Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This office action is responsive to correspondence filed on January 10 2022. Claims 1-7, 10-16 and 19-20 are currently pending for examination.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.


Ascertaining the differences between the prior art and the claims at issue.

Resolving the level of ordinary skill in the pertinent art.

Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-7, 10, 12-16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Raney et al. (US20160020981A1) hereinafter Raney in view of Lucas et al. (US20170171033A1) hereinafter Lucas further in view of Piyush (US20170193448A1) hereinafter Piyush and further in view of Nikolai (US20200356674A1) hereinafter Nikolai.
As per claim 1.  A method for providing (Raney, par0005 discloses a method for operating a network tool optimizer (NTO) device is disclosed that includes discovering relevant traffic information for a network tool device when the network tool device is connected to a port for a network tool optimizer (NTO) device).
a declarative network monitoring environment, the method comprising: (Raney, par0017 discloses FIG. 1 is a block diagram of an example network monitoring system including a network tool optimizer having a tool processor that further includes a tool discovery engine and a tool configuration engine).
networking monitoring tools, networking monitoring (Raney, par0038 discloses in addition to these systems, any number of network monitoring tools 114A, 114B . . . 114C can also be connected to the NTO 102, to the communication network, and/or to systems within the network. Further, the network monitoring tools 114A, 114B . . . 114C can be any of a wide variety of network related tools including traffic monitoring devices, packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other desired network management or security tool device or system. Still further, as described herein, the network monitoring tools 114A, 114B . . . 114C can also be implemented as virtual instances of tool appliances within a large computing platform).
providing an available tool registry for storing tool information associated with, tools that are available for use; (Raney, par0029 discloses the NTO can use this tool identity information to search the internal tool properties database [providing an available tool registry for storing tool information associated with] for matching records. If a match is found, the stored tool information relating to the match [tools that are available for use] can be used to configure packet forwarding rules for filter engines within the NTO to forward relevant network traffic to the tool device according to stored tool information. The stored tool information in the database may include tool identification information, TOI information, tool capabilities, bandwidth limitations, and/or other tool related information. Further, when a tool connects to the NTO and communicates TOI and/or other tool information to the NTO, this tool information can be stored in the tool properties database and later used to configure network traffic for additional similar tool devices that are subsequently connected to the NTO).
providing a potential tool registry for storing tool information associated with, tools that are potentially available for use, by a user; (Raney, par0053 discloses once the type of tool device is determined by discovery upon its connection to a port for the NTO 102, the tool properties database 206 can be used to obtain information about this tool device if it is a known device type and data for that device type has previously been stored in the tool properties database 206. Further, the NTO 102 can provide an API that can be used by the tool device to update and/or provide operational information about itself to the NTO 102. Still further, a user can [by a user] manually provide, update, or add operational information about a tool device [tools that are potentially available for use] to the tool properties database 206 [potential tool registry], for example, through the management platforms 116A, 116B . . . 116C. Other techniques for providing tool information can also be utilized).
determining, using the declarative network monitoring input and the available tool registry and/or the potential tool registry, at least one set of tool configurations for configuring network (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
declarative network monitoring (Raney, par0035 discloses looking back to FIG. 1, it is seen that the network monitoring system 100 includes a tool optimizer 102 connected to network traffic sources, network tool devices, and management platforms. In particular, a plurality of network sources 112A (SOURCE 1), 112B (SOURCE 2) . . . 112C (SOURCE (N)) provide network traffic, such as network packets within a packet-based network communication system, that is to be monitored and/or analyzed by a plurality of monitoring tools 114A (TOOL 1), 114B (TOOL 2) . . . 114C (TOOL (M)). The tool optimizer 102 includes filter processor 106 that operates to control how packets are forwarded from the network sources to the destination tools based upon packet forwarding rules 110 applied to filter engines 109. The tool optimizer 102 also allows users to view, define and/or manage filters 108 through the management platforms 16A (PLATFORM 1), 116B (PLATFORM 2) . . . 116C (PLATFORM (L)), and the tool optimizer 102 automatically generates packet forwarding rules 110 based upon the filters 108).
a monitoring related task (Raney, par0066 discloses the following tables represent example rules that can be set up in ingress and egress filter engines to handle a monitoring example where only email traffic (Port 25) is desired from a particular range of source identifiers for a newly connected tool device 410 as shown in FIG. 4. The first table provides example ingress filter engine rules to forward all user traffic within the selected range of source port (SP) addresses to the tool output port for the tool device. User traffic outside the selected range is dropped. The second table provides example egress filter engine rules that allows only email traffic (Port 25) to be passed to the monitoring tool device. All other packets are to be dropped. It is noted that an ingress filter engine is associated with each input port, and an egress engine is associated with the output port for the tool device).
wherein determining the at least one set of tool configurations comprises: determining, using the available tool registry, a plurality of available tools that are usable for performing the monitoring related task; and (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
determining that performing the monitoring related task using the plurality of available tools is problematic; (Raney, par0060 discloses it is further noted that the TOI for a given tool device can be updated or otherwise modified during operation of the NTO 102 and/or the tool device. For example, the tool device can update its traffic feed characteristics at any time during its operation such as when it needs to adjust bandwidth of incoming traffic in order to handle overload conditions. Further, the tool device may want to adjust its TOI based upon events detected within the traffic it is receiving. For example, if a security monitoring tool detects a network breach or intrusion, the security monitoring tool may want to adjust its TOI to collect additional and/or different network traffic related to this network breach or intrusion. Other variations could also be implemented while still taking advantage of the automated tool discovery and configuration techniques described herein).
identifying, using the available tool registry, a plurality of potential tools to use for performing the monitoring related task; (Raney, par0029 discloses the NTO can use this tool identity information to search the internal tool properties database [providing an available tool registry for storing tool information associated with] for matching records. If a match is found, the stored tool information relating to the match [tools that are available for use] can be used to configure packet forwarding rules for filter engines within the NTO to forward relevant network traffic to the tool device according to stored tool information. The stored tool information in the database may include tool identification information, TOI information, tool capabilities, bandwidth limitations, and/or other tool related information. Further, when a tool connects to the NTO and communicates TOI and/or other tool information to the NTO, this tool information can be stored in the tool properties database and later used to configure network traffic for additional similar tool devices that are subsequently connected to the NTO).
