DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Supplemental Action
Response to Amendment
This communication is in response to the amendment filed on 07/19/2021.
Claims 1-20 are pending.
Claims 1, 8 and 15 are further amended.
Response to Arguments
Regarding 35 USC 103
Applicant’s ArgumentsApplicant’s arguments regarding 35 USC 103, Claims 1, 8 and 15, filed on 07/19/2021. Applicant argues that the prior art of record (Brandwine US20150172104) fails to teach or suggest the following claim limitations, “receiving one or more packets, at a first virtual device in a monitoring appliance, from a corresponding first network device in a tenant network” , “the first network device being upstream from the first virtual device” and “simulating failure of the first network device by blocking traffic from the first network device to the first virtual device using the firewall at the first virtual device”
Examiner’s ResponseWith regards to applicant’s arguments of 35 USC 103, Claims 1, 8 and 15, filed on 07/19/2021. With regards to claim limitation, “receiving one or more packets, at a first virtual device in a monitoring appliance, from a corresponding first network device in a tenant network”, (0010/0085) a network with multiple users/devices which, devices include a virtual machine hypervisor monitor with a first and second virtual node/machine, wherein the hypervisor performs monitoring within the infrastructure. Brandwine further discloses (0047) virtual devices/machines receiving communication in the form of packets. Therefore the Examiner believes that Brandwine does teach or suggest a monitoring device within a software defined network with multiple users wherein the virtual machine is associated with a monitoring unit that receives signals in the form of packets.
With regards to claim limitation, simulating failure of the first network device by blocking traffic from the first network device to the first virtual device using the firewall at the first virtual device” Brandwine discloses implement/configuring a firewall on a computer node wherein the compute node has virtual functionality.  Brandwine discloses (0033) the node which the firewall is deployed being capable of emulating network failure events. Brandwine discloses (0093) the firewall managing and blocking communications in response to simulated failure events. Therefore the Examiner believes that Brandwine does teach or suggest a network device being configured as a virtual machine with firewall is capable of emulating network failures and manages network flows by determining to block or allow network traffic to other network nodes.
With regards to claim limitation, “the first network device being upstream from the first virtual device” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-3, 5-6, 8-10, 12-13, 15-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine (US20150172104) in view of Ghanwani (US20150188808) and in further view of Bhalla (US20150135012).
As to claim 1, Brandwine teaches a computer-implemented method for simulating network failure events at a monitoring appliance, ( ¶0018 computing node  perform monitoring activities; test communication (packets) specified failure behavior; ¶0033 emulate desired functionality, including functionality corresponding to specified failure) comprising: receiving one or more packets, at a first virtual device in a monitoring appliance, from a corresponding first network device in a tenant network; (¶0010 computing node may be one of multiple virtual machines;  ¶0017 first node; ¶0036 communications of data (e.g. packets); ¶0043 virtual machine part of virtual machine, hypervisor monitor; ¶0047 virtual machine, node receives communication (packet)); instantiating a firewall at the first virtual device, (¶0010 computing node may be one of multiple virtual machines; ¶0017  first node; ¶0043 implemented computing device, firewall) wherein the firewall is configured to selectively block traffic routed from the first network device to the first virtual device in the monitoring appliance; (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0093 node performs firewall-related activities for the communication; block the communication) simulating failure of the first network device by blocking traffic from the first network device to the first virtual device using the firewall at the first virtual device; (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0093 node performs firewall-related activities for the communication; block the communication) and based on the simulated failure of the first network device, (¶0013 based on a type of functionality, failure for the  computing node;  ¶0017 first node).
Although Brandwine teaches the method recited above, wherein Brandwine fails to expressly teach the first network device being upstream from the first virtual device.
Ghanwani, however discloses, the first network device being upstream from the first virtual device (¶0072 virtual, upstream devices; ¶0367 leaf, spine node (virtual node) in upstream direction).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for upstream network devices. One of ordinary skill in the art would be motivated to allow for provides fast convergence if either a link or a device fails. (See Ghanwani para 0072)
Although the combination of Brandwine and Ghanwani teach the method recited above, wherein the combination of Brandwine and Ghanwani fail to expressly teach analyzing the tenant network to determine a predicted impact a failure of the first network device would have on the tenant network.
