Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
2.	This action is in response to the application filed November 6, 2020.

3.	Claims 1-20 have been examined and are pending with this action.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

4.	Claim(s) 6, 7, 10-14, 16, 17, and 20 is/are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Thakkar et al. (US 2018/0139174).
INDEPENDENT:
As per claim 6, Thakkar teaches a method, comprising: 
obtaining, at a first network manager of an extension resource group of a provider network, a message comprising a command to launch a compute instance at a first host of the extension resource group (see Thakkar, [0021]: “Virtualization manager 130 is configured to carry out administrative tasks for computing system 102, including managing hosts 104, managing VMs 120 running within each host 104, provisioning VMs, migrating VMs from one host to another host, and load balancing between hosts 104”; and [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests”), wherein the first host is located at a first premise external to the provider network (see Thakkar, [0018]: “As used herein, an internal cloud or "private" cloud is a cloud in which a tenant and a cloud service provider are part of the same organization, while an external or "public" cloud is a cloud that is provided by an organization that is separate from a tenant that accesses the external cloud. For example, the tenant may be part of an enterprise, and the external cloud may be part of a cloud service provider that is separate from the enterprise of the tenant and that provides cloud services to different enterprises and/or individuals”; and [0040]: “As part of stretching L2 private networks 122, hybridity director 174 ensures that VMs 120 on the same L2 private network 122 are able to interact consistently, irrespective of whether the VM 120 is running on hosts 104 included in virtualized computer system 102 or hosts 162 included in cloud computing system 150”), wherein the message is obtained by the first network manager at an address within a first address range of a first network configured at the first premise (see Thakkar, [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512”; [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions”; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]); and 
transmitting the command from the first network manager to the first host to cause the first host to instantiate a compute instance (see Thakkar, [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests”), wherein, within a second network configured at the first premise, the first host is assigned an address within a second address range (see Thakkar, [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512”; and [0067]), wherein one or more addresses of the second address range are assigned to respective hosts within the provider network by a control plane of the provider network (see Thakkar, [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions”; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]).

As per claim 16, Thakkar teaches a system, comprising: 
one or more computing devices of an extension resource group of a provider network, wherein at least a first host of the extension resource group is located at a first premise external to the provider network; 
wherein the one or more computing devices include instructions that upon execution on a processor cause the one or more computing devices to: 
obtain, at a first network manager of the extension resource group, a message comprising a command to launch a compute instance, wherein the message is obtained by the first network manager at an address within a first address range of a first network configured at the first premise; and 
transmit the command from the first network manager to the first host, wherein processing of the command results in an instantiation of a compute instance at the first host, and wherein, within a second network configured at the first premise, the first host is assigned an address within a second address range, wherein one or more addresses of the second address range are assigned to respective hosts within the provider network by a control plane of the provider network (see Claim 6 rejection above).

