Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
2.	This action is in response to the Amendment filed December 12, 2021.

3.	Claims 1-20 have been cancelled and claims 21-40 are pending with this action.


Response to Arguments
4.	Applicant's arguments filed December 12, 2021 have been fully considered and are persuasive. The examiner has examined claims 1-20, however, a preliminary amendment was filed on November 6, 2020 canceling claims 1-20 and entering new claims 21-40.  As such this office action is Non-Final.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

5.	Claim(s) 21-25, 27-31, 33, 34, 37, 38 and 40 is/are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Thakkar et al. (US 2018/0139174).
INDEPENDENT:
As per claim 21, Thakkar teaches a system, comprising: 
one or more computing devices of an extension resource group of a provider network, wherein at least a first host of the extension resource group is located at a first premise external to the provider network (see Thakkar, Fig.1); 
wherein the one or more computing devices include instructions that upon execution on a processor cause the one or more computing devices (see Thakkar, [0009]: “the present invention include a non-transitory computer-readable storage medium comprising instructions that cause a hybrid cloud computing system to carry out one or more of the above methods as well as a distributed cloud infrastructure configured to carry out one or more of the above methods”) to: 
obtain, at a first network manager of the extension resource group, a message comprising a command to launch a compute instance (see Thakkar, [0021]: “Virtualization manager 130 is configured to carry out administrative tasks for computing system 102, including managing hosts 104, managing VMs 120 running within each host 104, provisioning VMs, migrating VMs from one host to another host, and load balancing between hosts 104”, and [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests’), wherein the message is (see Thakkar, [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512’; [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions”; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]); and 
transmit the command from the first network manager to the first host, wherein processing of the command results in an instantiation of a compute instance at the first host (see Thakkar, [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests”), and wherein, within a second network configured at the first premise, the first host is assigned an address within a second address range (see Thakkar, Abstract; [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512”; and [0067]), wherein one or more addresses of the second address range are assigned to respective hosts within the provider network by a control plane of the provider network (see Thakkar, [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions’; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]).
As per claim 30, Thakkar teaches a method, comprising: 
performing by one or more computing devices of an extension resource group of a provider network, wherein at least a first host of the extension resource group is located at a first premise external to the provider network (see Thakkar, Fig.1): 
obtaining, at a first network manager of the extension resource group, a message comprising a command to launch a compute instance (see Thakkar, [0021]: “Virtualization manager 130 is configured to carry out administrative tasks for computing system 102, including managing hosts 104, managing VMs 120 running within each host 104, provisioning VMs, migrating VMs from one host to another host, and load balancing between hosts 104”, and [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests’), wherein the message is obtained by the first network manager at an address within a first address range of a first network configured at the first premise (see Thakkar, [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512’; [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions”; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]); and 
transmitting the command from the first network manager to the first host, wherein processing of the command results in an instantiation of a compute instance at the first host (see Thakkar, [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests”), and wherein, within a second network configured at the first premise, the first host is assigned an address within a second address range (see Thakkar, Abstract; [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512”; and [0067]), wherein one or more addresses of the second address range are assigned to respective hosts within the provider network by a control plane of the provider network (see Thakkar, [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions’; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]).
As per claim 37, Thakkar teaches one or more non-transitory computer readable storage media storing program instructions executable on or across one or more processors cause the one or more processors (see Thakkar, [0009]: “the present invention include a non-transitory computer-readable storage medium comprising instructions that cause a hybrid cloud computing system to carry out one or more of the above methods as well as a distributed cloud infrastructure configured to carry out one or more of the above methods”) to: 
obtain, at a first network manager of the extension resource group, a message comprising a command to launch a compute instance (see Thakkar, [0021]: “Virtualization manager 130 is configured to carry out administrative tasks for computing system 102, including managing hosts 104, managing VMs 120 running within each host 104, provisioning VMs, migrating VMs from one host to another host, and load balancing between hosts 104”, and [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests’), wherein the message is obtained by the first network manager at an address within a first address range of a first network configured at the first premise (see Thakkar, [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512’; [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions”; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]); and 
transmit the command from the first network manager to the first host, wherein processing of the command results in an instantiation of a compute instance at the first host (see Thakkar, [0026]: “orchestration component 158 can initiate and manage the instantiation of virtual machines (e.g., VMs 172) on hosts 162 to support such requests”), and wherein, within a second network configured at the first premise, the first host is assigned an address within a second address range (see Thakkar, Abstract; [0062]: “sends a request for a VNI, a MAC address range, and an IP address range to the central namespace controller 512 that manages a distributed cloud namespace. In response, at step 606, central namespace controller 512 selects a VNI that is unique within the distributed cloud namespace managed by central namespace controller 512”; and [0067]), wherein one or more addresses of the second address range are assigned to respective hosts within the provider network by a control plane of the provider network (see Thakkar, [0063]: “As part of step 606, central namespace controller 512 also assigns MAC and IP address ranges that are unique within the network specified by the VNI. Because central namespace controller 512 assigns MAC and IP address ranges that are unique within the network, together central namespace controller 512 and hybridity directors 174 enable communications via tenant-specific networks that spans multiple cloud computing systems 150--without provoking intra-tenant addressing collisions’; [0064]: “After central name space controller 512 provides the assigned VNI and the assigned MAC and IP address ranges, the hybridity director 174 provisions the network specified by the VNI with the specified MAC and IP address range (step 608)”; and [0067]).