Bhalla, however discloses, analyzing the tenant network to determine a predicted impact a failure of the first network device would have on the tenant network. (¶0015 predictor relating to or impacting the fail condition; ¶0021 analysis server monitoring network; ¶0026 multi-tenant network; ¶0031 predict the fail condition for the network nodes). 
Thus given the teachings of Bhalla it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Bhalla, Brandwine and Ghanwani for analyzing network to determine the impact on the network. One of ordinary skill in the art would be motivated to allow for fail condition for the network nodes to be derived from the extracted performance metrics. (Bhalla abstract lines 3-4)
As to claim 2, the combination of Brandwine, Ghanwani and Bhalla teach the method of claim 1, wherein Brandwine further teaches the computer-implemented method of claim 1, further comprising: receiving one or more packets, at a second virtual device in the monitoring appliance, from a corresponding second network device in the tenant network; (¶0010 computing node may be one of multiple virtual machines; ¶0017 second node; ¶0036 communications of data (e.g. packets); ¶0043 virtual machine part of virtual machine, hypervisor monitor; ¶0047 virtual machine, node receives communication (packet)); instantiating a firewall at the first virtual device, (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0043 implemented computing device, firewall) wherein the firewall is configured to selectively block traffic routed from the second network device to the second virtual device in the monitoring appliance; (¶0017  second node; ¶0093 node performs firewall-related activities for the communication; block the communication) simulating failure of the second network device by blocking traffic from the second network device to the second virtual device using the firewall at the second device; (¶0017 second node; ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0093 node performs firewall-related activities for the communication; block the communication) and based on the simulated failure of the second (¶0013 based on a type of functionality, failure for the  computing node ¶0017 second node, failure;  ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0112 failure computing node; second computing node).
Although Brandwine teaches the method recited above, wherein Brandwine fails to expressly teach analyzing the tenant network to determine a predicted impact a failure of the second network device would have on the tenant network.
Bhalla, however discloses, analyzing the tenant network to determine a predicted impact a failure of the second network device would have on the tenant network. (¶0015 predictor relating to or impacting the fail condition; ¶0021 analysis server monitoring network; ¶0026 multi-tenant network; ¶0031 predict the fail condition for the network nodes). 
Thus given the teachings of Bhalla it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Bhalla, Brandwine and Ghanwani for analyzing network to determine the impact on the network. One of ordinary skill in the art would be motivated to allow for using a training set extracted from the performance metrics. (See Bhalla abstract line 5)
As to claim 3, the combination of Brandwine, Ghanwani and Bhalla teach the method of claim 1, wherein Brandwine further teaches the computer-implemented method of claim 1, wherein the first virtual device in the monitoring appliance is a virtual machine (VM). (¶0010 computing node may be one of multiple virtual machine; ¶0043 virtual machine computing nodes include virtual machine hypervisor monitor).
