1).

 With respect to claim 1, Cencini teaches obtaining a segmentation policy by a leader segmentation server, (i.e., section 0036 teaches obtaining a policy by a leader server). Cencini teaches distributing, by the leader segmentation server, the segmentation policy to a first member segmentation server paired with a first plurality of paired workloads, (i.e., section 0038 teaches master server or leader, and  generating, by the first member segmentation server based on the segmentation policy, first management instructions for controlling communications of the first plurality of paired workloads, (i.e., section 0160-0162 teaches having a hierarchy of rackservers including primary and lead controllers; section 0172-0180 teaches distributing or generating instructions for lower level controllers; section 0036 teaches that Policy metadata may be exposed and modified via a graphical user interface, application program interface (API), or command line interface (CLI), and is exposed to the scheduler on a basis that is relative to specific workloads; section 0095 teaches operative to receive instructions and provide responses on the network).  Cencini teaches distributing, by the first member segmentation server, the first management instructions to first operating system instances executing the first plurality of paired workloads to enable the first operating system instances to configure respective local traffic filters to enforce the segmentation policy with respect to traffic to or from the first plurality of paired workloads, (i.e., section 0178 teaches Upon determining that a new command is available, some embodiments may distribute the command to the leader rack controllers; new commands may be fanned out throughout a topology of rack controllers without forming a bottleneck at any one rack controller). Cencini teaches pairing a new workload with the first member segmentation server, (i.e., section 0189 teaches allocating workload with   Cencini teaches sharing with the leader segmentation server and with at least a second member segmentation server, a description of the new workload, (i.e., section 0033 teaches sharing information between management systems).  Cencini teaches generating, by the first member segmentation server, updated first management instructions for controlling communications of the first plurality of paired workloads with the new workload in accordance with the segmentation policy, (i.e., section 0093; 0155 and 0160 teaches updating instructions).  Cencini teaches distributing, by the first member segmentation server, the updated first management instructions to the first operating system instances, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy). Cencini discloses the claimed subject matter as discussed above except the segmentation policy comprising a set of access control rules that control a set of permissible connections between workloads; the first management instructions including at least a first subset of the access control rules of the segmentation policy that are relevant to operation of the first plurality of paired workloads. However, Nimmagadda teaches the segmentation policy comprising a set of access control rules that control a set of permissible connections between workloads, (i.e., section 0006 teaches network access control the first management instructions including at least a first subset of the access control rules of the segmentation policy that are relevant to operation of the first plurality of paired workloads, (i.e., section 0006 teaches network access control rules to segment data and determine which data is need to be enabled between these components to make sure an application actually works as expected) in order to create micro-segmentation policy for a network (abstract).  Therefore, based on Cencini in view of Nimmagadda, it would have been obvious to one having ordinary skill in the art at the time the invention was made to utilize the teaching of Nimmagadda to the system of Cencini in order to create micro-segmentation policy for a network.With respect to claim 2, Cencini teaches distributing, by the leader segmentation server, the segmentation policy to a second member segmentation server paired with a second plurality of paired workloads; generating, by the second member segmentation server based on the segmentation policy, second management instructions for controlling communications of the second plurality of paired workloads,; distributing, by the second member segmentation server, the second management instructions to second operating system instances executing the second plurality of paired workloads to enable the second operating system instances to configure respective local traffic filters to enforce the segmentation policy with respect to traffic to or from the second plurality of paired workloads, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy). Cencini discloses the claimed subject matter as discussed above except the second management instructions including at least a second subset of the access control rules of the segmentation policy that are relevant to operation of the second plurality of paired workloads. However, Nimmagadda teaches the second management instructions including at least a second subset of the access control rules of the segmentation policy that are relevant to operation of the second plurality of paired workloads, (i.e., section 0006 teaches network access control rules to segment data and determine which data is need to be enabled between these components to make sure an application actually works as expected) in order to create micro-segmentation policy for a network (abstract).  Therefore, based on Cencini in view of Nimmagadda, it would have been obvious to one having ordinary skill in the art at the time the invention was made to utilize the teaching of Nimmagadda to the system of Cencini in order to create micro-segmentation policy for a network. wherein the leader segmentation server is paired with a third plurality of paired workloads, the method further comprising: generating, by the leader member segmentation server based on the segmentation policy, third management instructions for controlling communications of the third plurality of paired workloads; and distributing, by the leader member segmentation server, the third management instructions to third operating system instances executing the third plurality of paired workloads to enable the third operating system instances configures respective local traffic filters to enforce the segmentation policy with respect to traffic to and from the third plurality of paired workloads, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy). Cencini discloses the claimed subject matter as discussed above except the third management instructions including at least a third subset of the access control rules of the segmentation policy that are relevant to operation of the third plurality of paired workloads the segmentation policy. However, Nimmagadda teaches the third management instructions including at least a third subset of the access control rules of the segmentation policy that are relevant to operation of the third plurality of paired