EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in a telephone interview with Nathan Mutter, Reg. No. 70107, on 04/27/2022.

Please replace all previous claim listings with the following: 

1. 	(Previously Presented) A method for pulling a snapshot of data for a first virtual machine of a tenant executing on a multi-tenant compute infrastructure, the method comprising:
allocating, to an envoy, a computing resource of the tenant while one or more virtual machines of a plurality of virtual machines of the tenant are executing, the envoy implemented as a second virtual machine of the plurality of virtual machines and connected with the plurality of virtual machines of the tenant including the first virtual machine via a virtual tenant network of the tenant, wherein the envoy connects with virtual machines that operate different virtualization protocols, and wherein the multi-tenant compute infrastructure restricts access by a data management and storage (DMS) cluster to the virtual tenant network of the tenant and to an infrastructure network connecting physical machines including a physical machine that executes the first virtual machine of the tenant;
establishing a connection between the envoy and the DMS cluster;
providing, via the envoy the envoy, the DMS cluster access to the plurality of virtual machines of the tenant via the virtual tenant network of the tenant based at least in part on the connection between the envoy and the DMS cluster, wherein the infrastructure network and the virtual tenant network use different network layers and share a physical layer;
generating the snapshot of the first virtual machine of the tenant;
storing the snapshot of the first virtual machine of the tenant in the computing resource, the computing resource comprising a virtual disk; and
sending, via the envoy, the snapshot to a DMS node of the DMS cluster.

2. 	(Canceled)

3. 	(Canceled)

4. 	(Previously Presented) The method of claim 1, wherein the infrastructure network includes a first transmission control protocol (TCP) network and the virtual tenant network including a second TCP network isolated from the first TCP network, wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure, and wherein the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.

5. 	(Canceled)

6. 	(Previously Presented) The method of claim 1, further comprising:
establishing a connection between the envoy and the DMS cluster including sending a secure socket layer (SSL) certificate to the DMS cluster.

7. 	(Previously Presented) The method of claim 1, further comprising, prior to sending the snapshot from the first virtual machine to the DMS node, encrypting the snapshot.

8. 	(Previously Presented) The method of claim 1, wherein the DMS cluster includes a distributed data store implemented across peer DMS nodes of the DMS cluster, and wherein the method further comprises:
storing the snapshot of an application in the distributed data store.

9. 	(Previously Presented) The method of claim 1, wherein the computing resource is allocated to the envoy while the first virtual machine is executing on the multi-tenant compute infrastructure.

10. 	(Previously Presented) The method of claim 1, further comprising:
generating another snapshot of another virtual machine of the plurality of virtual machines of the tenant in parallel with generating the snapshot of the first virtual machine; and sending the another snapshot to the DMS cluster.

11. 	(Previously Presented) The method of claim 1, further comprising:
establishing another connection between the envoy and a third virtual machine based on sending a secure socket layer (SSL) certificate to the third virtual machine.

12. 	(Previously Presented) The method of claim 1, further comprising:
generating a data fetch job for the first virtual machine;
placing the data fetch job in a job queue accessible to peer DMS nodes of the DMS cluster to schedule the data fetch job;
retrieving the data fetch job from the job queue; and
in response to retrieving the data fetch job, generating the snapshot of the first virtual machine.

13. 	(Previously Presented) The method of claim 12, wherein the DMS node generates the data fetch job and places the data fetch job in the job queue stored in a distributed database of the DMS cluster.

14. 	(Original) The method of claim 13, wherein the envoy retrieves the data fetch job from the job queue.

15. 	(Previously Presented) The method of claim 13, wherein:
the DMS node retrieves the data fetch job from the job queue; and
the method further includes, in response to retrieving the data fetch job sending a request from the DMS node to a virtualization module of the first virtual machine via the envoy to generate the snapshot of the first virtual machine.

16. 	(Canceled)

17. 	(Canceled)

18. 	(Original) The method of claim 1, further comprising removing the snapshot from the virtual disk subsequent to sending the snapshot to the DMS node.

19. 	(Currently Amended) A multi-tenant compute infrastructure, comprising:
a processor;
a first virtual machine of a tenant of the multi-tenant compute infrastructure; and
an envoy allocated from a computing resource of the tenant while one or more virtual machines of a plurality of virtual machines of the tenant are executing, the envoy implemented as a second virtual machine of the plurality of virtual machines and connected to the plurality of virtual machines of the tenant including the first virtual machine via a virtual tenant network of the tenant, wherein[[,]] the envoy
connects with virtual machines that operate different virtualization protocols;
establishes a connection with a data management and storage (DMS) cluster, wherein the multi-tenant compute infrastructure restricts access by the DMS cluster to the virtual tenant network of the tenant and to an infrastructure network connecting physical machines including a physical machine that executes the first virtual machine;
provides the DMS cluster access to the plurality of virtual machines of the tenant via the virtual tenant network based at least in part on the connection between the envoy and the DMS cluster;
generates a snapshot of the first virtual machine;
stores the snapshot of the first virtual machine in the computing resource, the computing resource comprising a virtual disk; and
sends, via the envoy, the snapshot to a DMS node of the DMS cluster, wherein:
the infrastructure network and the virtual tenant network use different network layers and share a physical layer;
the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi- tenant compute infrastructure; and
the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.