DEPENDENT:
As per claims 7 and 17, which respectively depend on claims 6 and 16, Thakkar teaches further comprising: verifying, using a security module of the first host, prior to instantiating the compute instance, that the first host meets an acceptance criterion (see Thakkar, [0021]: “Virtualization manager 130 is configured to carry out administrative tasks for computing system 102, including managing hosts 104, managing VMs 120 running within each host 104, provisioning VMs, migrating VMs from one host to another host, and load balancing between hosts 104”; and [0026]: “In one embodiment, virtualization environment 156 includes an orchestration component 158 (e.g., implemented as a process running in a VM) that provides infrastructure resources to cloud computing environment 170 responsive to provisioning requests. For example, if enterprise required a specified number of virtual machines to deploy a web applications or to modify (e.g., scale) a currently running web application to support peak demands, orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests”).
As per claim 10, which depends on claim 6, Thakkar teaches further comprising: obtaining an indication of one or more entities authorized to request launches of compute instances within the extension resource group; and verifying, prior to instantiating the compute instance, that the compute instance was requested by an entity of the one or more entities (see Thakkar, [0024]: “In one or more embodiments, cloud computing system 150 is configured to dynamically provide an enterprise (or users of an enterprise) with one or more virtual data centers 180 in which a user may provision VMs 120, deploy multi-tier applications on VMs 120, and/or execute workloads”).
As per claim 11, which depends on claim 6, Thakkar further teaches wherein at least a portion of the first network manager is implemented at a card attached to a host of the extension resource group via a peripheral interface (see Thakkar, Fig.1).
As per claim 12, which depends on claim 6, Thakkar further teaches wherein the first host is incorporated within a first rack of the extension resource group, and wherein at least a portion of the first network manager is implemented at one or more devices which are not incorporated within the first rack (see Thakkar, Fig.1).
As per claim 13, which depends on claim 6, Thakkar teaches further comprising: instantiating, in response to one or more trigger signals, the first network manager (see Thakkar, [0021]: “In one embodiment, virtualization manager 130 is a computer program that resides and executes in a central server, which may reside in virtualized computing system 102, or alternatively, running as a VM in one of hosts 104”); and initiating, by the first network manager, configuration of a secure network channel for communicating with at least a portion of the provider network (see Thakkar, [0004]: “In such a model, the public cloud service strives to integrate each independent tenant (spoke) seamlessly into the public cloud environment (hub), while maintaining "secure separation" between tenants. More specifically for each tenant, the pubic cloud environment provides access to tenant-assigned resources (e.g., virtual machines (VMs), network bandwidth, and storage) and prevents access to resources assigned to other tenants. In an attempt to provide comprehensive secure separation”).
As per claim 14, which depends on claim 6, Thakkar further teaches wherein the one or more trigger signals include one or more of (a) a power-on signal at a particular device of the extension resource group or (b) an indication that a particular device of the extension resource group has access to the Internet (see Thakkar, [0023]: “Gateway 124 (e.g., executing as a virtual appliance) is configured to provide VMs 120 and other components in virtualized computing system 102 with connectivity to an external network 140 (e.g., Internet)”).
As per claim 20, which depends on claim 16, Thakkar further teaches wherein the message is obtained at the first network manager via one or more of: (a) a dedicated physical link connecting the first premise to the provider network or (b) a virtual private network (VPN) tunnel (see Thakkar, [0023]: “Gateway 124 may manage external public IP addresses for VMs 120 and route traffic incoming to and outgoing from virtualized computing system 102 and provide networking services, such as firewalls, network address translation (NAT), dynamic host configuration protocol (DHCP), load balancing, and virtual private network (VPN) connectivity over a network 140”; and [0029]: “cloud gateway 184 may be configured to connect to communicate with virtualized computing system 102 using a high-throughput, dedicated link (depicted as a direct connect 142) between virtualized computing system 102 and cloud computing system 150”).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar et al. (US 2018/0139174) in view of Davis et al. (US 2018/0196947).
As per claims 8 and 18, which respectively depend on claims 6 and 16, Thakkar further teaches wherein the first host comprises a first storage device (see Thakkar, Fig.1).
Thakkar does not explicitly teach storing an encrypted version of state information of the compute instance at a first storage device, wherein decryption of the encrypted version requires the first storage device to be physically attached to the first host.
Davis teaches storing an encrypted version of state information of the compute instance at a first storage device, wherein decryption of the encrypted version requires the first storage device to be physically attached to the first host (see Davis, Abstract: “A storage controller coupled to a storage array comprising one or more storage devices receives a request to write encrypted data to a volume resident on a storage array, where the encrypted data comprises data encrypted by a first encryption key that is associated with at least one property of the data”; and [0038]: “In another embodiment, decryption manager 244 may determine the decryption key by detecting a physical device attached to an input port associated with the storage array and receiving the decryption key from the physical device”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Thakkar in view of Davis by implementing storing an encrypted version of state information of the compute instance at a first storage device, wherein decryption of the encrypted version requires the first storage device to be physically attached to the first host.  One would be motivated to do so because Thakkar teaches in paragraph [0004]: “a public cloud service may model support for multiple tenants with private data centers as a hub-and-spoke. In such a model, the public cloud service strives to integrate each independent tenant (spoke) seamlessly into the public cloud environment (hub), while maintaining "secure separation" between tenants”.