wherein the at least one of the plurality of potential tools includes the first network monitoring device, (Raney, par0038 discloses in addition to these systems, any number of network monitoring tools 114A, 114B . . . 114C [plurality of potential tools] can also be connected to the NTO 102, to the communication network, and/or to systems within the network. Further, the network monitoring tools 114A, 114B . . . 114C can be any of a wide variety of network related tools including traffic monitoring devices [network monitoring device], packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other desired network management or security tool device or system).
wherein receiving the user approval to use at least one of the plurality of potential tools includes adding the first network monitoring device to the available tool registry (Raney, par0083-0084 discloses FIG. 8 is an example embodiment 800 for graphical user interface (GUI) that displays an automatically suggested filter 806 to a user of the NTO 102, for example, through the management interface(s) 116A, 116B . . . 116C. In part, the user can access and use this GUI 800 to view, manage, and configure the filters 108 so that the input traffic is forwarded to tool devices as desired by the user. However, as described herein, the GUI 800 is also used to display filters that are automatically suggested by the tool processor 120….this new filter (F2) 806 is being suggested for use, and dashed lines are used to connect the automatically generated and suggested filter (F2) 806 between network input port 802 and tool output port 708. A symbol 804 such as an exclamation point can also be used to draw the user's attention to the new traffic connection to network port 802. Further, a message 808 can be displayed and/or otherwise communicated to the user that asks the user to confirm whether or not the automatically suggested filter (F2) 806 should be applied. If the user confirms[receiving the user approval, adding to the available tool registry] application of the filter 806, then is defined and the dashed lines can be changed to solid lines).
          Raney does not explicitly discloses receiving input indicating a desire by a user to perform a task; providing the at least one set of tool configurations, receiving user approval to use at least one of the plurality of potential tools.
          Lucas however discloses receiving input indicating a desire by a user to perform a task; (Lucas, par0041-0042 discloses depending on inputs from a user of the computer system via the graphical user interface, the system may proceed in a number of ways. In step 704, the computer may receive, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may enter a listing user the descriptor language, select graphic icons corresponding to available components, or select components via a drop-down menu system. The resulting listing is stored in a form congruent with the descriptor language in step 720. In step 706, the system may adjust the performance of the selected components using the descriptor language to specify component parameters. This may occur automatically, in accordance to, for example, the order in which the user had made selections. Alternatively, the user may use the descriptor language, drop down menus, or graphic icons to enter or alter the parameters of selected components).
(Lucas, par0046 discloses a consistent packaging tool for application deployment in cloud environments may be achieved through the use of a GUI and a cloud descriptor language. By standardizing interfaces of component resources, a single platform may be used to configure a wide variety of cloud environments in a consistent manner, thus facilitating initial environment design and ongoing revision, augmentation, and maintenance. Such a tool [providing the at least one set of tool configurations] may provide for a single framework for managing aspects of cloud deployments).
receiving user approval to use at least one of the plurality of potential tools. (Lucas, par0034 discloses FIG. 6 is an example computing system for managing a cloud design. A computer 602 supports the presentation of a graphical user interface to a user at a station 604. Station 604 includes a display, a keyboard, and a mouse. The computer 602 accesses a database of available cloud design components 610, where the available cloud design components comprise one or more of user resources, database resources, and feature resources. The available cloud design components have a standard interface and are congruent with a descriptor language, which includes standardized parameters for the available cloud design components. The computer 602 instantiates a graphical user interface configured to render a listing of available cloud design components, which the user accesses via the station 604. The computer 602 receives, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may select and arrange the components where they are depicted as graphic icons, e.g., by drag-and-drop mouse operations. Alternatively or additionally, the computer may receive the user selections of available components from the user in the form of text that uses the descriptor language. The computer stores the cloud design 612 in a form congruent with the descriptor language).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of receiving input indicating a desire by a user to perform a task; providing the at least one set of tool configurations, receiving user approval to use at least one of the plurality of potential tools, as taught by Lucas in the method of Raney, so cloud computing images can be used to deploy a cloud, repair damaged deployments, or to bring more cloud resources online in parallel with a deployed cloud, see Lucas par0003.
          Raney and Lucas do not explicitly wherein the, tools that are potentially available for use are unowned or unlicensed by the user.
          Piyush however discloses wherein the, tools that are potentially available for use are unowned or unlicensed by the user; (Piyush, par0067, 0096 discloses content 
management system 106 may not allow unlicensed member 506 access to or use of 
the collaboration tools available to licensed members 502 and/or 504 or may 
just allow use of the collaboration tools [tools that are potentially available for use] for viewing content items but not editing content items….Content management system 106 can allow the user to use the collaboration tools available to collaboration team 232.  The second user's access to team resources may be restricted according to the type of membership the second user has in the team.  For example, if the second user is an unlicensed member of collaboration team 232, the second user may have restricted or limited access to the resources of collaboration team 232).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the, tools 
          Raney, Lucas and Piyush do not explicitly disclose wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry.
          Nikolai however discloses wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry (Nikolai, par0096-0098 teaches this process is implemented when a difference is present between the starting set of security testing tools [available tool registry] and the selected set of security testing tools [the potential tool registry] determined to be needed for use by portable security testing device in testing the target…. The process begins by determining whether a first subset of security testing tools in the selected number of the security testing tools is absent from the starting set of the security testing tools (step 400). If the first subset of the security testing tools is absent, the process installs the first subset of the security testing tools in the selected set of the security testing tools that is absent in the starting set of the security testing tools on the portable security testing device (step 402)).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry, as taught by Nikolai in the method of Raney, Lucas and Piyush, so a penetration test is 