As to claim 5, the combination of Brandwine, Ghanwani and Bhalla teach the method of claim 1, wherein Ghanwani further teaches the computer-implemented method of claim 1, (¶0351 spine nodes; ¶0352 a software defined network; ¶0379 multiple nodes (users/tenants).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for device comprise as spine node/switch. One of ordinary skill in the art would be motivated to allow for multi-path routing. (See Ghanwani para 0071)
As to claim 6, the combination of Brandwine, Ghanwani and Bhalla teach the method of claim 1, wherein Ghanwani further teaches the computer-implemented method of claim 1, wherein the first network device in the tenant network is a leaf switch. (¶0350 leaf nodes; ¶0352 a software defined network; ¶0379 multiple nodes (users/tenants)).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for device comprised as leaf node. One of ordinary skill in the art would be motivated to allow for multi-path access. (See Ghanwani para 0071)
As to claim 8, Brandwine teaches a system for analyzing a network fabric the system comprising: one or more processors; a network interface coupled to the processors; and a non-transitory computer-readable medium coupled to the processors, the computer-readable medium comprising instructions stored therein, which when executed by the processors, (¶0018 monitoring activities computer networks, computing nodes; ¶0045 nodes interconnected; ¶0111 network interfaces;  ¶0127 software instructions or structured data on a non-transitory computer-readable storage medium; controllers executing appropriate instructions) cause the processors to perform operations comprising: connecting each of a plurality of virtual devices in a monitoring appliance to a respective network device in a tenant (¶0010 computing node may be one of multiple virtual machines; ¶0023  multiple computing nodes; ¶0045 nodes interconnected) receiving one or more packets, at a first virtual device in the monitoring appliance, from a corresponding first network device in the tenant network; (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0036 communications of data (e.g. packets); ¶0043 virtual machine part of virtual machine, hypervisor monitor; ¶0047 virtual machine, node receives communication (packet));  instantiating a firewall at the first virtual device, (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0043 implemented computing device, firewall) wherein the firewall is configured to selectively block traffic routed from the first network device to the first virtual device in the monitoring appliance; (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0093 node performs firewall-related activities for the communication; block the communication) simulating failure of the first network device by blocking traffic from the first network device to the first virtual device using the firewall at the first virtual device; (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0093 node performs firewall-related activities for the communication; block the communication) and based on the simulated failure of the first network device, (¶0013 based on a type of functionality, failure for the  computing node; ¶0017 first node).
Although Brandwine teaches the method recited above, wherein Brandwine fails to expressly teach the first network device being upstream from the first virtual device.
Ghanwani, however discloses, the first network device being upstream from the first virtual device; (¶0072 virtual, upstream devices; ¶0367 leaf, spine node (virtual node) in upstream direction).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for upstream network devices. One of ordinary skill in the art would be motivated to allow for information to be processed quickly and efficiently. (See Ghanwani para 0009)
Although the combination of Brandwine and Ghanwani teach the method recited above, wherein the combination of Brandwine and Ghanwani fail to expressly teach analyzing the tenant network to determine a predicted impact a failure of the first network device would have on the tenant network.
Bhalla, however discloses, analyzing the tenant network to determine a predicted impact a failure of the first network device would have on the tenant network. (¶0015 predictor relating to or impacting the fail condition; ¶0021 analysis server monitoring network; ¶0026 multi-tenant network; ¶0031 predict the fail condition for the network nodes).
Thus given the teachings of Bhalla it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Bhalla, Brandwine and Ghanwani for analyzing network to determine the impact on the network. One of ordinary skill in the art would be motivated to allow for an algorithm to select a list of input variables for use in training the predictive models. (See Bhalla para 0043)
As to claim 9, the combination of Brandwine, Ghanwani and Bhalla teach the system of claim 8, wherein Brandwine further teaches the system of claim 8, wherein the processors are (¶0010 computing node may be one of multiple virtual machines; ¶0017  second node; ¶0036 communications of data (e.g. packets); ¶0043 virtual machine part of virtual machine, hypervisor monitor; ¶0047 virtual machine, node receives communication (packet)) instantiating a firewall at the first virtual device, (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0043 implemented computing device, firewall) wherein the firewall is configured to selectively block traffic routed from the second network device to the second virtual device in the monitoring appliance; (¶0017 second node; ¶0093 node performs firewall-related activities for the communication; block the communication) simulating failure of the second network device by blocking traffic from the second network device to the second virtual device using the firewall at the second device; (¶0013 based on a type of functionality, failure for the  computing node; ¶0017 second node, failure;  ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0112 failure computing node; second computing node) and based on the simulated failure of the second network device, (¶0013 based on a type of functionality, failure for the  computing node; ¶0017 second node, failure;  ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0112 failure computing node; second computing node).