workloads the segmentation policy, (i.e., section 0006 teaches network access control rules to  pairing a new workload with the leader segmentation server; sharing with the first member segmentation server, a description of the new workload; generating, by the first member segmentation server, updated first management instructions for controlling communications of the first plurality of paired workloads with the new workload in accordance with the segmentation policy; and distributing, by the first member segmentation server, the updated first management instructions to the first operating system instances, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy; sharing metadata; generating and distributing).With respect to claim 6, Cencini teaches generating, by the second member segmentation server, updated second management instructions for controlling communications with the new workload by a second plurality of paired workloads paired with the second member segmentation server in accordance with the segmentation policy; and distributing, by the second member segmentation server, the updated second management instructions to second operating system instances executing the second plurality of paired workloads, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy).With respect to claim 7, Cencini teaches obtaining an update to the segmentation policy by the leader segmentation server; transmitting by the leader segmentation server, the update to the first member segmentation server; generating, by the first member segmentation server, updated first management instructions for controlling communications of the first plurality of paired workloads with the new workload in accordance with the update to the segmentation policy; and distributing, by the first member segmentation server, the updated first management instructions to the first operating system instances, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on  generating by the first member segmentation server, a first local traffic flow graph representing traffic to and from each of the first plurality of workloads; generating by the second member segmentation server, a second local traffic flow graph representing traffic to and from each of a second plurality of workloads; querying from the leader segmentation server, the first local traffic flow graph from the first member segmentation server and the second local traffic flow graph from the second member segmentation server; combining, by the leader segmentations server, the first local traffic flow graph from the first member segmentation server and the second local traffic flow graph from the second member segmentation server to generate a global traffic flow graph, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy see also section 0185).With respect to claim 9, Cencini teaches generating, by the leader segmentation server, an updated segmentation policy based on the global traffic flow graph; transmitting by the leader segmentation server, the updated segmentation policy to the first member segmentation server; generating, by the first member segmentation server, updated first management instructions for controlling communications of the first plurality of paired workloads with the new workload in accordance with the updated segmentation policy; and distributing, by the first member segmentation server the updated first management instructions to the first operating system instances, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy).With respect to claim 10, Cencini teaches detecting, by a load balancer, an outage of the first member segmentation server exceeding a threshold time period; and causing, by the load balancer, the first plurality of paired workloads to be paired with a second member segmentation server in response to the outage, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy).With respect to claim 11, the limitations of claim 11 are rejected in the analysis of claim 1 above, and the claim is rejected on that basis.With respect to claim 12, the limitations of claim 12 are rejected in the  wherein the first member segmentation server is further configured to generate a first local traffic flow graph representing traffic to and from each of the first plurality of workloads; wherein the second member segmentation server is further configured to generate a second local traffic flow graph representing traffic to and from each of a second plurality of workloads, (i.e., section 0155 teaches using and updating hierarchical tree structure network graphs). Cencini teaches wherein the leader segmentation server is further configured to: query the first local traffic flow graph from the first member segmentation server and the second local traffic flow graph from the second member segmentation server; and combine the first local traffic flow graph from the first member segmentation server and the second local traffic flow graph from the second member segmentation server to generate a global traffic flow graph, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy, see section 0155).With respect to claim 14, Cencini teaches wherein the leader segmentation server is further configured to: generate an updated segmentation policy based on the global traffic flow graph; transmit the updated segmentation policy to the first member segmentation server; wherein the member segmentation server is further configured to: generate updated first management instructions for controlling communications of the first plurality of paired workloads with the new workload in accordance with the updated segmentation policy; and distribute the updated first management instructions to the first operating system instances, (i.e., section 0031-0034; section 0036-0038; section 0095; section 0160-0166 and section 0172-0180 these sections teaches multiple member servers and multiple workloads and distributing based on policy, see section 0155).With respect to claim 15, the limitations of claim 15 are rejected in the analysis of claim 3 above, and the claim is rejected on that basis.With respect to claim 16, the limitations of claim 16 are rejected in the analysis of claim 4 above, and the claim is rejected on that basis.With respect to claim 18, the limitations of claim 18 are rejected in the analysis of claim 6 above, and the claim is rejected on that basis.With respect to claim 19, the limitations of claim 19 are rejected in the analysis of claim 7 above, and the claim is rejected on that basis.With respect to claim 20, the limitations of claim 20 are rejected in the analysis of claim 10 above, and the claim is rejected on that basis.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOEL MESA whose telephone number is (571)270-7211.  The examiner can normally be reached on M-F 9AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached on (571) 272-4036.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/J.M/
Joel Mesa
Examiner, Art Unit 2447                                                                                                                                                                                                        
/George C Neurauter, Jr./Primary Examiner, Art Unit 2447