DETAILED ACTION

Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11, 13, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Zapponi et al. (US 20200162344) hereinafter Zapponi in view of Hanson (US 20110277034).
Regarding claim 1, Zapponi teaches a computer-implemented method of application topology visualization, the method comprising: 
obtaining relationship data for a plurality of managed components in a computing environment (see steps 450 and 452 in Fig. 4B and [0130, 131]: the present technology pertains to a user interface for conveying relationships between network components (locations/sites [that include network devices], physical devices, data centers, applications, services, virtual network functions, etc.).  In addition to displaying relationships between network components, the user 
generating, with an application topology visualizer (see [0050]: topology tool 306 for visualizing the physical topology of network elements), an application topology visualization of the computing environment comprising the plurality of managed components, wherein the application topology visualization comprises said relationship data (see step 456 in Fig. 4B and [0132]: After the user selects the first representation of a first network component, second network component data can be received from the collection data service that identifies one or more metrics associated with the second network component, based on a network component relationship determined by a network monitoring service (step 456).  For example, the network component relationship can be one or more relationships between the first representation of the first network component and a second relationship of a second network component); and 
displaying, at a graphical user interface, the application topology visualization of the computing environment (see [0130]: the present technology pertains to a user interface… for displaying relationships between network components; see also [0137]: For example, when the graphical user interface receives a selection from a user that selects the world level (e.g., FIG. 5), the graphical user interface will show all the issues/apps/entities at the world level.  The world level can, for example, reflect the entire network--in FIG. 5, for example, summary component 
However, the Zapponi reference does not explicitly teach a method comprising:
obtaining event data for the plurality of managed components in the computing environment;  and 
generating, with an application topology visualizer, an application topology visualization of the computing environment comprising said event data for said plurality of managed components.
In the same field of endeavor, Hanson teaches a method for visualization of vulnerability and asset data in a network, the method in accordance with the present invention and comprising:
obtaining event data for the plurality of managed components in the computing environment (see step 330 in Fig. 3 and [0038]: log correlation engine may aggregate various logs that contain events generated in the network. For example, operation 330 may generally include the log correlation engine receiving one or more logs describing the network sessions and other traffic observed by the passive vulnerability scanners in operation 320, including time stamps describing when the network sessions started, durations that the sessions lasted, source and destination addresses associated with the sessions, and amounts of data communicated during the sessions; [0039]: In one implementation, operation 330 may therefore include the log correlation engine receiving event logs from various different sources in the network, normalizing the event logs to account for different transport mechanisms or formats that the sources may use for the event logs, and 
generating, with an application topology visualizer, an application topology visualization of the computing environment comprising said event data for said plurality of managed components (see step 340 and [0040]: The management console may receive the information obtained by the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine in operations 310, 320, and 330, wherein an operation 340 may then include the management console building a topology or model of the network from such information.  In particular, the model or topology built in operation 340 may include characteristics describing the various devices and services discovered in the network during operations 310, 320, and 330, including relationships between the various devices and services discovered in the network … As such, in addition to including the relationships between the various devices and services discovered in the network, the network model or topology built in operation 340 may further include relationships between the various devices and services discovered in the network).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the present invention to modify the method of Zapponi suggesting an application topology visualizer for visualizing the computing environment comprising the plurality of managed components with the method taught by Hanson, the method suggesting obtaining event data for the plurality of managed components and generating an application topology visualization of the managed components and said event data. The motivation for such combination would have been to provide an effective way to perform comprehensive security audits to completely describe potential vulnerabilities in the network, build models or topologies for the network, or derive other information that may be relevant to managing the network.

Regarding claim 2, Zapponi in view of Hanson is applied as described in claim 1 examined above. The combination of Zapponi and Hanson teaches a method comprising generating, via an application topology visualizer, an application topology visualization of the computing environment. Zapponi further teaches a method wherein the application topology visualization comprises a topology of the plurality of managed components and parent/child relationships interconnecting the plurality of managed components (Zapponi - see [0143]: the network component relationship can be a hierarchical relationship that changes over a time period (e.g., selectable time period, such as through a drop down menu), and relationships between components of the network can be determined by using tree based mechanisms where the parent of the tree is known … These can similarly be represented as a tree based relationship where the building is the parent, the devices are below the building, the applications are below the devices, etc. In other words, tree-based relationship mapping can be used to, in general, find out how components within the network are related).