Although Brandwine teaches the method recited above, wherein Brandwine fails to expressly teach 
Bhalla, however discloses, analyzing the tenant network to determine a predicted impact a failure of the second network device would have on the tenant network. (¶0015 predictor relating to or impacting the fail condition; ¶0021 analysis server monitoring network; ¶0026 multi-tenant network; ¶0031 predict the fail condition for the network nodes). 
Thus given the teachings of Bhalla it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Bhalla, Brandwine and Ghanwani for analyzing network to determine the impact on the network. One of ordinary skill in the art would be motivated to allow for performance metrics to be partitioned using sampling algorithm. (See Bhalla para 0044)
As to claim 10, the combination of Brandwine, Ghanwani and Bhalla teach the system of claim 8, wherein Brandwine further teaches the system of claim 8, wherein the first virtual device in the monitoring appliance is a virtual machine (VM). (¶0010 computing node may be one of multiple virtual machine); ¶0043 virtual machine computing nodes include virtual machine hypervisor monitor).
As to claim 12, the combination of Brandwine, Ghanwani and Bhalla teach the system of claim 8, wherein Ghanwani further teaches the system of claim 8, wherein the first network device in the tenant network is a spine switch. (¶0350 spine nodes; ¶0352 a software defined network; ¶0379 multiple nodes (users/tenants)).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for network device configured as a spine node One of ordinary skill in the art would be motivated to allow for increasing network capacity. (See  Ghanwani para 0013)
As to claim 13, the combination of Brandwine, Ghanwani and Bhalla teach the system of claim 8, wherein Ghanwani further teaches the system of claim 8, wherein the first network device in the tenant network is a leaf switch. (¶0350 leaf nodes; ¶0352 a software defined network; ¶0379 multiple nodes (users/tenants)).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for network device configured as a leaf node. One of ordinary skill in the art would be motivated to allow for comparing the incoming port and outgoing port information. (See Ghanwani para 0363)
As to claim 15, Brandwine teaches a non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the processors to perform operations (¶0127 software instructions or structured data on a non-transitory computer-readable storage medium; controllers executing appropriate instructions) comprising: connecting each of a plurality of virtual devices in a monitoring appliance to a respective network device in a tenant network; (¶0010 computing node may be one of multiple virtual machines; ¶0018 computing node perform related monitoring activities; monitor computing nodes; ¶0036 computer networks, multiple customers; ¶0043 virtual machine part of virtual machine, hypervisor monitor) receiving one or more packets, at a first virtual device in the monitoring appliance, from a corresponding first network device in the tenant network; (¶0017 first node; ¶0036 communications of data (e.g. packets); ¶0047 virtual machine, node receives communication (packet))  instantiating a firewall at the first virtual device, (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0043 implemented computing device, firewall) wherein the firewall is configured to  (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0093 node performs firewall-related activities for the communication; block the communication) simulating failure of the first network device by blocking traffic from the first network device to the first virtual device using the firewall at the first virtual device; (¶0010 computing node may be one of multiple virtual machines; ¶0017 first node; ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0093 node performs firewall-related activities for the communication; block the communication) and  based on the simulated failure of the first network device, (¶0013 based on a type of functionality, failure for the  computing node; ¶0017 first node).
Although Brandwine teaches the method recited above, wherein Brandwine fails to expressly teach the first network device being upstream from the first virtual device.
Ghanwani, however discloses, the first network device being upstream from the first virtual device; (¶0072 virtual, upstream devices; ¶0367 leaf, spine node (virtual node) in upstream direction).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for upstream network devices. One of ordinary skill in the art would be motivated to allow for improves network reliability. (See Ghanwani para 0010)
Although the combination of Brandwine and Ghanwani teach the method recited above, wherein the combination of Brandwine and Ghanwani fail to expressly teach 
Bhalla, however discloses, analyzing the tenant network to determine a predicted impact a failure of the first network device would have on the tenant network. (¶0015 predictor relating to or impacting the fail condition; ¶0021 analysis server monitoring network; ¶0026 multi-tenant network; ¶0031 predict the fail condition for the network nodes).
