Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.

Applicant's submission filed on 03/23/2022 has been entered. Claims 1-5, 7-15, 17-25, 27-30 have been examined. Claims 6, 16, 26 are cancelled. 

  
Response to Arguments
Applicant’s arguments, see Remarks - Pages 8-9, filed on 03/23/2022, with respect to the rejections of claims 1,11,21  under 103 (a) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Allred.

Note: 
The prior art made of record and not relied upon is considered pertinent to applicant's amendment with regards to claims 1,11,21. 
Vandevelde et al. Publication No. US 2012/0158200 A1  - See Fig.5, ¶ 0045;¶ 0052; ¶ 0058





Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
 
Claims 1-3,7,9,10-13,17,19,20-22,23,27,29,30 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Gladstone et al. Publication No. US 2002/0194495 A1 (Gladstone hereinafter) in view of Allred et al. Publication No. US 2004/004771  (Allred hereinafter) further in view of  Hooks et al. Publication No. US 2005/0038827 A1 (Hooks hereinafter) 

Regarding claim 1,

Gladstone teaches a method comprising:
 providing, by a remote network management platform, a first cloud extension agent that facilitates internet-based management of a first set of local computing resources of a first network, wherein the first cloud extension agent is to run locally on the first network and initiate a first connection to the remote network management platform through a firewall of the first network [..] establishing the first connection to the first cloud extension agent (Fig.3 shows providing by  event processing system , an first event agent ( 45A) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044-  Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall ¶ meters, or other instructions – ¶0044;¶  0047 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels); 


providing a second cloud extension agent that facilitates internet-based management of a second set of local computing resources of a second network, wherein the second cloud extension agent  is to run locally on the second network and initiate a second connection to the remote network management platform through the firewall of the first network[..];  establishing the second connection to the second cloud extension agent(Fig.3 shows providing by  event processing system , a second event agent ( 50B) is to run locally on a network and initiate a connection to the event processing server through a firewall of the network – ¶  0044 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall ¶ meters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels – ¶ 0035 -By continuously tracking and analyzing the activity reported by various event agents across one or more network ); and


 providing a first set of instructions to the first cloud extension agent via the first connection and a second set of instructions to the second cloud extension via the second connection (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


However, Gladstone does not explicitly teach initiating a first connection to the remote network management platform through a firewall of the first network without reconfiguration and initiating  a second connection to the remote network management platform through the firewall of the second network without reconfiguration. 
receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources. 


receiving, from at least one of the first cloud extension agent or the second cloud extension agent, only incremental data comprising changes in at least one of the corresponding statuses of the first set of local computing devices captured in the first snapshot or the corresponding statuses of the second set of local computing devices captured in the second snapshot. 

Allred teaches 

initiating a first connection to the remote network management platform through a firewall of the first network without reconfiguration and initiating  a second connection to the remote network management platform through the firewall of the second network without reconfiguration (Fig.15,Fig.18, ¶ 0003 - In many cases, a user will want the client and the server to communicate with each other without modifying the firewall, either because the firewall is not within their control (it may be run by the information systems department or the Internet service provider) or because they don't know how or don't want to go through the trouble of modifying the firewall. Therefore, one possible solution for server-initiated transactions is to first establish a persistent network connection from the client to the server. With a persistent connection between the client and the server, the server can initiate transactions whenever necessary. ¶ 0034 - . providing for persistent connections to clients, allows for server interaction and communication with clients that otherwise may not be accessible. ¶ 0076 - connection-initiating client 1802, a client agent 1806, and the connection manager 1814. The client agent 1806 establishes a persistent connection 1810 with the connection manager 1814 through any firewall 1808 that may be present. The client 1802 may communicate with the CM 1814 via link 1812. Toe server 1818 may communicate with the CM 1814 via link 1816 -¶ 0110 the network 102 might be or include one or more of: the Internet, a Local Area Network (LAN), Wide Area Network (WAN), satellite link, fiber network, cable network, or a combination of these and/or others networks .See Also claims 47-49 – Note: examiner can also interpret  that the first network and second network as same network). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Allred. The motivation for doing so is to allow the system to provide  persistent connections with  clients, This connection allows for servers to communicate with clients, which would otherwise be inaccessible (Allred - Abstract, ¶ 0005).