As per claim 3. Raney, Lucas, Piyush and Nikolai disclose the method of claim 1. 
          Raney further discloses wherein the tool information stored in the available tool registry or the potential tool registry is provided via a network operator, a user interface, an application programming interface, or a tool discovery mechanism. (Raney, par0031 discloses this automated discovery can be implemented using tool information stored in a database for known tool device types, using an API through which network tools can communicate tool information such as TOIs directly to the NTO, using tool information entered by a user and stored within the NTO, and/or using other desired techniques. Once the tool information such as TOI information is determined for a network tool device, the NTO can analyze its current network traffic and select appropriate packet types within the network traffic that match the TOI for the tool device and then forward this relevant traffic to the network tool device).

As per claim 4. Raney, Lucas, Piyush and Nikolai disclose the method of claim 1. 
          Raney further discloses wherein the monitoring related task includes generating or obtaining network traffic metrics, detecting network congestion or other network conditions, detecting network traffic having predetermined characteristics, detecting malicious network traffic, or determining one or more network traffic trends. (Raney, par0060 discloses if a security monitoring tool detects a network breach or intrusion, the security monitoring tool may want to adjust its TOI to collect additional and/or different network traffic related to this network breach or intrusion. Other variations could also be implemented while still taking advantage of the automated tool discovery and configuration techniques described herein).

As per claim 5. Raney, Lucas, Piyush and Nikolai disclose the method of claim 1. 
          Raney further discloses wherein the network monitoring tools include a network tap, a network packet broker, a security node, a firewall, a network firewall, an application firewall, or an intrusion protection or prevention system (IPS) node. (Raney, par0052 discloses FIG. 3 is a system diagram of an embodiment 300 for a network monitoring system including three network traffic sources connected to an NTO 102. In the example embodiment 300 depicted, a number of different processing system platforms 310, such as blade servers, are connected within a packet-based communication network with each other through a network switch 308. A first TAP 311 provides first network traffic (TRAFFIC 1) 312 to a first input port for the NTO 102. A second TAP 313 provides second network traffic (TRAFFIC 2) 314 to a second input port for the NTO 102. And a third TAP 315 provides third network traffic (TRAFFIC 3) 316 to a third input port for the NTO 102. As described herein, the NTO 102 includes a tool processor 120 that further includes a tool discovery engine (TDE) 202 and a tool configuration engine (TCE) 204. One or more tool devices 114A, 114B . . . can be connected to output ports for the NTO 102. It is again noted that these output ports can be bi-directional to allow the tool devices 114A, 114B . . . to communicate to the NTO 102, for example, through an API and/or through some other handshake protocol. Each tool device has device properties 302, such as for example, bandwidth limitations 306, traffic-of-interest (TOI) 304, and/or other tool information related to its operation and/or functionality).

As per claim 6. Raney, Lucas, Piyush and Nikolai disclose the method of claim 1. 
          Raney further discloses wherein the declarative network monitoring input is provided via a graphical user interface (GUI), a user interface, a data file, or an application programming interface (API).  (Raney, par0083 discloses FIG. 8 is an example embodiment 800 for graphical user interface (GUI) that displays an automatically suggested filter 806 to a user of the NTO 102, for example, through the management interface(s) 116A, 116B . . . 116C. In part, the user can access and use this GUI 800 to view, manage, and configure the filters 108 so that the input traffic is forwarded to tool devices as desired by the user. However, as described herein, the GUI 800 is also used to display filters that are automatically suggested by the tool processor 120).