Regarding claim 3, Zapponi in view of Hanson is applied as described in claim 1 examined above. The combination of Zapponi and Hanson teaches a method comprising generating, via an application topology visualizer, an application topology visualization of the computing environment. Zapponi further teaches a method wherein the computing environment is a datacenter (Zapponi - see [0130]: As described herein, the present technology pertains to a user interface for conveying relationships between network components (locations/sites [that include network devices], physical devices, data centers, applications, services, virtual network functions, etc.)) and the plurality of managed components comprises hardware components and virtual components of the datacenter (Zapponi - see [0112]: The network layer 230 can be conceptualized as a composition of two layers, an underlay 234 comprising physical and virtual network infrastructure (e.g., routers, switches, WLCs, etc.)).

Regarding claim 4, Zapponi in view of Hanson teaches the limitations of claim 1 examined above. The combination of Zapponi and Hanson further teaches a method comprising: 
storing, at a database, the application topology visualization of the computing environment (Zapponi - see [0032]: The fabric control plane node(s) 110 can serve as a central database for tracking all users, devices, and things as they attach to the network fabric 120, and as they roam around).

Regarding claim 5, Zapponi in view Hanson teaches the limitations of claim 1 as examined above. The combination of Zapponi and Hanson further teaches a method comprising:
determining a change to one or more of the plurality of managed components of the computing environment (Hanson - see [0021]: detect new or changed information describing various routers 140, hosts 130, servers 130, or other devices 130 in the network; see [0034]: As such, in one implementation, operation 310 may further include the active vulnerability scanners discovering any new or changed information describing any routers, servers, hosts, devices, or running services that respond to the communicated packets or messages). 

Regarding claim 6, Zapponi in view of Hanson teaches the limitations of claim 5 as examined above. The combination of Zapponi in view of Hanson further teaches a method comprising determining a change to one or more of the plurality of managed components of the computing environment. Furthermore, Hanson further teaches a method comprising: 
updating, with the application topology visualizer and based on the change to one or more of the plurality of managed components, the application topology visualization of the computing environment to an updated application topology visualization of the computing environment (see [0013], [0040]: Furthermore, the model or topology may be automatically updated in response to new or changed 

Regarding claim 7, Zapponi in view of Hanson teaches the limitations of claim 6 as examined above. The combination of Zapponi and Hanson further teaches a method comprising:
storing, at a database, the application topology visualization of the computing environment (Zapponi – see [0032]:  The fabric control plane node(s) 110 can serve as a central database for tracking all users, devices, and things as they attach to the network fabric 120, and as they roam around); and 
storing, at the database, the updated application topology visualization of the computing environment (Hanson - see [0040]: in one implementation, the model or topology may be automatically updated in operation 340 in response to new or changed information discovered in subsequent active vulnerability scans, subsequently observed network traffic, or subsequently analyzed event logs).

Regarding claim 8, Zapponi in view of Hanson is applied as disclosed in claim 7 examined above. The combination of Zapponi and Hanson teaches a method comprising further teaches a method comprising storing, at a database, the application topology visualization of the computing environment. Furthermore, Zapponi further teaches a method comprising: 
providing, at the application topology visualizer, a time manipulation capability for the application topology visualization (see [0082]: The time period selection user interface element 356 can enable display of the overall health of the network over specific time periods (e.g., last 3 hours, last 24 hours, last 7 days, custom, etc.); [0086]: The graphical user interface 300F can include a timeline slider 398 for selecting a more granular time range than a time period selection user interface element (e.g., the time period selection user interface element 354)), wherein the 

Regarding claim 9, Zapponi in view of Hanson is applied as disclosed in claim 8 examined above. The combination of Zapponi and Hanson teaches a method comprising further teaches a method comprising storing, at a database, the application topology visualization of the computing environment. Furthermore, Zapponi further teaches a method comprising:
receiving a selected time (see [0138]: selectable time range 536 (e.g., the last 24 hours); and 
providing, at the graphical user interface, the application topology visualization of the computing environment for the selected time (see [0138]: for example, the UI shows that in the selectable time range 536 (e.g., the last 24 hours), the whole network experienced 132 impacted devices 526, 80 throughput issues 528, 22 packet errors 532, and 14 roaming issues 534). 

Regarding claim 10, Zapponi in view of Hanson is applied as disclosed in claim 1 examined above. The combination of Zapponi and Hanson further teaches a method comprising:
determining the event data for at least one of the plurality of managed components of the computing environment comprises a problem (Hanson – see [0031]: the log correlation engine 290 may identify subsets of the events that relate to particular intrusion events, attacker network addresses, assets having vulnerabilities that the intrusion events and/or the attacker network addresses target, etc.); and 
displaying an alert identifier at a tier comprising the at least one of the plurality of managed components of the computing environment having the problem (Hanson – see [0044]: an operation 380 may include the management console further applying one or more visual effects to the three-dimensional visualization created in operation 370.  In particular, applying the visual effects to the three-dimensional visualization in operation 380 may include assigning one or more color codes to various elements in the three-dimensional visualization, wherein the color codes may represent values or other properties for assets, vulnerabilities, or other elements in the three-dimensional visualization).

