DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/04/2021 was filed after the mailing date of the Non-Final Rejection on 03/19/2021. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for the amendments to independent claims 1, 6, 12, 17 and 19, as well as cancelation of dependent claim 10 in this examiner’s amendment was given via phone, and email by Attorney Mark Kupets (Reg. #: 57670) on 08/30/2021.
The application has been amended as follows:

Listing of Claims:
1. (Currently Amended) A method comprising:
	causing an agent device, other than a first storage node and other than a second storage node, to set up a replication partnership between the first storage node and the second storage node, wherein causing the agent device to set up the replication partnership comprises:
		providing a portal associated with the agent device and accessible through a public network to receive data to request the replication partnership, identify the first storage node, identify a 
		causing the agent device to communicate over the public network with the proxy server to configure the proxy server to establish the secure communication channel for the replication partnership over the public network, wherein the proxy server is associated with the second storage node, the proxy server is separate from the second storage node, and configuring the proxy server comprises: 
causing the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node;
			storing the cryptographic credential in the proxy server; and
			the agent device requesting port translations to be used by the proxy server in the secure communication channel in communicating replication data between the first storage node and the second storage node; and
		communicating replication partnership information to the second storage node.

2. (Original) The method of claim 1, wherein the proxy server and the second storage node comprise part of a private network;
	the private network comprises a plurality of storage nodes, including the second storage node; and
	configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.



4. (Original) The method of claim 1, wherein configuring the proxy server comprises configuring the proxy server to communicate with a tunnel endpoint associated with the first storage node.

5. (Cancelled) 

6. (Currently Amended) The method of claim 1, wherein the criterion comprises a geographic region for a replication partner for the first storage node, the method further comprising:
	selecting the second storage node based on [[the]] an identified geographic region; and
	causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.

7. (Original) The method of claim 6, further comprising:
	further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.

8. (Previously Presented) The method of claim 1, wherein configuring the proxy server further comprises causing the agent device to configure the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.

9. (Previously Presented) The method of claim 1, wherein configuring the proxy server further comprises:
	causing the agent device to communicate a Secure SHell (SSH) key associated with the first storage node to the proxy server.



11. (Previously Presented) The method of claim 1, wherein configuring the proxy server further comprises causing the agent device to communicate data representing an identification of the first storage node.

12. (Currently Amended) An apparatus comprising:
	at least one processor; and
	a memory that stores instructions that, when executed by the at least one processor, cause the at least one processor to set up a replication partnership between a first storage node and a second storage node, wherein the at least one processor is associated with an agent other than the first storage node and other than the second storage node, and setting up the replication partnership comprises the at least one processor executing instructions to:
		provide a portal associated with the agent and accessible through a public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage node, wherein the cryptographic credential corresponds to a secure communication channel and is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server in association with the replication partnership;
communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node;
communicate with the proxy server using the public network to store [[in]] the cryptographic credential in the proxy server, wherein the proxy server is associated with the second storage node and the proxy server is separate from the second storage node; 
		communicate with the proxy server using the public network to establish port translations to be used in the secure communication channel to communicate replication data between the first storage node and the second storage node; and
		communicate replication partnership information with the second storage node using the public network.

13. (Previously Presented) The apparatus of claim 12, wherein the instructions, when executed by the at least one processor, cause the at least one processor to:
	use the portal to receive data representing a credential of the first storage node.

14. (Previously Presented) The apparatus of claim 13, wherein the criterion for selecting the second storage node identifies a geographic region for a replication partner for the first storage node and the instructions, when executed by the at least one processor, cause the at least one processor to: 
	select the second storage node based on the identified geographic region; and
	communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.

15. (Original) The apparatus of claim 12, wherein the instructions, when executed by the at least one processor, cause the at least one processor to configure the proxy server to set up a network tunnel.

16. (Previously Presented) The apparatus of claim 15, wherein the network tunnel comprises a Secure SHell (SSH) tunnel, the cryptographic credential comprises an SSH key, and the proxy server comprises an SSH proxy server.