Hooks teaches 
receiving, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources (Fig.1, ¶ 0017 receiving a plurality of snapshots from a plurality of computers, storing the plurality of snapshots in a data store – ¶ 0040 - In the embodiment shown in FIG. 1, an Agent component 202 is deployed within each monitored machine 116a, b. The Agent component 202 gathers data from the client 116. At scheduled intervals (e.g., once per day) or in response to a command from the Analytic component 110, the Agent component 202 takes a detailed snapshot of the state of the machine in which it resides. This snapshot includes a detailed examination of all system files, designated application files, the registry, performance counters, processes, services, communication ports, hardware configuration, and log files. The results of each scan are then compressed and transmitted in the form of a Snapshot to a Collector component 108 – See ¶ 0057). 
receiving, from at least one of the first cloud extension agent or the second cloud extension agent, only incremental data comprising changes in at least one of the corresponding statuses of the first set of local computing devices captured in the first snapshot or the corresponding statuses of the second set of local computing devices captured in the second snapshot (¶ 0085 - Also, in one embodiment of the present invention, the entire snapshot is stored in a data store. In another embodiment, only the portions of the snapshot that have changed from a prior version are stored (i.e., a delta snapshot) – ¶ 0106 - the Analytic component (110) evaluates snapshots for a plurality of computers 702. These snapshots can be base snapshots that comprise the complete state of the computer or delta snapshots that comprise the changes in the state of the computer since the last base snapshot. The Analytic component (110) uses the snapshots to create an adaptive reference model 704. Note that when using delta snapshots for this purpose, the Analytic component must first reconstitute the equivalent of a base snapshot by applying the changes described in the delta snapshot to the most recent base snapshot - lytic component (110) subsequently receives a second snapshot (base or delta) for at least one of the plurality of computers 706. The snapshot may be created base~ on various events, such as the passage of a predetermined amount of time, the installation of a new program, or some other suitable event – Claim 29, Fig.12). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Hooks. The motivation for doing so is to allow the system to only send the portions of the snapshot that have changed instead of the full snapshot  in order to save bandwidth.
Regarding claim 2,

Gladstone further teaches 
wherein the first set of instructions comprises one or more actions to be performed by the first cloud extension agent on the first set of local computing resources and the second set of instructions comprises one or more actions to be performed by the second cloud extension agent on the second set of local computing resources(¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).

Regarding claim 3,

Gladstone in view of Allred further teaches 
wherein the first set of local computing resources corresponds to a first region of the first network and wherein the second set of local computing resources corresponds to a second region of the second network (Gladstone – ¶ 0035;Fig.3 shows each computing resources in each nodes corresponds to different region within one or more networks – Note the first network  and second network are within the same network – Allred - ¶ 0110).   

Regarding claim 7,

Gladstone further teaches 
wherein the first set of instructions is different than the second set of instructions (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .




Regarding claim 9,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a configuration change (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


Regarding claim 10,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a policy change (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions ).


Regarding claim 11,

Gladstone teaches a system comprising: a memory; and a hardware resource operatively coupled to the memory, the hardware resource to:
 provide, by a remote network management platform, a first cloud extension agent that facilitates internet-based management of a first set of local computing resources of a  first network, wherein the first cloud extension agent is to run locally on the first network and initiate a first connection to the remote network management platform through a firewall of the first network [..] establishing the first connection to the first cloud extension agent (Fig.3 shows providing by  event processing system , an first event agent ( 45A) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044-  Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0044;¶  0047 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels); 


provide a second cloud extension agent that facilitates internet-based management of a second set of local computing resources of a second network, wherein the second cloud extension agent is to run locally on the second network and initiate a second connection to the remote network management platform through the firewall of the first network [..] ;  establishing the second connection to the second cloud extension agent(Fig.3 shows providing by  event processing system , a second event agent ( 50B) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels– ¶ 0035 -By continuously tracking and analyzing the activity reported by various event agents across one or more network ); and


 provide a first set of instructions to the first cloud extension agent via the first connection and a second set of instructions to the second cloud extension agent via the second connection (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


However, Gladstone does not explicitly teach initiating a first connection to the remote network management platform through a firewall of the first network without reconfiguration and initiating  a second connection to the remote network management platform through the firewall of the second network without reconfiguration. 
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources. 


receive, from at least one of the first cloud extension agent or the second cloud extension agent, only incremental data comprising changes in at least one of the corresponding statuses of the first set of local computing devices captured in the first snapshot or the corresponding statuses of the second set of local computing devices captured in the second snapshot. 