Regarding claim 11, Zapponi in view of Hanson teaches the limitations of claim 1 as examined above. The combination of Zapponi and Hnason teaches a method comprising obtaining event data for the plurality of managed components in the computing environment. Furthermore, Hanson teaches a method wherein the event data comprises at least one managed component identifier (see Fig. 5E and [0043]: vulnerability to IP address relationships).

Regarding claim 13, Zapponi teaches  a non-transitory computer readable storage medium having computer readable program code stored thereon for causing a computer system to perform a method for application topology visualization, the method comprising: 
obtaining relationship data for a plurality of managed components in a computing environment (see steps 450 and 452 in Fig. 4B and [0130, 131]: the present technology pertains to a user interface for conveying relationships between network components (locations/sites [that include network devices], physical devices, data centers, applications, services, virtual network functions, etc.).  In addition to displaying relationships between network components, the user interface can receive user inputs to select a network component to view, highlight, 
generating, with an application topology visualizer (see [0050]: topology tool 306 for visualizing the physical topology of network elements), an application topology visualization of the computing environment comprising the plurality of managed components, wherein the application topology visualization comprises said relationship data (see step 456 in Fig. 4B and [0132]: After the user selects the first representation of a first network component, second network component data can be received from the collection data service that identifies one or more metrics associated with the second network component, based on a network component relationship determined by a network monitoring service (step 456).  For example, the network component relationship can be one or more relationships between the first representation of the first network component and a second relationship of a second network component); and 
displaying, at a graphical user interface, the application topology visualization of the computing environment (see [0130]: the present technology pertains to a user interface… for displaying relationships between network components; see also [0137]: For example, when the graphical user interface receives a selection from a user that selects the world level (e.g., FIG. 5), the graphical user interface will show all the issues/apps/entities at the world level.  The world level can, for example, reflect the entire network--in FIG. 5, for example, summary component 522 shows an informational summary of the whole network; in this case the whole 
However, the Zapponi reference does not explicitly teach a method comprising:
obtaining event data for the plurality of managed components in the computing environment;  and 
generating, with an application topology visualizer, an application topology visualization of the computing environment comprising said event data for said plurality of managed components.
In the same field of endeavor, Hanson teaches a method for visualization of vulnerability and asset data in a network, the method in accordance with the present invention and comprising:
obtaining event data for the plurality of managed components in the computing environment (see step 330 in Fig. 3 and [0038]: log correlation engine may aggregate various logs that contain events generated in the network. For example, operation 330 may generally include the log correlation engine receiving one or more logs describing the network sessions and other traffic observed by the passive vulnerability scanners in operation 320, including time stamps describing when the network sessions started, durations that the sessions lasted, source and destination addresses associated with the sessions, and amounts of data communicated during the sessions; [0039]: In one implementation, operation 330 may therefore include the log correlation engine receiving event logs from various different sources in the network, normalizing the event logs to account for different transport mechanisms or formats that the sources may use for the event logs, and then analyzing the normalized logs to identify any new or changed information describing the routers, servers, hosts, devices, or services in the network);  and 
generating, with an application topology visualizer, an application topology visualization of the computing environment comprising said event data for said plurality of managed components (see step 340 and [0040]: The management console may receive the information obtained by the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine in operations 310, 320, and 330, wherein an operation 340 may then include the management console building a topology or model of the network from such information.  In particular, the model or topology built in operation 340 may include characteristics describing the various devices and services discovered in the network during operations 310, 320, and 330, including relationships between the various devices and services discovered in the network … As such, in addition to including the relationships between the various devices and services discovered in the network, the network model or topology built in operation 340 may further include relationships between the various devices and services discovered in the network).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the present invention to modify the method of Zapponi suggesting an application topology visualizer for visualizing the computing environment comprising the plurality of managed components with the method taught by Hanson, the method suggesting obtaining event data for the plurality of managed components and generating an application topology visualization of the managed components and said event data. The motivation for such combination would have been to provide an effective way to perform comprehensive security audits to completely describe potential vulnerabilities in the network, build models or topologies for the network, or derive other information that may be relevant to managing the network.