DEPENDENT:
As per claim 22, which depends on claims 21, Thakkar further teaches wherein at least a portion of the first network manager is implemented at a card attached to a host of the extension resource group via a peripheral interface (see Thakkar, Fig.1).
As per claim 23, which depends on claims 21, Thakkar further teaches wherein the first host is incorporated within a first rack of the extension resource group, and wherein at least a portion of the first network manager is implemented at one or more devices which are not incorporated within the first rack (see Thakkar, Fig.1).
As per claim 24, which depends on claims 21, Thakkar further teaches wherein the message is obtained at the first network manager via one or more of: (a) a dedicated physical link connecting the external premise to the provider network or (b) a virtual private network (VPN) tunnel (see Thakkar, Abstract: “and dedicating independent NIC address ranges to different cloud computing systems”).
As per claim 25, which depends on claims 21, Thakkar further teaches wherein the one or more computing devices include further instructions that upon execution on the processor cause the one or more computing devices to: verify, prior to instantiation of the compute instance using a security module of the first host, that the first host meets an acceptance criterion (see Thakkar, [0004]: “In an attempt to provide comprehensive secure separation, the public cloud environment may employ a variety of techniques, such as access control, virtual local area network (VLAN) segmentation, and virtual storage controllers”).
As per claim 27, which depends on claims 21, Thakkar further teaches wherein the extension resource group comprises a compute instance image cache and wherein instantiating the compute instance comprises utilizing a particular compute instance image obtained from the cache (see Thakkar, [0027]: “A virtual machine template is a virtual machine image that is loaded with a pre-installed guest operating system, applications, and data, and is typically used to repeatedly create a VM having the pre-defined configuration”).
As per claim 28, which depends on claims 21, Thakkar further teaches wherein the one or more computing devices include further instructions that upon execution on the processor cause the one or more computing devices to: verify, prior to instantiating the compute instance, that the compute instance was requested by an entity authorized to request launches of compute instances within the extension resource group (see Thakkar, [0004]: “In an attempt to provide comprehensive secure separation, the public cloud environment may employ a variety of techniques, such as access control, virtual local area network (VLAN) segmentation, and virtual storage controllers”).
As per claim 29, which depends on claims 21, Thakkar further teaches wherein the first network manager is configured to: perform a first set of one or more transformation operations on a first network packet generated at the virtual machine; and transmit the transformed version of the first network packet to a first network endpoint, wherein the first network endpoint is (a) not part of the provider network and (b) not part of the extension resource group (see Thakkar, [0007]: “configuring the tenant-facing cloud gateways to preserve the source addresses of packets originating from the cloud computing system; and configuring a multi-tenant cloud gateway to a public network to translate the source addresses of packets originating from the cloud computing system to addresses that are unique within the public network”).
As per claim 31, which depends on claims 30, Thakkar teaches further comprising: verifying, using a security module of the first host prior to instantiating the compute instance, that the first host meets an acceptance criterion (see Thakkar, [0004]: “In an attempt to provide comprehensive secure separation, the public cloud environment may employ a variety of techniques, such as access control, virtual local area network (VLAN) segmentation, and virtual storage controllers”).
As per claim 33, which depends on claims 30, Thakkar further teaches wherein instantiating the compute instance comprises utilizing a particular compute instance image obtained from a compute instance image cache of the extension resource group (see Thakkar, [0027]: “A virtual machine template is a virtual machine image that is loaded with a pre-installed guest operating system, applications, and data, and is typically used to repeatedly create a VM having the pre-defined configuration”).
As per claim 34, which depends on claims 30, Thakkar teaches further comprising: obtaining information indicating one or more entities authorized to request launches of compute instances within the extension resource group; and verifying, prior to instantiating the compute instance, that the compute instance was requested by one of the entities authorized to request launches of compute instances within the extension resource group (see Thakkar, [0004]: “In an attempt to provide comprehensive secure separation, the public cloud environment may employ a variety of techniques, such as access control, virtual local area network (VLAN) segmentation, and virtual storage controllers”).
As per claim 38, which depends on claims 37, Thakkar further teaches storing further program instructions executable on or across the one or more processors cause the one or more processors to: verify, using a security module of the first host prior to instantiating the compute instance, that the first host meets an acceptance criterion (see Thakkar, [0004]: “In an attempt to provide comprehensive secure separation, the public cloud environment may employ a variety of techniques, such as access control, virtual local area network (VLAN) segmentation, and virtual storage controllers”).
As per claim 40, which depends on claims 37, Thakkar further teaches storing further program instructions executable on or across the one or more processors cause the one or more processors to: initiate, by the first network manager, configuration of a secure network channel for communicating with at least a portion of the provider network (see Thakkar, [0004]: “In an attempt to provide comprehensive secure separation, the public cloud environment may employ a variety of techniques, such as access control, virtual local area network (VLAN) segmentation, and virtual storage controllers”).