Allred teaches 

initiating a first connection to the remote network management platform through a firewall of the first network without reconfiguration and initiating  a second connection to the remote network management platform through the firewall of the second network without reconfiguration (Fig.15,Fig.18, ¶ 0003 - In many cases, a user will want the client and the server to communicate with each other without modifying the firewall, either because the firewall is not within their control (it may be run by the information systems department or the Internet service provider) or because they don't know how or don't want to go through the trouble of modifying the firewall. Therefore, one possible solution for server-initiated transactions is to first establish a persistent network connection from the client to the server. With a persistent connection between the client and the server, the server can initiate transactions whenever necessary. ¶ 0034 - . providing for persistent connections to clients, allows for server interaction and communication with clients that otherwise may not be accessible. ¶ 0076 - connection-initiating client 1802, a client agent 1806, and the connection manager 1814. The client agent 1806 establishes a persistent connection 1810 with the connection manager 1814 through any firewall 1808 that may be present. The client 1802 may communicate with the CM 1814 via link 1812. Toe server 1818 may communicate with the CM 1814 via link 1816 -¶ 0110 the network 102 might be or include one or more of: the Internet, a Local Area Network (LAN), Wide Area Network (WAN), satellite link, fiber network, cable network, or a combination of these and/or others networks .See Also claims 47-49). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Allred. The motivation for doing so is to allow the system to provide  persistent connections with  clients, This connection allows for servers to communicate with clients, which would otherwise be inaccessible (Allred - Abstract, ¶ 0005).

Hooks teaches 
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources (Fig.1, ¶ 0017 receiving a plurality of snapshots from a plurality of computers, storing the plurality of snapshots in a data store – ¶ 0040 - In the embodiment shown in FIG. 1, an Agent component 202 is deployed within each monitored machine 116a, b. The Agent component 202 gathers data from the client 116. At scheduled intervals (e.g., once per day) or in response to a command from the Analytic component 110, the Agent component 202 takes a detailed snapshot of the state of the machine in which it resides. This snapshot includes a detailed examination of all system files, designated application files, the registry, performance counters, processes, services, communication ports, hardware configuration, and log files. The results of each scan are then compressed and transmitted in the form of a Snapshot to a Collector component 108 – See ¶ 0057). 
receive, from at least one of the first cloud extension agent or the second cloud extension agent, only incremental data comprising changes in at least one of the corresponding statuses of the first set of local computing devices captured in the first snapshot or the corresponding statuses of the second set of local computing devices captured in the second snapshot (¶ 0085 - Also, in one embodiment of the present invention, the entire snapshot is stored in a data store. In another embodiment, only the portions of the snapshot that have changed from a prior version are stored (i.e., a delta snapshot) – ¶ 0106 - the Analytic component (110) evaluates snapshots for a plurality of computers 702. These snapshots can be base snapshots that comprise the complete state of the computer or delta snapshots that comprise the changes in the state of the computer since the last base snapshot. The Analytic component (110) uses the snapshots to create an adaptive reference model 704. Note that when using delta snapshots for this purpose, the Analytic component must first reconstitute the equivalent of a base snapshot by applying the changes described in the delta snapshot to the most recent base snapshot -  component (110) subsequently receives a second snapshot (base or delta) for at least one of the plurality of computers 706. The snapshot may be created base~ on various events, such as the passage of a predetermined amount of time, the installation of a new program, or some other suitable event – Claim 29, Fig.12). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Hooks. The motivation for doing so is to allow the system to only send the portions of the snapshot that have changed instead of the full snapshot  in order to save bandwidth.
Regarding claim 12,

Gladstone further teaches 
wherein the first set of instructions comprises one or more actions to be performed by the first cloud extension agent on the first set of local computing resources and the second set of instructions comprises one or more actions to be performed by the second cloud extension agent on the second set of local computing resources(¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .

Regarding claim 13,

Gladstone in view of Allred further teaches 
wherein the first set of local computing resources corresponds to a first region of the first network and wherein the second set of local computing resources corresponds to a second region of the second network (Gladstone – ¶ 0035;Fig.3 shows each computing resources in each nodes corresponds to different region within one or more networks – Note the first network  and second network are within the same network – Allred - ¶ 0110).   



 
Regarding claim 17,

Gladstone further teaches 
wherein the first set of instructions is different than the second set of instructions (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .


Regarding claim 19,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a configuration change (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall ¶ meters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


Regarding claim 20,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a policy change.  (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions ).


Regarding claim 21,

Gladstone teaches a non-transitory computer readable medium, having instructions stored thereon which, when executed by a hardware resource, cause the hardware resource to:
 provide, by a remote network management platform, a first cloud extension agent that facilitates internet-based management of a first set of local computing resources of a first network, wherein the first cloud extension agent is to run locally on the first network and initiate a first connection to the remote network management platform through a firewall of the first network [..] establish the first connection to the first cloud extension agent (Fig.3 shows providing by  event processing system , an first event agent ( 45A) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044-  Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0044;¶  0047 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels); 


provide a second cloud extension agent that facilitates internet-based management of a second set of local computing resources of a second network, wherein the second cloud extension agent is to run locally on the second network and initiate a second connection to the remote network management platform through the firewall of the first network[..];  establish the second connection to the second cloud extension agent(Fig.3 shows providing by  event processing system , a second event agent ( 50B) is to run locally on a the network and initiate a connection to the event processing server through a firewall of the network – ¶  0044 - In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0005- Examples of conventional active security systems include access control tools, content filtering tools, and system auditing tools. Access control tools, such as network firewalls, can be deployed on dedicated machines, usually at a network perimeter, to control inbound and outbound access using pre-configured permission levels– ¶ 0035 -By continuously tracking and analyzing the activity reported by various event agents across one or more network ); and


 providing a first set of instructions to the first cloud extension agent via the first connection and a second set of instructions to the second cloud extension agent via the second connection (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, Instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).

However, Gladstone does not explicitly teach initiating a first connection to the remote network management platform through a firewall of the first network without reconfiguration and initiating  a second connection to the remote network management platform through the firewall of the second network without reconfiguration. 
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources. 


receive, from at least one of the first cloud extension agent or the second cloud extension agent, only incremental data comprising changes in at least one of the corresponding statuses of the first set of local computing devices captured in the first snapshot or the corresponding statuses of the second set of local computing devices captured in the second snapshot. 