Regarding claim 15, it teaches the same limitations as claim 2 examined above. Therefore, the same rationale of rejection is applied.

Regarding claim 16, Zapponi in view of Hanson teaches the limitations of claim 13 as examined above. The combination of Zapponi and Hnason teaches a method comprising obtaining event data for the plurality of managed components in the computing environment. Zapponi in view of Hanson further teaches a method comprising:
storing, at a database, the application topology visualization of the computing environment (Zapponi – see [0032]:  The fabric control plane node(s) 110 can serve as a central database for tracking all users, devices, and things as they attach to the network fabric 120, and as they roam around); 
updating, with the application topology visualizer and based on a change to one or more of the plurality of managed components, the application topology visualization of the computing environment to an updated application topology visualization of the computing environment (Hanson - see [0013], [0040]: Furthermore, the model or topology may be automatically updated in response to new or changed information discovered in subsequent active vulnerability scans, subsequently observed network traffic, or subsequently analyzed event logs); and 
storing, at the database, the updated application topology visualization of the computing environment (Hanson - see [0040]: in one implementation, the model or topology may be automatically updated in operation 340 in response to new or changed information discovered in subsequent active vulnerability scans, subsequently observed network traffic, or subsequently analyzed event logs).

Regarding claim 17, it teaches the same limitations as claim 8 examined above. Therefore, the same rationale of rejection is applied.

Regarding claim 18, it teaches the same limitations as claim 9 examined above. Therefore, the same rationale of rejection is applied.

Regarding claim 19, Zapponi teaches a system for application topology visualization, the system comprising: 
a data storage unit (see Fig. 10B item 1070); and 
a processor communicatively coupled with the data storage unit (see Fig. 10B item 1055), the processor configured to: 
obtain relationship data for a plurality of managed components in a computing environment (see steps 450 and 452 in Fig. 4B and [0130, 131]: the present technology pertains to a user interface for conveying relationships between network components (locations/sites [that include network devices], physical devices, data centers, applications, services, virtual network functions, etc.).  In addition to displaying relationships between network components, the user interface can receive user inputs to select a network component to view, highlight, and/or change network scope regarding the displayed relationships in a detailed view), wherein the plurality of managed components have an application operating thereon (see [0143]: For example, for building and client relationships, a building can have a certain number of devices (e.g., 50 iPhones, 100 Samsung phones, 15 Windows phones, laptops, desktops, etc.) and those devices are seeing applications (e.g., Facebook, media traffic such as downloading, streaming, etc.)); 
generate, with an application topology visualizer (see [0050]: topology tool 306 for visualizing the physical topology of network elements), an application topology visualization of the computing environment comprising the plurality of managed components, wherein the application topology visualization comprises said relationship data (see step 456 in Fig. 4B and [0132]: After the user selects the 
display, at a graphical user interface, the application topology visualization of the computing environment (see [0130]: the present technology pertains to a user interface… for displaying relationships between network components; see also [0137]: For example, when the graphical user interface receives a selection from a user that selects the world level (e.g., FIG. 5), the graphical user interface will show all the issues/apps/entities at the world level.  The world level can, for example, reflect the entire network--in FIG. 5, for example, summary component 522 shows an informational summary of the whole network; in this case the whole network includes 8 sites (e.g., network components 550 including, but not limited to, SJG 510, BOLK 512, FLM 524, RIP 514, DGM 516, LM 518, and DCL 520) with 56 buildings) as a single page (see [0043] and Fig. 5: The user interface 204 can provide a user a single point to manage and automate the network); 
store, at a database, the application topology visualization of the computing environment (see [0032]: The fabric control plane node(s) 110 can serve as a central database for tracking all users, devices, and things as they attach to the network fabric 120, and as they roam around). 
However, Zapponi does not explicitly teach a system configured to:
obtain event data for the plurality of managed components in the computing environment;
generate, with an application topology visualizer, an application topology visualization of the computing environment comprising said event data for said plurality of managed components;
update, with the application topology visualizer and based on a change to one or more of the plurality of managed components, the application topology visualization of the computing environment to an updated application topology visualization of the computing environment; and 
store, at the database, the updated application topology visualization of the computing environment.  
In the same field of endeavor, Hanson teaches a system in accordance with the present invention, the system configured to:
obtain event data for the plurality of managed components in the computing environment (see step 330 in Fig. 3 and [0038]: log correlation engine may aggregate various logs that contain events generated in the network. For example, operation 330 may generally include the log correlation engine receiving one or more logs describing the network sessions and other traffic observed by the passive vulnerability scanners in operation 320, including time stamps describing when the network sessions started, durations that the sessions lasted, source and destination addresses associated with the sessions, and amounts of data communicated during the sessions; [0039]: In one implementation, operation 330 may therefore include the log correlation engine receiving event logs from various different sources in the network, normalizing the event logs to account for different transport mechanisms or formats that the sources may use for the event logs, and then analyzing the normalized logs to identify any new or changed information describing the routers, servers, hosts, devices, or services in the network);
generate, with an application topology visualizer, an application topology visualization of the computing environment comprising said event data for said plurality of managed components (see step 340 and [0040]: The management console may receive the information obtained by the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine in operations 310, 320, and 330, wherein an operation 340 may then include the management console building a topology or model of the network from such information.  In particular, the model or topology built in operation 340 may include characteristics describing the various devices and services discovered in the network during operations 310, 320, and 330, including relationships between the various devices and services discovered in the network … As such, in addition to including the relationships between the various devices and services discovered in the network, the network model or topology built in operation 340 may further include relationships between the various devices and services discovered in the network);
update, with the application topology visualizer and based on a change to one or more of the plurality of managed components, the application topology visualization of the computing environment to an updated application topology visualization of the computing environment (see [0013], [0040]: Furthermore, the model or topology may be automatically updated in response to new or changed information discovered in subsequent active vulnerability scans, subsequently observed network traffic, or subsequently analyzed event logs); and 
store, at the database, the updated application topology visualization of the computing environment (see [0040]: in one implementation, the model or topology may be automatically updated in operation 340 in response to new or changed information discovered in subsequent active vulnerability scans, subsequently observed network traffic, or subsequently analyzed event logs).  
.