As per claim 7. Raney, Lucas, Piyush and Nikolai disclose the method of claim 1. 
          Raney further discloses wherein the tool information in the available tool registry includes physical location information, network address information, bandwidth capacity information, ingress and egress port information, internal processing capability information, internal storage capacity information, performance information, communication link information, and/or connectivity information. (Raney, par0063 discloses the NTO 102 can also include a tool properties database 206 that stores information about known tool devices. Example embodiment 400 also includes two network input ports 402 and 404 and one tool output port 406. An ingress engine is associated with each of the network input ports 402/404, and an egress engine is associated with the tool output port 406. Further, for the example embodiment 400, the NTO 102 is already connected to receive first network traffic (TRAFFIC1) 312 at the first network input port (NETWORK PORT 1) 402 and to receive second network traffic (TRAFFIC 2) 314 at the second network input port (NETWORK PORT 2) 404).
As per claim 10. A system for providing a declarative network monitoring environment, the system comprising: at least one processor; a memory; and a network monitoring system implemented using the at least one processor and the memory, wherein the network monitoring system is configured for: (Raney, par0017 discloses FIG. 1 is a block diagram of an example network monitoring system including a network tool optimizer having a tool processor that further includes a tool discovery engine and a tool configuration engine. Par0043 teaches it is further noted that software and related processing device(s) used to implement the NTO 102 and/or its components, such as filter processor 106, tool processor 120, and the control panel 104, can be implemented as software instructions embodied in a non-transitory computer-readable medium (e.g., memory storage devices, FLASH memory, DRAM memory, reprogrammable storage devices, hard drives, floppy disks, DVDs, CD-ROMs, etc.) including instructions that cause the processing devices used by the NTO 102 to perform the processes, functions, and/or capabilities described herein).
networking monitoring tools, networking monitoring (Raney, par0038 discloses in addition to these systems, any number of network monitoring tools 114A, 114B . . . 114C can also be connected to the NTO 102, to the communication network, and/or to systems within the network. Further, the network monitoring tools 114A, 114B . . . 114C can be any of a wide variety of network related tools including traffic monitoring devices, packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other desired network management or security tool device or system. Still further, as described herein, the network monitoring tools 114A, 114B . . . 114C can also be implemented as virtual instances of tool appliances within a large computing platform).
(Raney, par0029 discloses the NTO can use this tool identity information to search the internal tool properties database [providing an available tool registry for storing tool information associated with] for matching records. If a match is found, the stored tool information relating to the match [tools that are available for use] can be used to configure packet forwarding rules for filter engines within the NTO to forward relevant network traffic to the tool device according to stored tool information. The stored tool information in the database may include tool identification information, TOI information, tool capabilities, bandwidth limitations, and/or other tool related information. Further, when a tool connects to the NTO and communicates TOI and/or other tool information to the NTO, this tool information can be stored in the tool properties database and later used to configure network traffic for additional similar tool devices that are subsequently connected to the NTO).
providing a potential tool registry for storing tool information associated with, that are potentially available for use, by a user (Raney, par0053 discloses once the type of tool device is determined by discovery upon its connection to a port for the NTO 102, the tool properties database 206 can be used to obtain information about this tool device if it is a known device type and data for that device type has previously been stored in the tool properties database 206. Further, the NTO 102 can provide an API that can be used by the tool device to update and/or provide operational information about itself to the NTO 102. Still further, a user can [by a user] manually provide, update, or add operational information about a tool device [tools that are potentially available for use] to the tool properties database 206 [potential tool registry], for example, through the management platforms 116A, 116B . . . 116C. Other techniques for providing tool information can also be utilized).
(Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
declarative network monitoring (Raney, par0035 discloses Looking back to FIG. 1, it is seen that the network monitoring system 100 includes a tool optimizer 102 connected to network traffic sources, network tool devices, and management platforms. In particular, a plurality of network sources 112A (SOURCE 1), 112B (SOURCE 2) . . . 112C (SOURCE (N)) provide network traffic, such as network packets within a packet-based network communication system, that is to be monitored and/or analyzed by a plurality of monitoring tools 114A (TOOL 1), 114B (TOOL 2) . . . 114C (TOOL (M)). The tool optimizer 102 includes filter processor 106 that operates to control how packets are forwarded from the network sources to the destination tools based upon packet forwarding rules 110 applied to filter engines 109. The tool optimizer 102 also allows users to view, define and/or manage filters 108 through the management platforms 16A (PLATFORM 1), 116B (PLATFORM 2) . . . 116C (PLATFORM (L)), and the tool optimizer 102 automatically generates packet forwarding rules 110 based upon the filters 108).
a monitoring related task (Raney, par0066 discloses the following tables represent example rules that can be set up in ingress and egress filter engines to handle a monitoring example where only email traffic (Port 25) is desired from a particular range of source identifiers for a newly connected tool device 410 as shown in FIG. 4. The first table provides example ingress filter engine rules to forward all user traffic within the selected range of source port (SP) addresses to the tool output port for the tool device. User traffic outside the selected range is dropped. The second table provides example egress filter engine rules that allows only email traffic (Port 25) to be passed to the monitoring tool device. All other packets are to be dropped. It is noted that an ingress filter engine is associated with each input port, and an egress engine is associated with the output port for the tool device).
wherein determining the at least one set of tool configurations comprises: determining, using the available tool registry, a plurality of available tools that are usable for performing the monitoring related task; (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
determining that performing the monitoring related task using the plurality of available tools is problematic; (Raney, par0060 discloses it is further noted that the TOI for a given tool device can be updated or otherwise modified during operation of the NTO 102 and/or the tool device. For example, the tool device can update its traffic feed characteristics at any time during its operation such as when it needs to adjust bandwidth of incoming traffic in order to handle overload conditions. Further, the tool device may want to adjust its TOI based upon events detected within the traffic it is receiving. For example, if a security monitoring tool detects a network breach or intrusion, the security monitoring tool may want to adjust its TOI to collect additional and/or different network traffic related to this network breach or intrusion. Other variations could also be implemented while still taking advantage of the automated tool discovery and configuration techniques described herein).
identifying, using the available tool registry, a plurality of potential tools to use for performing the monitoring related task; (Raney, par0029 discloses the NTO can use this tool identity information to search the internal tool properties database [providing an available tool registry for storing tool information associated with] for matching records. If a match is found, the stored tool information relating to the match [tools that are available for use] can be used to configure packet forwarding rules for filter engines within the NTO to forward relevant network traffic to the tool device according to stored tool information. The stored tool information in the database may include tool identification information, TOI information, tool capabilities, bandwidth limitations, and/or other tool related information. Further, when a tool connects to the NTO and communicates TOI and/or other tool information to the NTO, this tool information can be stored in the tool properties database and later used to configure network traffic for additional similar tool devices that are subsequently connected to the NTO).
wherein the at least one of the plurality of potential tools includes the first network monitoring device, (Raney, par0038 discloses in addition to these systems, any number of network monitoring tools 114A, 114B . . . 114C [plurality of potential tools] can also be connected to the NTO 102, to the communication network, and/or to systems within the network. Further, the network monitoring tools 114A, 114B . . . 114C can be any of a wide variety of network related tools including traffic monitoring devices [network monitoring device], packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other desired network management or security tool device or system).
wherein receiving the user approval to use at least one of the plurality of potential tools includes adding the first network monitoring device to the available tool registry (Raney, par0083-0084 discloses FIG. 8 is an example embodiment 800 for graphical user interface (GUI) that displays an automatically suggested filter 806 to a user of the NTO 102, for example, through the management interface(s) 116A, 116B . . . 116C. In part, the user can access and use this GUI 800 to view, manage, and configure the filters 108 so that the input traffic is forwarded to tool devices as desired by the user. However, as described herein, the GUI 800 is also used to display filters that are automatically suggested by the tool processor 120….this new filter (F2) 806 is being suggested for use, and dashed lines are used to connect the automatically generated and suggested filter (F2) 806 between network input port 802 and tool output port 708. A symbol 804 such as an exclamation point can also be used to draw the user's attention to the new traffic connection to network port 802. Further, a message 808 can be displayed and/or otherwise communicated to the user that asks the user to confirm whether or not the automatically suggested filter (F2) 806 should be applied. If the user confirms[receiving the user approval, adding to the available tool registry] application of the filter 806, then is defined and the dashed lines can be changed to solid lines).
          Raney does not explicitly discloses receiving input indicating a desire by a user to perform a task; providing the at least one set of tool configurations, receiving user approval to use at least one of the plurality of potential tools.
          Lucas however discloses receiving input indicating a desire by a user to perform a task; (Lucas, par0041-0042 discloses depending on inputs from a user of the computer system via the graphical user interface, the system may proceed in a number of ways. In step 704, the computer may receive, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may enter a listing user the descriptor language, select graphic icons corresponding to available components, or select components via a drop-down menu system. The resulting listing is stored in a form congruent with the descriptor language in step 720. In step 706, the system may adjust the performance of the selected components using the descriptor language to specify component parameters. This may occur automatically, in accordance to, for example, the order in which the user had made selections. Alternatively, the user may use the descriptor language, drop down menus, or graphic icons to enter or alter the parameters of selected components).
providing the at least one set of tool configurations. (Lucas, par0046 discloses a consistent packaging tool for application deployment in cloud environments may be achieved through the use of a GUI and a cloud descriptor language. By standardizing interfaces of component resources, a single platform may be used to configure a wide variety of cloud environments in a consistent manner, thus facilitating initial environment design and ongoing revision, augmentation, and maintenance. Such a tool [providing the at least one set of tool configurations] may provide for a single framework for managing aspects of cloud deployments).
receiving user approval to use at least one of the plurality of potential tools. (Lucas, par0034 discloses FIG. 6 is an example computing system for managing a cloud design. A computer 602 supports the presentation of a graphical user interface to a user at a station 604. Station 604 includes a display, a keyboard, and a mouse. The computer 602 accesses a database of available cloud design components 610, where the available cloud design components comprise one or more of user resources, database resources, and feature resources. The available cloud design components have a standard interface and are congruent with a descriptor language, which includes standardized parameters for the available cloud design components. The computer 602 instantiates a graphical user interface configured to render a listing of available cloud design components, which the user accesses via the station 604. The computer 602 receives, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may select and arrange the components where they are depicted as graphic icons, e.g., by drag-and-drop mouse operations. Alternatively or additionally, the computer may receive the user selections of available components from the user in the form of text that uses the descriptor language. The computer stores the cloud design 612 in a form congruent with the descriptor language).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of receiving input indicating a desire by a user to perform a task; providing the at least one set of tool configurations, receiving user approval to use at least one of the plurality of potential tools, as taught by Lucas in the system of Raney, so cloud computing images can be used to deploy a cloud, repair damaged deployments, or to bring more cloud resources online in parallel with a deployed cloud, see Lucas par0003.
          Raney and Lucas do not explicitly wherein the, tools that are potentially available for use are unowned or unlicensed by the user.
          Piyush however discloses wherein the, tools that are potentially available for use are unowned or unlicensed by the user; (Piyush, par0067, 0096 discloses content management system 106 may not allow unlicensed member 506 access to or use of the collaboration tools available to licensed members 502 and/or 504 or may just allow use of the collaboration tools [tools that are potentially available for use] for viewing content items but not editing content items…Content management system 106 can allow the user to use the collaboration tools available to collaboration team 232.  The second user's access to team resources may be restricted according to the type of membership the second user has in the team.  For example, if the second user is an unlicensed member of collaboration team 232, the second user may have restricted or limited access to the resources of collaboration team 232).