Allred teaches 

initiating a first connection to the remote network management platform through a firewall of the first network without reconfiguration and initiating  a second connection to the remote network management platform through the firewall of the second network without reconfiguration (Fig.15,Fig.18, ¶ 0003 - In many cases, a user will want the client and the server to communicate with each other without modifying the firewall, either because the firewall is not within their control (it may be run by the information systems department or the Internet service provider) or because they don't know how or don't want to go through the trouble of modifying the firewall. Therefore, one possible solution for server-initiated transactions is to first establish a persistent network connection from the client to the server. With a persistent connection between the client and the server, the server can initiate transactions whenever necessary. ¶ 0034 - . providing for persistent connections to clients, allows for server interaction and communication with clients that otherwise may not be accessible. ¶ 0076 - connection-initiating client 1802, a client agent 1806, and the connection manager 1814. The client agent 1806 establishes a persistent connection 1810 with the connection manager 1814 through any firewall 1808 that may be present. The client 1802 may communicate with the CM 1814 via link 1812. Toe server 1818 may communicate with the CM 1814 via link 1816 -¶ 0110 the network 102 might be or include one or more of: the Internet, a Local Area Network (LAN), Wide Area Network (WAN), satellite link, fiber network, cable network, or a combination of these and/or others networks .See Also claims 47-49). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Allred. The motivation for doing so is to allow the system to provide  persistent connections with  clients, This connection allows for servers to communicate with clients, which would otherwise be inaccessible (Allred - Abstract, ¶ 0005).
Hooks teaches
receive, from the first cloud extension agent, a first snapshot of corresponding statuses of the first set of local computing resources; and receiving, from the second cloud extension agent, a second snapshot of corresponding statuses of the second set of local computing resources (Fig.1, ¶ 0017 receiving a plurality of snapshots from a plurality of computers, storing the plurality of snapshots in a data store – ¶ 0040 - In the embodiment shown in FIG. 1, an Agent component 202 is deployed within each monitored machine 116a, b. The Agent component 202 gathers data from the client 116. At scheduled intervals (e.g., once per day) or in response to a command from the Analytic component 110, the Agent component 202 takes a detailed snapshot of the state of the machine in which it resides. This snapshot includes a detailed examination of all system files, designated application files, the registry, performance counters, processes, services, communication ports, hardware configuration, and log files. The results of each scan are then compressed and transmitted in the form of a Snapshot to a Collector component 108 – See ¶ 0057). 
receive, from at least one of the first cloud extension agent or the second cloud extension agent, only incremental data comprising changes in at least one of the corresponding statuses of the first set of local computing devices captured in the first snapshot or the corresponding statuses of the second set of local computing devices captured in the second snapshot (¶ 0085 - Also, in one embodiment of the present invention, the entire snapshot is stored in a data store. In another embodiment, only the portions of the snapshot that have changed from a prior version are stored (i.e., a delta snapshot) – ¶ 0106 - the Analytic component (110) evaluates snapshots for a plurality of computers 702. These snapshots can be base snapshots that comprise the complete state of the computer or delta snapshots that comprise the changes in the state of the computer since the last base snapshot. The Analytic component (110) uses the snapshots to create an adaptive reference model 704. Note that when using delta snapshots for this purpose, the Analytic component must first reconstitute the equivalent of a base snapshot by applying the changes described in the delta snapshot to the most recent base snapshot - lytic component (110) subsequently receives a second snapshot (base or delta) for at least one of the plurality of computers 706. The snapshot may be created base~ on various events, such as the passage of a predetermined amount of time, the installation of a new program, or some other suitable event – Claim 29, Fig.12). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Hooks. The motivation for doing so is to allow the system to only send the portions of the snapshot that have changed instead of the full snapshot  in order to save bandwidth.
Regarding claim 22,

Gladstone further teaches 
wherein the first set of instructions comprises one or more actions to be performed by the first cloud extension agent on the first set of local computing resources and the second set of instructions comprises one or more actions to be performed by the second cloud extension agent on the second set of local computing resources(¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .


Regarding claim 23,

Gladstone in view of Allred further teaches 
wherein the first set of local computing resources corresponds to a first region of the network and wherein the second set of local computing resources corresponds to a second region of the network  (Gladstone – ¶ 0035;Fig.3 shows each computing resources in each nodes corresponds to different region within one or more networks – Note the first network  and second network are within the same network – Allred - ¶ 0110).   


Regarding claim 27,

Gladstone further teaches 
wherein the first set of instructions is different than the second set of instructions (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions) .


Regarding claim 29,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a configuration change (¶ 0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶ 0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions).


Regarding claim 30,

Gladstone further teaches
wherein at least one of the first set of instructions or the second set of instructions corresponds to a policy change.  (¶  0041 -Event Processing Server 100 processes the notification, and determines after loading the data in 130 that the attempt to access resources on Node A should not have been allowed (for instance, by determining that the data arriving from the network was a virus not previously recognized by Reference Monitor 25A). In 190B, it transmits instructions to Event Agent 45B to update administrative policies, so as to restrict access to system resources 35B. System resources 35A, 35B may comprise multiple components, each of which may be accessed separately. For example, an e-mail virus may have attempted to access ten components comprising system resources 35A in sequence, and Event Agent 45B may attempt to restrict access to a subset of those ten components, all ten components, or those and other components within system resources 35B – ¶ 0044 - Event Agents 45A and 45B receive these notifications as well, and pass instructions to Reference Monitors 25A and 25B to update administrative policies in 41A and 41E, respectively. In alternative embodiments, instructions may include administrative policy changes specific to certain nodes, placing a particular node in quarantine, tuning network or firewall parameters, or other instructions – ¶  0042 - Event Agent 45B passes instructions in 41B to Reference Monitor 25B, which updates its administrative policies to incorporate these instructions ).




