DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1, 12, and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
As to claims 1 and 12, the limitations of:
if the network status does not indicate a problem with the network, delete the virtual machine; and (emphasis added by Examiner)
if the network status indicates a problem with the network, … (iv) delete the virtual machine. (emphasis added by Examiner)
According to these limitations in claims 1 and 12, it does not matter whether or the network status indicates a problem or not for the virtual machine to be deleted, which does not 

As to claim 17, the limitations of: 
“if the port status indicates that the port is not connected, set a network error flag to indicate a layer 1 failure;” and 
“if the port status indicates that the port status is connected, set the network error flag to indicate a layer 1 error;” (emphasis added by Examiner) are indefinite.  
According to these limitations in claim 17, it does not matter whether or the port status is connected or not connected for there to be a layer 1 failure/error/issue, which does not seem correct.  In paragraph [0046] of Applicant’s Specification, it discloses that if it is determined, based on the port status, that the port is connected,………, set the error status as a layer 2 failure (emphasis added by Examiner), which contradicts what is claimed.  It is unclear which is correct between the limitations of original claim 17 or paragraph [0046] of Applicant’s specification.  Since the scope of the claim cannot be ascertained, it is found to be indefinite.    

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav et al. (hereinafter YADAV) (US 2016/0359897 A1) in view of Shevade et al. (hereinafter SHEVADE) (US 2021/0240513 A1).

As to claim 1, YADAV teaches a system for automated monitoring and troubleshooting of unknown dependencies in a virtual infrastructure (network traffic monitoring system 100 can automatically determine network topology using Analytics module 110 to determine dependencies of components within the network) [0025]-[0026]), the system comprising: 
a physical network infrastructure (data center network with nodes that include a physical server, etc.) ([0018]); 
a virtual network infrastructure (network environment 200 that includes virtual resources, which can be accessed and utilized by clients or tenants) ([0039]); 
one or more project tenants (clients or tenants) ([0039]); and 
a monitoring system comprising (network traffic monitoring system 100): 
one or more processors (Processor 510) configured to execute instructions to: 
add a virtual machine to the virtual network infrastructure (new virtual machine is instantiated) ([0016]); 
determine if the virtual machine was successfully added (network traffic monitoring system 100 can determine if a VM is successfully added and new virtual machine is instantiated by hypervisor) ([0016]; [0025]-[0026]); 

if the virtual machine was successfully added: modify the virtual machine (modify based on a new VM being instantiated or a VM migration or a policy change to a VM, etc.) ([0016]; [0031]); 
determine if the virtual machine was successfully modified (modify based on a new VM being instantiated or a VM migration or a policy change to a VM, etc.) ([0016]; [0031]); 
if the virtual machine was not successfully modified, (i) save an image of the virtual machine, (ii) transmit, to the network operator, an error report (Analytics module 110 generates reports and attempts to determine a root cause of a failure of its dependent components) ([0025]-[0026]; [0035]; [0046]; [0048]), and  and 
if the virtual machine was successfully modified (modify based on a new VM being instantiated or a VM migration or a policy change to a VM, etc.) ([0016]; [0031]):  
determine a network status (network traffic monitoring system 100 generates a network status report that can suggest possible remedial measures for network entities) ([0064]);  
determine if the network status does not indicate a problem with the network (based on network status report from network traffic monitoring system 100);
if the network status indicates a problem with the network, (i) gather live network state, (ii) save an image of the virtual machine (iii) transmit, to the network operator, an error report.
YADAV does not explicitly teach deleting virtual machines in situations where the VM was not successfully added, the VM was not successfully modified, the network status does not SHEVADE teaches the option of having a “DeleteOnTerminate” setting that when turned on, it terminates virtual machine instances when the desired computations are complete ([0097]; [0003]; [0123]).  In addition, with respects to YADAV, one of ordinary skill in the art would find it desirable to delete the virtual machine after all desired computations are completed and/or the virtual machine is no longer needed.  YADAV and SHEVADE are analogous art with the claimed invention because they are all in the same field of endeavor of network monitoring with virtualization.
It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify YADAV’s network monitoring such that it would be able to terminate/delete a virtual machine in situations where computations are completed and/or the virtual machine is no longer needed, such as in situations when the VM was not successfully added, the VM was not successfully modified, the network status does not indicate a problem with the network, the network status does indicate a problem with the network, as taught/suggested in SHEVADE.  The suggestion/motivation for doing so would have been to provide the predicted result of being able to terminate a virtual machine automatically without a manual request in addition to remove VM instances when they are no longer needed due to all desired computations being completed (SHEVADE - [0041]; [0097]).