          Raney, Lucas and Piyush do not explicitly disclose wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry.
          Nikolai however discloses wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry (Nikolai, par0096-0098 teaches this process is implemented when a difference is present between the starting set of security testing tools [available tool registry] and the selected set of security testing tools [the potential tool registry] determined to be needed for use by portable security testing device in testing the target…. The process begins by determining whether a first subset of security testing tools in the selected number of the security testing tools is absent from the starting set of the security testing tools (step 400). If the first subset of the security testing tools is absent, the process installs the first subset of the security testing tools in the selected set of the security testing tools that is absent in the starting set of the security testing tools on the portable security testing device (step 402)).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool 

As per claim 12. Raney, Lucas, Piyush and Nikolai disclose the system of claim 10.
          Raney further discloses wherein the tool information stored in the available tool registry or the potential tool registry is provided via a network operator, a user interface, an application programming interface, or a tool discovery mechanism. (Raney, par0031 discloses this automated discovery can be implemented using tool information stored in a database for known tool device types, using an API through which network tools can communicate tool information such as TOIs directly to the NTO, using tool information entered by a user and stored within the NTO, and/or using other desired techniques. Once the tool information such as TOI information is determined for a network tool device, the NTO can analyze its current network traffic and select appropriate packet types within the network traffic that match the TOI for the tool device and then forward this relevant traffic to the network tool device).

As per claim 13. Raney, Lucas, Piyush and Nikolai disclose the system of claim 10.
          Raney further discloses wherein the monitoring related task includes generating or obtaining network traffic metrics, detecting network congestion or other network conditions, detecting network traffic having predetermined characteristics, detecting malicious network traffic, or determining one or more network traffic trends. (Raney, par0060 discloses if a security monitoring tool detects a network breach or intrusion, the security monitoring tool may want to adjust its TOI to collect additional and/or different network traffic related to this network breach or intrusion. Other variations could also be implemented while still taking advantage of the automated tool discovery and configuration techniques described herein).

As per claim 14. Raney, Lucas, Piyush and Nikolai disclose the system of claim 10.
          Raney further discloses wherein the network monitoring tools include a network tap, a network packet broker, a security node, a firewall, a network firewall, an application firewall, or an intrusion protection or prevention system (IPS) node. (Raney, par0052 discloses FIG. 3 is a system diagram of an embodiment 300 for a network monitoring system including three network traffic sources connected to an NTO 102. In the example embodiment 300 depicted, a number of different processing system platforms 310, such as blade servers, are connected within a packet-based communication network with each other through a network switch 308. A first TAP 311 provides first network traffic (TRAFFIC 1) 312 to a first input port for the NTO 102. A second TAP 313 provides second network traffic (TRAFFIC 2) 314 to a second input port for the NTO 102. And a third TAP 315 provides third network traffic (TRAFFIC 3) 316 to a third input port for the NTO 102. As described herein, the NTO 102 includes a tool processor 120 that further includes a tool discovery engine (TDE) 202 and a tool configuration engine (TCE) 204. One or more tool devices 114A, 114B . . . can be connected to output ports for the NTO 102. It is again noted that these output ports can be bi-directional to allow the tool devices 114A, 114B . . . to communicate to the NTO 102, for example, through an API and/or through some other handshake protocol. Each tool device has device properties 302, such as for example, bandwidth limitations 306, traffic-of-interest (TOI) 304, and/or other tool information related to its operation and/or functionality).

As per claim 15. Raney, Lucas, Piyush and Nikolai disclose the system of claim 10.
          Raney further discloses wherein the declarative network monitoring input is provided via a graphical user interface (GUI), a user interface, a data file, or an application programming interface (API).  (Raney, par0083 discloses FIG. 8 is an example embodiment 800 for graphical user interface (GUI) that displays an automatically suggested filter 806 to a user of the NTO 102, for example, through the management interface(s) 116A, 116B . . . 116C. In part, the user can access and use this GUI 800 to view, manage, and configure the filters 108 so that the input traffic is forwarded to tool devices as desired by the user. However, as described herein, the GUI 800 is also used to display filters that are automatically suggested by the tool processor 120).