20. 	(Currently Amended) A non-transitory computer-readable medium comprising instructions that when executed by one or more processors configures the one or more processors to:
allocate, to an envoy, a computing resource of a tenant executing on a multi- tenant compute infrastructure while one or more virtual machines of a plurality of virtual machines of the tenant are executing, the envoy implemented as a second virtual machine of the plurality of virtual machines and connected with the plurality of virtual machines of the tenant including a first virtual machine via a virtual tenant network of the tenant, wherein the envoy s with virtual machines that operate different virtualization protocols, and wherein the multi-tenant compute infrastructure restricts access by a data management and storage (DMS) cluster to the virtual tenant network of the tenant and to an infrastructure network connecting physical machines including a physical machine that executes the first virtual machine;
establish a connection between the envoy and the DMS cluster;
provide, via the envoy, the DMS cluster including peer DMS nodes with access to the first virtual machine of the tenant via the virtual tenant network of the tenant based at least in part on the connection between the envoy and the DMS cluster, wherein:
the infrastructure network and the virtual tenant network use different network layers and share a physical layer;
the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and
the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer;
generate a snapshot of the first virtual machine; and
send, via the envoy, the snapshot to a DMS node of the DMS cluster.

Reasons for Allowance
The following is a statement of reasons for the indication of allowable subject matter:
The prior art of record, Astete et al. Pub. No. US 2013/0290960 A1 (hereafter Astete) teaches a multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources via the Internet. Within the MTVMI, different tenants may define unique configurations of virtual computing resources and unique rules to govern the use of the virtual computing resources. The MTVMI may be configured to provide valuable services for tenants and users associated with the tenants.
Piccinini et al. Pub. No. US 2017/0060569 A1 (hereafter Piccinini) teaches a multi-tenant software program is maintained in a computing environment having a plurality of compatible instances of the program, each adapted to serve a plurality of tenants, with each controlling corresponding individual data. The method includes: receiving a maintenance request for a target instance, the target instance having one or more target tenants each controlling corresponding target individual data; selecting an auxiliary instance from other instances different from the target instance; providing the target individual data of each target tenant to the auxiliary instance; redirecting each target tenant by forwarding each target tenant request to the auxiliary instance; applying a maintenance operation on the target instance according to the maintenance request; returning the target individual data of each target tenant from the auxiliary instance in response to the applying of the maintenance operation; and restoring the serving of each target tenant request by the target instance.
Neither Astete nor Piccinini, anticipate or render obvious the combination set forth in the independent claims. That is, the claims require a tenant of a multi-tenant compute infrastructure includes an envoy to provide a data management and storage (DMS) cluster of peer DMS nodes with access to virtual machines of the tenant executing on the compute infrastructure for DMS services such as backup, recovery, replication, archival, and analytics services. A connection is established between the envoy of the tenant and the DMS cluster including peer DMS nodes. The envoy is connected with the virtual machine via a virtual tenant network of the multi-tenant compute infrastructure. The envoy provides the DMS cluster access to the virtual machine via the virtual tenant network. For a backup or "data fetch" job, a snapshot of the virtual machine is generated, such as in response to a request from a peer DMS node. After generating the snapshot, the snapshot is sent from the virtual machine to the peer DMS node via the envoy. The snapshot may be stored in a distributed data store implemented across the peer DMS nodes of the DMS cluster. The envoy is itself a virtual machine of the tenant and further connects with other virtual machines of different virtualization protocols. Further still, the multi-tenant compute infrastructure  restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine. Thus, an envoy which itself executes within a virtual machine of a tenant is both connecting and communicating with other virtual machine which are utilizing different virtualization protocols and also provides DMS cluster access wherein such access would otherwise be restricted by the multi-tenant virtualization infrastructure. The envoy operates in a privileged and an agnostic manner relative to other tenants and virtual machines to facilitate these connections and accesses when it would otherwise be difficult to port applications and data of tenants/virtual machines between different platforms.
The aforementioned limitations and reasons are in conjunction with all other claim limitations and the structure and environment which are not specifically recited in the quotes or expounded upon in the reasons. The Notice of Allowability is based on the totality of the claims. Thus, for at least the foregoing reasons, the prior art of record neither anticipates nor rendered obvious the present invention as set forth in the claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY A TEETS whose telephone number is (571)272-3338.  The examiner can normally be reached on Monday - Friday, 6am-2pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng An can be reached on 5712723756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY A TEETS/Primary Examiner, Art Unit 2195