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6.	Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Thakkar et al. (US 2018/0139174) in view of Ryu (US 2020/0142842).
As per claim 35, which depends on claims 30, Thakkar does not explicitly teach further comprising: instantiating the first network manager in response to one or more trigger signals, wherein the one or more trigger signals include one or more of: a power-on signal at a particular device of the extension resource group; or an indication that a particular device of the extension resource group has access to the Internet.
Ryu teaches instantiating the first network manager in response to one or more trigger signals, wherein the one or more trigger signals include one or more of: a power-on signal at a particular device of the extension resource group (see Ryu, [0081]: “When the power supply to the programmable logic device 3322 is interrupted, an existing programmed state of the programmable logic device 3322 may be lost. In response to the power-on of the controller 3300a, an operation circuit (e.g., the protocol manager 3321) may trigger initialization of the programmable logic device”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Thakkar in view of Ryu by implementing instantiating the first network manager in response to one or more trigger signals, wherein the one or more trigger signals include one or more of: a power-on signal at a particular device of the extension resource group.  One would be motivated to do so because Thakkar teaches in paragraph [0024]: “cloud computing system 150 is configured to dynamically provide an enterprise (or users of an enterprise) with one or more virtual data centers 180 in which a user may provision VMs 120, deploy multi-tier applications on VMs 120, and/or execute workloads”.

7.	Claim 36 is rejected under 35 U.S.C. 103 as being unpatentable over Thakkar et al. (US 2018/0139174) in view of Zhang et al. (US 2004/0177132).
As per claim 36, which depends on claims 30, Thakkar does not explicitly teach further comprising initiating, by the first network manager, one or more of: configuration of a secure network channel for communicating with at least a portion of the provider network; or a bootstrap operation at the first host.
Zhang teaches initiating, by the first network manager, a bootstrap operation at the first host (see Zhang, [0043]: “When the serviced host initiates bootstrap operations via a Basic Input/Output System (BIOS), the host interface 602 operates in a BIOS host interface mode 610 to allow input from the wireless user input device(s) to the BIOS during the bootstrap operations”).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the system of Thakkar in view of Zhang so that the extension resource group comprises a compute instance image cache, wherein instantiating the compute instance comprises: utilizing a particular compute instance image obtained from the cache. One would be motivated to do so because Thakkar teaches provisioning resources (see Thakkar, [0027]: “cloud computing system 150 may include a cloud director 152 (e.g., run in one or more virtual machines) that manages allocation of virtual computing resources to an enterprise for deploying applications”).


Allowable Subject Matter
8.	Claims 26, 32, and 39 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance: 
The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitation of “wherein the one or more computing devices include further instructions that upon execution on the processor further cause the one or more computing devices to: store an encrypted version of state information of the compute instance at a first storage device, wherein decryption of the encrypted version requires the first storage device to be physically attached to the first host” as recited in dependent claims 26, 32, and 39.


Conclusion
9.	For the reasons above, claims 21-25, 27-31, 33-38, and 40 have been rejected and claims 26, 32, and 39 have been objected to.  Claims 21-40 remain pending.

10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL Y WON whose telephone number is (571)272-3993.  The examiner can normally be reached on Wk.1: M-F: 8-5 PST & Wk.2: M-Th: 8-7 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Please note, the examiner generally will not hold interviews after a Final Office Action has been issued.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MICHAEL YOUNG WON
Primary Patent Examiner
Art Unit 2449



/Michael Won/
Primary Examiner, Art Unit 2449
January 27, 2022