As to claim 2, YADAV teaches wherein the monitoring system further comprises a graphical user interface and wherein reporting an error to a network operator comprises displaying an error message on the graphical user interface (GUI) ([0071]-[0072]).

As to claim 3, YADAV teaches wherein the one or more processors are further configured to execute the instructions to: monitor activity data representing actions taken by a tenant associated with the virtual infrastructure (network traffic monitoring system 100 with Analytics module 110) [0025]-[0026]); and generate, based on the activity data, a synthetic virtual machine (using virtual machines and the Analytics module 110 to perform simulations to discover vulnerabilities and/or to test out the effects of policy changes) ([0027]; [0030]-[0031]).

As to claim 4, YADAV teaches wherein the virtual machine and the synthetic virtual machine are the same (using virtual machines and the Analytics module 110 to perform simulations to discover vulnerabilities and/or to test out the effects of policy changes) ([0027]; [0030]-[0031]).

As to claim 5, YADAV teaches wherein gathering live network state comprises: determining, based at least in part on an IEEE MAC address (MAC or IP address) associated with the virtual machine, a physical port of the physical network infrastructure associated with the virtual machine; receiving, from the physical port, port error data associated with per port network error counters (via Analytics module 110 and calculation of a reputation score based on frequency of anomalous behavior or violations of policy, etc.); and attaching, to the error report, network analytics data comprising (1) port location (MAC address, IP address, port number) data indicating the physical port of the physical network infrastructure associated with the virtual machine and (2) the port error data (Analytics module 110 can compare report data of the traffic flows to classify and determine patterns) ([0048]; [0019]; [0031]).

As to claim 6, YADAV teaches wherein gathering live network state further comprises: comparing port error data to previously gathered port error data; generating a comparison report detailing the changes in port error data as compared to the previously gathered port error data; and attaching, to the error report, the comparison report (Analytics module 110 can compare report data of the traffic flows to classify and determine patterns) ([0048]).

As to claim 7, YADAV teaches wherein modifying the virtual machine comprises installing an application (installing sensors 104 and new versions of their software and applying patches on virtual machines) on the virtual machine ([0016]-[0018]).

As to claim 8, YADAV teaches wherein determining if the virtual machine was successfully modified comprises executing the application installed on the virtual machine (Process that is installed on VM is running) ([0045]).

As to claim 9, YADAV teaches wherein determining a network status comprises testing key performance indicators associated with the virtual machine (analyzing real-time network conditions with respect to patterns of traffic known to be harmful to the network or comparing expected network conditions with actual network conditions such as traffic flow vs. its historical expected value to determine a potential attack) ([0010]; [0032]).

As to claim 10, SHEVADE teaches wherein key performance indicators are associated with key performance indicator values and wherein the network status indicates a problem 

As to claim 11, YADAV teaches wherein the one or more processors are further configured to execute the instructions to: retrieve the image of the virtual machine; instantiate, based on the image of the virtual machine, a new instance of the virtual machine on the virtual network infrastructure (a new VM being instantiated); generate a graphical user interface (GUI or user interface components 585) associated with the virtual machine; and present the graphical user interface to a network operator ([0016]; [0031]; [0046]; [0071]-[0072]).

As to claim 12, it is rejected for the same reasons as stated in the rejection of claim 1.

As to claim 13, it is rejected for the same reasons as stated in the rejection of claim 3.

As to claim 14, it is rejected for the same reasons as stated in the rejection of claim 4.

As to claim 15, it is rejected for the same reasons as stated in the rejection of claim 9.

As to claim 16, it is rejected for the same reasons as stated in the rejection of claim 10.