As per claim 16. Raney, Lucas, Piyush and Nikolai disclose the system of claim 10.
          Raney further discloses wherein the tool information in the available tool registry includes physical location information, network address information, bandwidth capacity information, ingress and egress port information, internal processing capability information, internal storage capacity information, performance information, communication link information, and/or connectivity information. (Raney, par0063 discloses The NTO 102 can also include a tool properties database 206 that stores information about known tool devices. Example embodiment 400 also includes two network input ports 402 and 404 and one tool output port 406. An ingress engine is associated with each of the network input ports 402/404, and an egress engine is associated with the tool output port 406. Further, for the example embodiment 400, the NTO 102 is already connected to receive first network traffic (TRAFFIC1) 312 at the first network input port (NETWORK PORT 1) 402 and to receive second network traffic (TRAFFIC 2) 314 at the second network input port (NETWORK PORT 2) 404).


As per claim 19. A non-transitory computer readable medium having stored thereon executable instructions that when executed by at least one processor of at least one computer cause the at least one computer to perform steps comprising: (Raney, par0017 discloses FIG. 1 is a block diagram of an example network monitoring system including a network tool optimizer having a tool processor that further includes a tool discovery engine and a tool configuration engine. Par0043 teaches it is further noted that software and related processing device(s) used to implement the NTO 102 and/or its components, such as filter processor 106, tool processor 120, and the control panel 104, can be implemented as software instructions embodied in a non-transitory computer-readable medium (e.g., memory storage devices, FLASH memory, DRAM memory, reprogrammable storage devices, hard drives, floppy disks, DVDs, CD-ROMs, etc.) including instructions that cause the processing devices used by the NTO 102 to perform the processes, functions, and/or capabilities described herein).
networking monitoring tools, networking monitoring (Raney, par0038 discloses in addition to these systems, any number of network monitoring tools 114A, 114B . . . 114C can also be connected to the NTO 102, to the communication network, and/or to systems within the network. Further, the network monitoring tools 114A, 114B . . . 114C can be any of a wide variety of network related tools including traffic monitoring devices, packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other desired network management or security tool device or system. Still further, as described herein, the network monitoring tools 114A, 114B . . . 114C can also be implemented as virtual instances of tool appliances within a large computing platform).
(Raney, par0029 discloses the NTO can use this tool identity information to search the internal tool properties database [providing an available tool registry for storing tool information associated with] for matching records. If a match is found, the stored tool information relating to the match [tools that are available for use] can be used to configure packet forwarding rules for filter engines within the NTO to forward relevant network traffic to the tool device according to stored tool information. The stored tool information in the database may include tool identification information, TOI information, tool capabilities, bandwidth limitations, and/or other tool related information. Further, when a tool connects to the NTO and communicates TOI and/or other tool information to the NTO, this tool information can be stored in the tool properties database and later used to configure network traffic for additional similar tool devices that are subsequently connected to the NTO).
providing a potential tool registry for storing tool information associated with, tools that are potentially available for use, by a user; (Raney, par0053 discloses once the type of tool device is determined by discovery upon its connection to a port for the NTO 102, the tool properties database 206 can be used to obtain information about this tool device if it is a known device type and data for that device type has previously been stored in the tool properties database 206. Further, the NTO 102 can provide an API that can be used by the tool device to update and/or provide operational information about itself to the NTO 102. Still further, a user can [by a user] manually provide, update, or add operational information about a tool device [tools that are potentially available for use] to the tool properties database 206 [potential tool registry], for example, through the management platforms 116A, 116B . . . 116C. Other techniques for providing tool information can also be utilized).
(Raney, par0035 discloses Looking back to FIG. 1, it is seen that the network monitoring system 100 includes a tool optimizer 102 connected to network traffic sources, network tool devices, and management platforms. In particular, a plurality of network sources 112A (SOURCE 1), 112B (SOURCE 2) . . . 112C (SOURCE (N)) provide network traffic, such as network packets within a packet-based network communication system, that is to be monitored and/or analyzed by a plurality of monitoring tools 114A (TOOL 1), 114B (TOOL 2) . . . 114C (TOOL (M)). The tool optimizer 102 includes filter processor 106 that operates to control how packets are forwarded from the network sources to the destination tools based upon packet forwarding rules 110 applied to filter engines 109. The tool optimizer 102 also allows users to view, define and/or manage filters 108 through the management platforms 16A (PLATFORM 1), 116B (PLATFORM 2) . . . 116C (PLATFORM (L)), and the tool optimizer 102 automatically generates packet forwarding rules 110 based upon the filters 108).
a monitoring related task (Raney, par0066 discloses the following tables represent example rules that can be set up in ingress and egress filter engines to handle a monitoring example where only email traffic (Port 25) is desired from a particular range of source identifiers for a newly connected tool device 410 as shown in FIG. 4. The first table provides example ingress filter engine rules to forward all user traffic within the selected range of source port (SP) addresses to the tool output port for the tool device. User traffic outside the selected range is dropped. The second table provides example egress filter engine rules that allows only email traffic (Port 25) to be passed to the monitoring tool device. All other packets are to be dropped. It is noted that an ingress filter engine is associated with each input port, and an egress engine is associated with the output port for the tool device).
(Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
wherein determining the at least one set of tool configurations comprises: determining, using the available tool registry, a plurality of available tools that are usable for performing the monitoring related task; (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
determining that performing the monitoring related task using the plurality of available tools is problematic; (Raney, par0060 discloses it is further noted that the TOI for a given tool device can be updated or otherwise modified during operation of the NTO 102 and/or the tool device. For example, the tool device can update its traffic feed characteristics at any time during its operation such as when it needs to adjust bandwidth of incoming traffic in order to handle overload conditions. Further, the tool device may want to adjust its TOI based upon events detected within the traffic it is receiving. For example, if a security monitoring tool detects a network breach or intrusion, the security monitoring tool may want to adjust its TOI to collect additional and/or different network traffic related to this network breach or intrusion. Other variations could also be implemented while still taking advantage of the automated tool discovery and configuration techniques described herein).