Claims 4-5, 14-15, 24-25 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Gladstone in view of Allred further in view of Hooks further in view of Safruti et al. Publication No. US 2011/0231477 A1 (Safruti hereinafter)

Regarding claim 4,

Gladstone does not explicitly teach
wherein the first region corresponds to a first geographic location and the second region corresponds to a second geographic location 

However, Safruti teaches 

first region corresponds to a first geographic location and the second region corresponds to a second geographic location (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322 – See Also ¶ 0077, ¶ 0106 & 0108) 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise, (¶ 0042 – Safruti). 
Regarding claim 5,

Gladstone in view of Allred teaches  providing the first cloud extension agent and the second cloud extension agent for the first network and the second  network (Gladstone – ¶ 0035;Fig.3– Allred - ¶ 0110).   However, Gladstone in view of Allred does not explicitly teach that the first cloud extension agent and the second cloud extension agent facilitates load balancing 

However, Safruti teaches 
providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the first network and the second network (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322-   ¶ 0108 -For example, number of servers to service a request may be selectively configured for each of the delivery servers. Dynamic load balancing between different servers may be performed based on measurements by monitoring agents, needs of the enterprise, costs of resources, time of day, amount of load on various servers and the like – ¶ 0065 - The monitoring service interface 512 is configured to receive status of various mirror clouds and servers within the mirror clouds ). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone in view of Allred  to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti). 
Regarding claim 14,

Gladstone does not explicitly teach
wherein the first region corresponds to a first geographic location and the second region corresponds to a second geographic location 

However, Safruti teaches 

first region corresponds to a first geographic location and the second region corresponds to a second geographic location (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322 – See Also ¶ 0077, ¶ 0106 & 0108) 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti).
Regarding claim 15,

Gladstone in view of Allred teaches  providing the first cloud extension agent and the second cloud extension agent for the first network and the second  network (Gladstone – ¶ 0035;Fig.3– Allred - ¶ 0110).   However, Gladstone in view of Allred does not explicitly teach that the first cloud extension agent and the second cloud extension agent facilitates load balancing 

However, Safruti teaches 
providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the first network and the second network (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322-   ¶ 0108 -For example, number of servers to service a request may be selectively configured for each of the delivery servers. Dynamic load balancing between different servers may be performed based on measurements by monitoring agents, needs of the enterprise, costs of resources, time of day, amount of load on various servers and the like – ¶ 0065 - The monitoring service interface 512 is configured to receive status of various mirror clouds and servers within the mirror clouds ). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone in view of Allred  to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti). 
Regarding claim 24,

Gladstone does not explicitly teach
wherein the first region corresponds to a first geographic location and the second region corresponds to a second geographic location 

However, Safruti teaches 

first region corresponds to a first geographic location and the second region corresponds to a second geographic location (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322 – See Also ¶ 0077, ¶ 0106 & 0108).

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti).  
Regarding claim 25,

Gladstone in view of Allred teaches  providing the first cloud extension agent and the second cloud extension agent for the first network and the second  network (Gladstone – ¶ 0035;Fig.3– Allred - ¶ 0110).   However, Gladstone in view of Allred does not explicitly teach that the first cloud extension agent and the second cloud extension agent facilitates load balancing 