17. (Currently Amended) A non-transitory storage medium storing instructions that, when executed by a machine, cause the machine to:
	provide, via a public network, access to an agent device, other than a first storage node and other than a second storage node, to set up a replication partnership between the first storage node and the second storage node; 
	provide a portal associated with the agent device and accessible through the public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage node, wherein the cryptographic credential corresponds to a secure communication channel and is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server in association with the replication partnership;
	cause the agent device to communicate over the public network to access the proxy server;
cause the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node.
	cause the agent device to communicate over the public network data representing the cryptographic credential to the proxy server; and
	communicate with the proxy server over the public network to set up port forwarding for [[the]] a secure network tunnel to communicate replication data between the first storage node and the second storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.

18. (Cancelled) 

second storage node.

20. (Previously Presented) The non-transitory storage medium of claim 17, wherein the criterion identifies a geographic region and the instructions, when executed by the machine, further cause the machine to select the second storage node based on the geographic region.

21. (Previously Presented) The non-transitory storage medium of claim 17, wherein the cryptographic credential comprises a Secure SHell (SSH) key, and the proxy server comprises an SSH proxy server.

Allowable Subject Matter
Claims 1-4, 6-9, 11-17 and 19-21 respectively are allowed and renumbered as claims 1-4, 5-8, 9-15 and 16-18 respectively.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior arts of record singly or in combination does not teach the totality of the independent claims when read in light of the specification. In particular, the prior arts of record do not teach a method (of claim 1) comprising: 
causing an agent device, other than a first storage node and other than a second storage node, to set up a replication partnership between the first storage node and the second storage node, wherein causing the agent device to set up the replication partnership comprises:
	providing a portal associated with the agent device and accessible through a public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage 
	causing the agent device to communicate over the public network with the proxy server to configure the proxy server to establish the secure communication channel for the replication partnership over the public network, wherein the proxy server is associated with the second storage node, the proxy server is separate from the second storage node, and configuring the proxy server comprises: 
causing the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node;
		storing the cryptographic credential in the proxy server; and
		the agent device requesting port translations to be used by the proxy server in the secure communication channel in communicating replication data between the first storage node and the second storage node; and
	communicating replication partnership information to the second storage node.

The prior arts of record also do not teach an apparatus (of claim 12) comprising:
at least one processor; and
a memory that stores instructions that, when executed by the at least one processor, cause the at least one processor to set up a replication partnership between a first storage node and a second storage node, wherein the at least one processor is associated with an agent other than the first storage node and other than the second storage node, and setting up the replication partnership comprises the at least one processor executing instructions to:
provide a portal associated with the agent and accessible through a public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the 
communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node;
	communicate with the proxy server using the public network to store the cryptographic credential in the proxy server, wherein the proxy server is associated with the second storage node and the proxy server is separate from the second storage node; 
	communicate with the proxy server using the public network to establish port translations to be used in the secure communication channel to communicate replication data between the first storage node and the second storage node; and
	communicate replication partnership information with the second storage node using the public network.

The prior arts of record also do not teach a non-transitory storage medium (of claim 17) storing instructions that, when executed by a machine, cause the machine to:
provide, via a public network, access to an agent device, other than a first storage node and other than a second storage node, to set up a replication partnership between the first storage node and the second storage node; 
provide a portal associated with the agent device and accessible through the public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage node, wherein the cryptographic credential corresponds to a secure communication channel and is to be 
cause the agent device to communicate over the public network to access the proxy server;
cause the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node.
cause the agent device to communicate over the public network data representing the cryptographic credential to the proxy server; and
communicate with the proxy server over the public network to set up port forwarding for a secure network tunnel to communicate replication data between the first storage node and the second storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANDARVA KHANAL whose telephone number is (571)272-8107.  The examiner can normally be reached on MON-FRI, 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SANDARVA KHANAL/Examiner, Art Unit 2453                                                                                                                                                                                                        
/DHAIRYA A PATEL/Primary Examiner, Art Unit 2453