Claims 12, 14 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zapponi et al. (US 20200162344) hereinafter Zapponi in view of Hanson (US 20110277034), in further view of Smith et al. (US 20090327903).
Regarding claim 12, Zapponi in view of Hanson teaches the limitations of claim 1 as examined above. The combination of Zapponi and Hanson teaches a method comprising utilizing a plurality of tiers to represent the computing environment having the application operating thereon (Zapponi - see [0142]: The network can be organized by geographical location, logical hierarchy of devices (e.g., a wireless network has a controller at a first layer, access points at a lower layer, and then clients connected to the access points at a lowest layer, etc.), etc.). However, the Zapponi-Hanson combination does not explicitly teach a method comprising: 
each of the plurality of tiers comprising one or more of a VM, an IP address, and a Kubernetes pod; 
providing a number of flows between the plurality of tiers to indicate a plurality of communication pathways; and 
responsive to receiving a selection of a first tier of said plurality of tiers, highlighting on the application topology visualization, any other tier of said plurality of tiers that is in communication with said first tier.
In the same field of endeavor, Smith teaches a method in accordance with the present invention, the method comprising:
each of the plurality of tiers comprising an IP address (see item 1605 in Fig. 16C and [0092]: FIG. 16C also shows a feature of the GUI 1300 for displaying information 1605 about a particular selected network communication flow 1607); 
providing a number of flows between the plurality of tiers to indicate a plurality of communication pathways (see [0092]: An isolated view of the selected device 1609 is rendered in the first display region 1303 showing the device 1609 along with its interfaces and arrows representing the various network flows associated with the device 1609.  The device level view also provides a tabular listing of data for the network flows associated with the device 1609 within a display region 1611); and 
responsive to receiving a selection of a first tier of said plurality of tiers, highlighting on the application topology visualization, any other tier of said plurality of tiers that is in communication with said first tier (see [0092] and [0094]: FIGS. 17B-17F show control GUIs for applying selected colors to particular network topology and flow parameter ranges to facilitate visual evaluation of the network and flows therein).
Accordingly, it would have been obvious to one of ordinary skill in the art before the effective filing date of the present invention to incorporate the teachings of Smith into the method of the Zapponi-Hanson combination, wherein Smith suggests a method comprising providing a number of flows between the plurality of tiers to indicate a plurality of communication pathways, and responsive to receiving a selection of a first tier of said plurality of tiers, highlighting on the application topology visualization, any other tier of said plurality of tiers that is in communication 

Regarding claims 14 and 20, they recite the same limitations as claim 12 examined above. Therefore, the same rationale of rejection is applied.


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PATRICK F NGANKAM whose telephone number is (571)270-3659. The examiner can normally be reached M-F 9:30-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on (571) 272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about 





/P.F.N/Examiner, Art Unit 2454                                                                                                                                                                                                        
/GLENTON B BURGESS/Supervisory Patent Examiner, Art Unit 2454