Thus given the teachings of Bhalla it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Bhalla, Brandwine and Ghanwani for analyzing network to determine the impact on the network. One of ordinary skill in the art would be motivated to allow for train a decision tree to predict the fail condition. (See Bhalla para 0046)
As to claim 16, the combination of Brandwine, Ghanwani and Bhalla teach the medium of claim 15, wherein Brandwine further teaches the non-transitory computer-readable storage medium of claim 15, wherein the processors are further configured to perform operations (¶0127 software instructions or structured data on a non-transitory computer-readable storage medium; controllers executing appropriate) comprising: receiving one or more packets, at a second virtual device in the monitoring appliance, from a corresponding second network device in the tenant network; (¶0010 computing node may be one of multiple virtual machines; ¶0017 second node; ¶0036 communications of data (e.g. packets); ¶0043 virtual machine part of virtual machine, hypervisor monitor; ¶0047 virtual machine, node receives communication (packet));  instantiating a firewall at the first virtual device, (¶0010 computing node may be one of multiple virtual machines; ¶0017 second node; ¶0043 implemented computing device, firewall) wherein the firewall is configured to selectively block traffic routed from the second network device to the second virtual device in the monitoring appliance; (¶0010 computing node may be one of multiple virtual machines; ¶0017 second node; ¶0093 node performs firewall-related activities for the communication; block the communication) simulating failure of the second network device by blocking traffic from the second network device to the second virtual device using the firewall at the second device; (¶0017 second node; ¶0033 emulate desired functionality, including functionality corresponding to specified failure; ¶0093 node performs firewall-related activities for the communication; block the communication) and based on the simulated failure of the second network device, (¶0013 based on a type of functionality, failure for the  computing node ¶0017 second node).
Although Brandwine teaches the medium recited above, wherein Brandwine fails to expressly teach analyzing the tenant network to determine a predicted impact a failure of the second network device would have on the tenant network.
Bhalla, however discloses, analyzing the tenant network to determine a predicted impact a failure of the second network device would have on the tenant network. (¶0015 predictor relating to or impacting the fail condition; ¶0021 analysis server monitoring network; ¶0026 multi-tenant network; ¶0031 predict the fail condition for the network nodes). 
Thus given the teachings of Bhalla it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Bhalla, Brandwine and Ghanwani for analyzing network to determine the impact on the network. One of ordinary skill in the art would be motivated to allow for performance extraction unit to create a fail condition table that tracks fail condition history in the network infrastructure. (See Bhalla para 0041)
As to claim 17, the combination of Brandwine, Ghanwani and Bhalla teach the medium of claim 15, wherein Brandwine further teaches the non-transitory computer-readable storage (¶0010 computing node may be one of multiple virtual machine); ¶0043 virtual machine computing nodes include virtual machine hypervisor monitor).
As to claim 19, the combination of Brandwine, Ghanwani and Bhalla teach the medium of claim 15, wherein Ghanwani further teaches the non-transitory computer-readable storage medium of claim 15, wherein the first network device in the tenant network is a spine switch. (¶0350 spine nodes; ¶0352 a software defined network; ¶0379 multiple nodes (users/tenants)).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for configuring a network device as spine node. One of ordinary skill in the art would be motivated to allow for providing redundant links between network devices. (See Ghanwani para 0010)
As to claim 20, the combination of Brandwine, Ghanwani and Bhalla teach the medium of claim 15, wherein Ghanwani further teaches the non-transitory computer-readable storage medium of claim 15, wherein the first network device in the tenant network is a leaf switch. (¶0350 leaf nodes; ¶0352 a software defined network; ¶0379 multiple nodes (users/tenants)).
Thus given the teachings of Ghanwani it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Ghanwani and Brandwine for network device configured as a leaf node. One of ordinary skill in the art would be motivated to allow for reducing table entries. (See Ghanwani para 0363)
Claims 4, 7, 11, 14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine (US20150172104) in view of Ghanwani (US20150188808) and in further view of Bhalla (US20150135012) and in further view of Zoram (US20110307886).