identifying, using the available tool registry, a plurality of potential tools to use for performing the monitoring related task; (Raney, par0029 discloses the NTO can use this tool identity information to search the internal tool properties database [providing an available tool registry for storing tool information associated with] for matching records. If a match is found, the stored tool information relating to the match [tools that are available for use] can be used to configure packet forwarding rules for filter engines within the NTO to forward relevant network traffic to the tool device according to stored tool information. The stored tool information in the database may include tool identification information, TOI information, tool capabilities, bandwidth limitations, and/or other tool related information. Further, when a tool connects to the NTO and communicates TOI and/or other tool information to the NTO, this tool information can be stored in the tool properties database and later used to configure network traffic for additional similar tool devices that are subsequently connected to the NTO).
wherein the at least one of the plurality of potential tools includes the first network monitoring device, (Raney, par0038 discloses in addition to these systems, any number of network monitoring tools 114A, 114B . . . 114C [plurality of potential tools] can also be connected to the NTO 102, to the communication network, and/or to systems within the network. Further, the network monitoring tools 114A, 114B . . . 114C can be any of a wide variety of network related tools including traffic monitoring devices [network monitoring device], packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other desired network management or security tool device or system).
wherein receiving the user approval to use at least one of the plurality of potential tools includes adding the first network monitoring device to the available tool registry (Raney, par0083-0084 discloses FIG. 8 is an example embodiment 800 for graphical user interface (GUI) that displays an automatically suggested filter 806 to a user of the NTO 102, for example, through the management interface(s) 116A, 116B . . . 116C. In part, the user can access and use this GUI 800 to view, manage, and configure the filters 108 so that the input traffic is forwarded to tool devices as desired by the user. However, as described herein, the GUI 800 is also used to display filters that are automatically suggested by the tool processor 120….this new filter (F2) 806 is being suggested for use, and dashed lines are used to connect the automatically generated and suggested filter (F2) 806 between network input port 802 and tool output port 708. A symbol 804 such as an exclamation point can also be used to draw the user's attention to the new traffic connection to network port 802. Further, a message 808 can be displayed and/or otherwise communicated to the user that asks the user to confirm whether or not the automatically suggested filter (F2) 806 should be applied. If the user confirms[receiving the user approval, adding to the available tool registry] application of the filter 806, then is defined and the dashed lines can be changed to solid lines).
          Raney does not explicitly discloses receiving input indicating a desire by a user to perform a task; providing the at least one set of tool configurations, receiving user approval to use at least one of the plurality of potential tools.
          Lucas however discloses receiving input indicating a desire by a user to perform a task; (Lucas, par0041-0042 discloses depending on inputs from a user of the computer system via the graphical user interface, the system may proceed in a number of ways. In step 704, the computer may receive, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may enter a listing user the descriptor language, select graphic icons corresponding to available components, or select components via a drop-down menu system. The resulting listing is stored in a form congruent with the descriptor language in step 720. In step 706, the system may adjust the performance of the selected components using the descriptor language to specify component parameters. This may occur automatically, in accordance to, for example, the order in which the user had made selections. Alternatively, the user may use the descriptor language, drop down menus, or graphic icons to enter or alter the parameters of selected components).
providing the at least one set of tool configurations. (Lucas, par0046 discloses a consistent packaging tool for application deployment in cloud environments may be achieved through the use of a GUI and a cloud descriptor language. By standardizing interfaces of component resources, a single platform may be used to configure a wide variety of cloud environments in a consistent manner, thus facilitating initial environment design and ongoing revision, augmentation, and maintenance. Such a tool [providing the at least one set of tool configurations] may provide for a single framework for managing aspects of cloud deployments).
receiving user approval to use at least one of the plurality of potential tools. (Lucas, par0034 discloses FIG. 6 is an example computing system for managing a cloud design. A computer 602 supports the presentation of a graphical user interface to a user at a station 604. Station 604 includes a display, a keyboard, and a mouse. The computer 602 accesses a database of available cloud design components 610, where the available cloud design components comprise one or more of user resources, database resources, and feature resources. The available cloud design components have a standard interface and are congruent with a descriptor language, which includes standardized parameters for the available cloud design components. The computer 602 instantiates a graphical user interface configured to render a listing of available cloud design components, which the user accesses via the station 604. The computer 602 receives, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may select and arrange the components where they are depicted as graphic icons, e.g., by drag-and-drop mouse operations. Alternatively or additionally, the computer may receive the user selections of available components from the user in the form of text that uses the descriptor language. The computer stores the cloud design 612 in a form congruent with the descriptor language).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of receiving input indicating a desire by a user to perform a task; providing the at least one set of tool configurations, receiving user approval to use at least one of the plurality of potential tools, as taught by Lucas in the non-transitory computer readable medium of Raney, so cloud computing images can be used to deploy a cloud, repair damaged deployments, or to bring more cloud resources online in parallel with a deployed cloud, see Lucas par0003.
          Raney and Lucas do not explicitly wherein the, tools that are potentially available for use are unowned or unlicensed by the user.
          Piyush however discloses wherein the, tools that are potentially available for use are unowned or unlicensed by the user; (Piyush, par0067, 0096 discloses content management system 106 may not allow unlicensed member 506 access to or use of the collaboration tools available to licensed members 502 and/or 504 or may just allow use of the collaboration tools [tools that are potentially available for use] for viewing content items but not editing content items….Content management system 106 can allow the user to use the collaboration tools available to collaboration team 232.  The second user's access to team resources may be restricted according to the type of membership the second user has in the team.  For example, if the second user is an unlicensed member of collaboration team 232, the second user may have 
restricted or limited access to the resources of collaboration team 232).

          Raney, Lucas and Piyush do not explicitly disclose wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry.
          Nikolai however discloses wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool registry (Nikolai, par0096-0098 teaches this process is implemented when a difference is present between the starting set of security testing tools [available tool registry] and the selected set of security testing tools [the potential tool registry] determined to be needed for use by portable security testing device in testing the target…. The process begins by determining whether a first subset of security testing tools in the selected number of the security testing tools is absent from the starting set of the security testing tools (step 400). If the first subset of the security testing tools is absent, the process installs the first subset of the security testing tools in the selected set of the security testing tools that is absent in the starting set of the security testing tools on the portable security testing device (step 402)).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the potential tool registry refers to a first network monitoring device that is absent from the available tool .