As to claim 17, YADAV teaches a system for automated monitoring and troubleshooting of unknown dependencies in a virtual infrastructure (network traffic monitoring system 100 can automatically 
a physical network infrastructure (data center network with nodes that include a physical server, etc.) ([0018]); 
a virtual network infrastructure (network environment 200 that includes virtual resources, which can be accessed and utilized by clients or tenants) ([0039]); 
one or more project tenants (network environment 200 that includes virtual resources, which can be accessed and utilized by clients or tenants) ([0039]); and 
a monitoring system comprising one or more processors configured to execute instructions to (network traffic monitoring system 100 and Processor 510): 
monitor activity data associated with actions taken by a tenant associated with the virtual infrastructure (network environment 200 with network traffic monitoring system 100 and tenants/clients) ([0039]); 
generate, based on the activity data, a synthetic virtual machine (using virtual machines and the Analytics module 110 to perform simulations to discover vulnerabilities and/or to test out the effects of policy changes) ([0027]; [0030]-[0031]); 
add the synthetic virtual machine to the virtual network infrastructure (using virtual machines and the Analytics module 110 to perform simulations to discover vulnerabilities and/or to test out the effects of policy changes) ([0027]; [0030]-[0031]); 
monitor the synthetic virtual machine to determine if an error state is detected (using virtual machines and the Analytics module 110 to perform simulations to discover vulnerabilities and/or to test out the effects of policy changes) ([0027]; [0030]-[0031]); 
if an error state is detected: 
; 
determine, based at least in part on the IEEE MAC address associated with the synthetic virtual machine, a physical port of the physical network infrastructure associated with the synthetic virtual machine (each event in the event log is flagged or labelled according to a type of traffic, including a negative event involving a physical, or layer 1, source/destination with IP address, MAC address, port number in the network, etc.) ([0051]; [0019]); 
determine a port status comprising information regarding a connection status of the physical port with respect to the virtual infrastructure (each event in the event log is flagged or labelled according to a type of traffic, including a negative event involving a physical, or layer 1, source/destination with IP address, MAC address, port number in the network, etc.) ([0051]; [0019]); 
if the port status indicates that the port is not connected, set a network error flag to indicate a layer 1 failure (each event in the event log is flagged or labelled according to a type of traffic, including a negative event involving a physical, or layer 1, source/destination with IP address, MAC address, port number in the network, etc.) ([0051]; [0019]); 
if the port status indicates that the port status is connected, set the network error flag to indicate a layer 1 error (each event in the event log is flagged or labelled according to a type of traffic, including a negative event involving a physical, or layer 1, source/destination with IP address, MAC address, port number in the network, etc.) ([0051]; [0019]); 
attach the network error flag to an error report (Analytics module 110 generates reports and attempts to determine a root cause of a failure of its dependent components) ([0025]-[0026]; [0035]; [0046]; [0048]); and 

YADAV does not explicitly teach deleting a virtual machine in the situation where if an error state is not detected, delete the synthetic virtual machine.
However, SHEVADE teaches the option of having a “DeleteOnTerminate” setting that when turned on, it terminates virtual machine instances when the desired computations are complete ([0097]; [0003]; [0123]).  In addition, with respects to YADAV, one of ordinary skill in the art would find it desirable to delete the virtual machine after all desired computations are completed and/or the virtual machine is no longer needed.  YADAV and SHEVADE are analogous art with the claimed invention because they are all in the same field of endeavor of network monitoring with virtualization.
It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify YADAV’s network monitoring with its synthetic (simulation) VM such that it would be able to terminate/delete the virtual machine in situations where an error state is not detected, as taught/suggested in SHEVADE.  The suggestion/motivation for doing so would have been to provide the predicted result of being able to terminate the virtual machine automatically without a manual request in addition to remove any VM instances when they are no longer needed due to all desired computations being completed (SHEVADE - [0041]; [0097]).


As to claim 18, YADAV teaches wherein the monitoring system is further configured to monitor resource usage, such resource usage including one or more of CPU usage, memory usage, and virtual machine network usage (network traffic monitoring system 100 can determine characteristics such as bandwidth, latency, etc.) (Fig. 1; [0023]).

As to claim 19, YADAV teaches wherein the monitoring system comprises dedicated hardware components of the physical network infrastructure (nodes over dedicated private communications links located in the same general physical location, such as a building or campus) ([0043]).

As to claim 20, YADAV teaches the dedicated hardware components of the physical network infrastructure comprise a physical server configured to access all components of the physical network infrastructure and the virtual network infrastructure ([0043]; [0018]; [0039]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Mamillapalli et al. discloses aggregating log data between multiple devices in a network automated monitoring appliance.
Kulshreshtha et al.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH TANG whose telephone number is (571)272-3772. The examiner can normally be reached Monday-Friday 7AM-3PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH TANG/Primary Examiner, Art Unit 2199