6.	Claims 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar et al. (US 2018/0139174) in view of Challener et al. (US 2010/0205375).
As per claims 9 and 19, which respectively depend on claims 6 and 16 Thakkar, does not explicitly teach wherein the extension resource group comprises a compute instance image cache, wherein instantiating the compute instance comprises: utilizing a particular compute instance image obtained from the cache.
Challener teaches wherein the extension resource group comprises a compute instance image cache, wherein instantiating the compute instance comprises: utilizing a particular compute instance image obtained from the cache (see Challener, Abstract: “The storage module caches an image instance of the software image at the first intermediate network point”; and [0045]: “”In addition, the diskless data processing device 115 may frequently use the fourth software image 215d. The fourth software image 215d may be an application program. The present invention may also cache the fourth software image 215d to the intermediate network point memory space 205 as the fourth image instance 210d, making the application program available to the diskless data processing devices 115 from the intermediate network point 105).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Thakkar in view of Challener so that the extension resource group comprises a compute instance image cache, wherein instantiating the compute instance comprises: utilizing a particular compute instance image obtained from the cache.  One would be motivated to do so because Challener teaches in paragraph [0046]: “By forward caching image instances 210 to the intermediate network point memory space 205, the present invention reduces the latency for accessing the software images 215”.

7.	Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar et al. (US 2018/0139174) in view of Zhang et al. (US 2004/0177132).
As per claim 15, which depends on claim 6, Thakkar does not explicitly teach further comprising: initiating, by the first network manager, a bootstrap operation at the first host.
Zhang teaches initiating, by the first network manager, a bootstrap operation at the first host (see Zhang, [0043]: “When the serviced host initiates bootstrap operations via a Basic Input/Output System (BIOS), the host interface 602 operates in a BIOS host interface mode 610 to allow input from the wireless user input device(s) to the BIOS during the bootstrap operations”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Thakkar in view of Zhang so that the extension resource group comprises a compute instance image cache, wherein instantiating the compute instance comprises: utilizing a particular compute instance image obtained from the cache.  One would be motivated to do so because Thakkar teaches provisioning resources (see Thakkar, [0027]: “cloud computing system 150 may include a cloud director 152 (e.g., run in one or more virtual machines) that manages allocation of virtual computing resources to an enterprise for deploying applications”).


Allowable Subject Matter
8.	Claims 1-5 are allowable over prior art of record.

9.	The following is an examiner’s statement of reasons for allowance: 
The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitation of “one or more computing devices of an extension resource group of a virtualized computing service of a provider network, wherein the extension resource group includes at least a first virtualization host comprising a tamper- resistant storage device and a trusted platform module, wherein the first virtualization host is located at a first premise external to the provider network, wherein a first network configured at the first premise comprises a first range of network addresses, and wherein virtualization hosts of the virtualized computing service located at one or more data centers of the provider network are assigned respective network addresses from a second range of network addresses; obtain, via a secure network channel, a message comprising a virtual machine launch command, transmitted from a first outbound command communicator associated with the extension resource group, wherein the virtual machine launch command is generated in response to a request submitted via a public application programming interface of the virtualized computing service, and wherein a destination address of the message, assigned to the first network manager, is within the first range of network addresses; and transmit the virtual machine launch command from the first network manager to a first virtualization host of the extension resource group, wherein processing of the virtual machine launch command at the first virtualization host results in an instantiation of a virtual machine at the first virtualization host, and wherein, within a private 
Claims 2-5 are allowable because they depend on allowable claim 1.


Conclusion
10.	For the reasons above, claims 1-5 are allowable and claims 6-20 have been rejected and remain pending.

11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y WON whose telephone number is (571)272-3993.  The examiner can normally be reached on Wk.1: M-F: 8-5 PST & Wk.2: M-Th: 8-7 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Please note, the examiner generally will not hold interviews after a Final Office Action has been issued.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 


MICHAEL WON
Primary Examiner
Art Unit 2449



/Michael Won/
Primary Examiner, Art Unit 2449
September 13, 2021