Claims 2, 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Raney in view of Lucas further in view of Piyush further in view of Nikolai, and further in view of Wang et al. (US20160094383A1) hereinafter Wang.
As per claim 2.   Raney, Lucas, Piyush and Nikolai disclose the method of claim 1. 
          Raney further discloses wherein determining the at least one set of tool configurations includes, identify the network monitoring tools to perform the monitoring related task. (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
          Raney, Lucas, Piyush and Nikolai do not explicitly disclose using network topology information to.
          Wang however discloses using network topology information to (Wang, par0019 discloses Network management systems are becoming increasingly important tools for use in maintaining network health and performance, especially as networks continue to expand in both size and complexity.  Such monitoring tools are used to monitor network traffic and identify issues causing poor performance (e.g., bottlenecks, packets drops, etc.).  When performance issues are identified by the monitoring tools, network management tools rely on configuration/topology 
information to understand the existing network topology and then re-route network traffic and/or reconfigure the network as needed.  As a result, such monitoring tools typically include mechanisms to collect information about which network elements/devices are coupled to the network and use that information to populate a configuration database.  Such tools may also collect information about how the network elements/devices are positioned relative to 
one another so that network traffic can be re-routed as needed to maintain network performance.  To ensure that plans to re-route traffic or reconfigure the network are effective, it is important that the configuration database be kept as up-to-date as possible).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of using network topology information to, as taught by Wang in the method of Raney, Lucas, Piyush and Nikolai, so network management tools are used to monitor network, to analyze traffic flows, to identify changes to the configuration and to track such changes in a network, see Wang par0002.

As per claim 11. Raney, Lucas, Piyush and Nikolai disclose the system of claim 10. 
          Raney further discloses wherein the network monitoring system is configured for, identify the network monitoring tools to perform the monitoring related task. (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
          Raney, Lucas, Piyush and Nikolai do not explicitly disclose using network topology information to.
          Wang however discloses using network topology information to (Wang, par0019 discloses Network management systems are becoming increasingly important tools for use in maintaining network health and performance, especially as networks continue to expand in both size and complexity.  Such monitoring tools are used to monitor network traffic and identify issues causing poor performance (e.g., bottlenecks, packets drops, etc.).  When performance issues are identified by the monitoring tools, network management tools rely on configuration/topology 
information to understand the existing network topology and then re-route network traffic and/or reconfigure the network as needed.  As a result, such monitoring tools typically include mechanisms to collect information about which network elements/devices are coupled to the network and use that information to populate a configuration database.  Such tools may also collect information about how the network elements/devices are positioned relative to 
one another so that network traffic can be re-routed as needed to maintain network performance.  To ensure that plans to re-route traffic or reconfigure the network are effective, it is important that the configuration database be kept as up-to-date as possible).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of using network topology information to, as taught by Wang in the system of Raney, Lucas, Piyush and Nikolai, so network management tools are used to monitor network, to analyze traffic flows, to identify changes to the configuration and to track such changes in a network, see Wang par0002.

As per claim 20. Raney, Lucas, Piyush and Nikolai disclose the non-transitory computer readable medium of claim 19. 
          Raney further discloses wherein determining the at least one set of tool configurations includes, identify the network monitoring tools to perform the monitoring related task. (Raney, par0041 discloses in operation, the tool discovery engine (TDE) 202 determines relevant traffic and/or other information about the tools that are connected and/or are being connected to the NTO 102. Once this tool information is determined, the tool discovery engine (TDE) 202 further identifies traffic-of-interest (TOI) for the tool. This TOI and other tool related information can be communicated directly from the tool, can be obtained from the tool properties database 206 of tool related operational information, and/or can be obtained through other techniques. The tool configuration engine (TCE) 204 uses the tool information for the tool device to automatically define filters 108 and/or automatically suggest filters 108 that will forward relevant network traffic from the traffic received by the NTO 102 to the network tool device. The filter processor 106 then automatically generates packet forwarding rules 110 based upon the filters 108, and these packet forwarding rules 110 are applied to the filter engines 206/212. These forwarding rules 108 determine at least in part how the filter engines 206/212 forward packets from input ports 202 to output ports 214 for the NTO 102 through packet forwarding circuitry 208).
          Raney, Lucas, Piyush and Nikolai do not explicitly disclose using network topology information to.
          Wang however discloses using network topology information to (Wang, par0019 discloses Network management systems are becoming increasingly important tools for use in maintaining network health and performance, especially as networks continue to expand in both size and complexity.  Such monitoring tools are used to monitor network traffic and identify issues causing poor performance (e.g., bottlenecks, packets drops, etc.).  When performance issues are identified by the monitoring tools, network management tools rely on configuration/topology 
information to understand the existing network topology and then re-route network traffic and/or reconfigure the network as needed.  As a result, such monitoring tools typically include mechanisms to collect information about which network elements/devices are coupled to the network and use that information to populate a configuration database.  Such tools may also collect information about how the network elements/devices are positioned relative to 
one another so that network traffic can be re-routed as needed to maintain network performance.  To ensure that plans to re-route traffic or reconfigure the network are effective, it is important that the configuration database be kept as up-to-date as possible).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of using network topology information to, as taught by Wang in the non-transitory computer readable medium of Raney, Lucas, Piyush and Nikolai, so network management tools are used to monitor network, to analyze traffic flows, to identify changes to the configuration and to track such changes in a network, see Wang par0002.

Conclusion
The prior art made of record and not relied upon is considered pertinent are -
• Lushear et al. (US8355316B1) – Related art in the area of providing end-to-end monitoring of a data communication system between a plurality of customer networks.
• Breternitz (US20140047342A1) – Related art in the area of providing a computing configuration system including a data monitor configurator operative to initiate a hardware performance assessment test on a group of available nodes.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONISHWAR MOHAN whose telephone number is (571)272-2907. The examiner can normally be reached Monday - Thursday 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on (571) 272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.M./Examiner, Art Unit 2442                                                                                                                                                                                                        

/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442