As to claim 4, although the combination of Brandwine, Ghanwani and Bhalla teach the method recited in claim 1, the combination of Brandwine, Ghanwani and Bhalla fail to expressly teach the computer-implemented method of claim 1, wherein the first virtual device in the monitoring appliance is a network container.
Zoram, however discloses, the computer-implemented method of claim 1, wherein the first virtual device in the monitoring appliance is a network container. (¶0061 virtual node is a container; ¶0085 machine monitor).
Thus given the teaching of Zoram it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Zoram, Brandwine, Ghanwani and Bhalla for a virtual device configured as a container. One of ordinary skill in the art would be motivated to allow for quick detection of network failures. (See Zoram para 0048) 
As to claim 7, although the combination of Brandwine, Ghanwani and Bhalla teach the method recited in claim 1, the combination of Brandwine, Ghanwani and Bhalla fail to expressly teach the computer-implemented method of claim 1, wherein the monitoring appliance comprises a series of virtual machines (VMs) operating in a cluster mode.
Zoram, however discloses, the computer-implemented method of claim 1, wherein the monitoring appliance comprises a series of virtual machines (VMs) operating in a cluster mode. (¶0054 cluster, virtual machines; ¶0073 cluster mode; ¶0085 component monitor).
Thus given the teaching of Zoram it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Zoram, Brandwine, Ghanwani and Bhalla for a cluster of virtual machines operating in cluster mode. One of ordinary skill in the art would be motivated to allow for improve system/network availability by providing the ability to add or remove hardware components in a functioning system without bringing down the system. (See Zoram para 0046)
As to claim 11, although the combination of Brandwine, Ghanwani and Bhalla teach the system recited in claim 8, the combination of Brandwine, Ghanwani and Bhalla fail to expressly teach the system of claim 8, wherein the first virtual device in the monitoring appliance is a network container.
Zoram, however discloses, the system of claim 8, wherein the first virtual device in the monitoring appliance is a network container. (¶0061 virtual node is a container; ¶0085 machine monitor).
Thus given the teaching of Zoram it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Zoram, Brandwine, Ghanwani and Bhalla for a virtual device configured as a container. One of ordinary skill in the art would be motivated to allow for reducing the amount of time to migrate to a new device cluster in case of failure. (See Zoram para 0094)
As to claim 14, although the combination of Brandwine, Ghanwani and Bhalla teach the system recited in claim 8, the combination of Brandwine, Ghanwani and Bhalla fail to expressly teach 
Zoram, however discloses, the system of claim 8, wherein the monitoring appliance comprises a series of virtual machines (VMs) operating in a cluster mode. (¶0054 cluster, virtual machines; ¶0073 cluster mode; ¶0085 component monitor).
Thus given the teaching of Zoram it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Zoram, Brandwine, Ghanwani and Bhalla for a for a cluster of virtual machines operating in cluster mode. One of ordinary skill in the art would be motivated to allow for secure isolation ensures that users from different organizations could not see or affect other user devices and/or applications. (See Zoram para 0052)
As to claim 18, although the combination of Brandwine, Ghanwani and Bhalla teach the medium recited in claim 15, the combination of Brandwine, Ghanwani and Bhalla fail to expressly teach the non-transitory computer-readable storage medium of claim 15, wherein the first virtual device in the monitoring appliance is a network container.
Zoram, however discloses, the non-transitory computer-readable storage medium of claim 15, wherein the first virtual device in the monitoring appliance is a network container. (¶0061 virtual node is a container; ¶0085 machine monitor).
Thus given the teaching of Zoram it would have been obvious to one of ordinary skill persons in the art before the effective filing date of the claimed invention to combine the teaching of Zoram, Brandwine, Ghanwani and Bhalla for a virtual device configured as a container. One of ordinary skill in the art would be motivated to allow for system faults to be isolated from other network nodes. (See Zoram para 0013) 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONY WILLIAMS whose telephone number is (469)295-9115. The examiner can normally be reached Mon-Fri 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on (571)570-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/T.W. /Examiner, Art Unit 2454


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2454