However, Safruti teaches 
providing the first cloud extension agent and the second cloud extension agent facilitates load balancing of the first network and the second network (¶ 0064 -The source management input interface 510 is configured to receive input regarding various attributes of the servers in the source cloud and mirror cloud. For example, in one embodiment, the source management input interface 510 may permit an administrator of the server resources to configure various attributes of the servers – ¶ 0066 - the management server 324 may set up a plurality of monitoring agents 516 distributed and executed at various locations on the network to gather and provide information related to status of source cloud, various mirror clouds and servers within the source cloud and mirror clouds. In one embodiment, the information provided by the monitoring agents 516 may be raw data, which may be further processed by the management server 324 to evaluate the status of source cloud and various mirror clouds and servers within the source cloud and mirror clouds. In some embodiments, the monitoring agents 516 may additionally be distributed in some or all of the delivery server’s 322-   ¶ 0108 -For example, number of servers to service a request may be selectively configured for each of the delivery servers. Dynamic load balancing between different servers may be performed based on measurements by monitoring agents, needs of the enterprise, costs of resources, time of day, amount of load on various servers and the like – ¶ 0065 - The monitoring service interface 512 is configured to receive status of various mirror clouds and servers within the mirror clouds ). 
It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone in view of Allred  to include the teachings of Safruti. The motivation for doing so is to allow the system to perform Dynamic load balancing between different servers based on measurements by monitoring agents, needs of the enterprise (¶ 0042 – Safruti). 
Claims 8, 18, 28 are rejected under 35 U.S.C. 103 (a) as being unpatentable over Gladstone in view of  Allred in view of  Hooks further in view  Kacin et al. Publication No. US 2009/0070442 A1 (Kacin hereinafter)

Regarding claim 8,

Gladstone does not explicitly teach

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade  

However, Kacin teaches 

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade (Fig.1;¶  0035 -0038 – Ibis plugin management module 410 can send commands to plugin management modules on the various managed endpoints 108, requesting them to install, remove, or upgrade functional plugins. A command to install or upgrade a plugin may be accompanied by information specifying a location from where the installation or upgrade image can be downloaded. [0036] the plugin management module 410 on the appliance 102 can also automatically send commands to the plugin management modules on the various managed endpoints 108. For example, the plugin management module 410 can analyze the plug-in data 402 to determine the versions of the functional plugins 104C on the managed endpoints 108. The plugin management module 410 can determine whether the versions are the most recent versions available. If the versions are out of date, the plugin management module 410 can send upgrade commands to the plugin management modules on the managed endpoints 108). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Kacin. The motivation for doing so is to allow the system to upgrade the resource (¶ 0035-0036 – Kacin). 

Regarding claim 18,

Gladstone does not explicitly teach

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade  

However, Kacin teaches 

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade (Fig.1;¶  0035 -0038 – Ibis plugin management module 410 can send commands to plugin management modules on the various managed endpoints 108, requesting them to install, remove, or upgrade functional plugins. A command to install or upgrade a plugin may be accompanied by information specifying a location from where the installation or upgrade image can be downloaded. [0036] the plugin management module 410 on the appliance 102 can also automatically send commands to the plugin management modules on the various managed endpoints 108. For example, the plugin management module 410 can analyze the plug-in data 402 to determine the versions of the functional plugins 104C on the managed endpoints 108. The plugin management module 410 can determine whether the versions are the most recent versions available. If the versions are out of date, the plugin management module 410 can send upgrade commands to the plugin management modules on the managed endpoints 108). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Kacin. The motivation for doing so is to allow the system to upgrade the resource (¶ 0035-0036 – Kacin). 
Regarding claim 28,

Gladstone does not explicitly teach

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade  

However, Kacin teaches 

wherein at least one of the first set of instructions or the second set of instructions corresponds to a software upgrade (Fig.1;¶  0035 -0038 – Ibis plugin management module 410 can send commands to plugin management modules on the various managed endpoints 108, requesting them to install, remove, or upgrade functional plugins. A command to install or upgrade a plugin may be accompanied by information specifying a location from where the installation or upgrade image can be downloaded. [0036] the plugin management module 410 on the appliance 102 can also automatically send commands to the plugin management modules on the various managed endpoints 108. For example, the plugin management module 410 can analyze the plug-in data 402 to determine the versions of the functional plugins 104C on the managed endpoints 108. The plugin management module 410 can determine whether the versions are the most recent versions available. If the versions are out of date, the plugin management module 410 can send upgrade commands to the plugin management modules on the managed endpoints 108). 

It would have been obvious to a person of ordinary skill in the art at the time of the invention to modify the teachings of Gladstone to include the teachings of Kacin. The motivation for doing so is to allow the system to upgrade the resource (¶ 0035-0036 – Kacin). 


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659.  The examiner can normally be reached on Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YOUNES NAJI/
Primary Examiner, Art Unit 2445