DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responsive to communication filed on 4/25/2022.
Claims 1-2, 4-5, 7-8, 10-11, 13-14, 16-17 are subject to examination.
This amendment and applicant’s arguments have been fully considered and entered by the Examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 7, 10, 13, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vatnikov et al. U.S. Patent Publication # 2015/0341221 (hereinafter Vatnikov) in view of Parvanov et al. U.S. Patent Publicaiton # 2018/0139175 (hereinafter Parvanov) further in view of Das et al. U.S. Patent # 10,193,698 (hereinafter Das)

Regarding claim 1, Vatnikov teaches a method for configuring a network environment for a server, the method comprising: 
receiving, at a cloud-based computing platform (¶08-12 - VMs), first internet protocol (IP) information relating to a first network environment associated with a server used by a client machine (¶08 - user may define IP mapping rules that describe how VMs which are connected to specific virtual networks at the protected and recovery sites; ¶11 - user specifies parameter values such as IP address);
translating the first IP information including determining changes to IP rules of the server without having to interpose a camouflage layer into the first IP information (¶31 - predicate M may take as input parameters the old static IP address, network mask, and a source IP subnet Classless Inter-Domain Routing (CIDR) string, and check if the old IP address belongs to a specific IP subnet), and generating second IP information in a first format (¶36, automatically resolves new IP configuration settings based on old IP configuration settings using the IP mapping rule(s) for the protected-site-to-recovery-site network mapping) based on the translated first IP information (¶16 - specifying a network mapping between the protected and recovery sites, the user may create one or more IP mapping rules which describe how new static IP addresses and common TCP/IP parameters should be assigned to recovered VMs based on their current protected site TCP/IP configuration; ¶17 - one or more IP mapping rules are identified, site recovery application 206 evaluates the retrieved guest OS TCP/IP settings against the identified rule(s). If the retrieved guest OS TCP/IP settings satisfy the predicate of one of the IP mapping rule(s), which specifies TCP/IP settings to which the IP mapping rule is applicable, site recovery application 206B generates new TCP/IP settings for the VM using a resolver function in the IP mapping rule), the second IP information used for creating a second network environment for the server (¶17 - VM is then reconfigured with the new TCP/IP settings).
creating the second network environment for the server (¶29 - a VM failing over from old network Np to new network Nr, the predicate M is invoked to check if the rule is applicable to the VM. This check occurs at step 320, where the site recovery application evaluates the old guest OS TCP/IP settings against the IP mapping rule and determines whether the boolean function M (that indicates a match to the old IP settings) returns true); 
generating user information in a second format different from the first format based on the generated second IP information (¶31, transform function R may take as input parameters the old IP address, network mask, and a target IP subnet CIDR string, and return a new IP address on the target subnet with all host bits of the original address preserved. This type of IP address conversion is sometimes referred to as "Re-IP-ing"); and 
deploying the server in the created second environment (¶35 - IP customization may also be applied to migration of VMs between data centers and testing).
wherein the IP rules of the server comprise one of interface rules, resource allocation rules, port location rules, network address rules, or network address translation rules (¶16 - define IP mapping rules, which describe relationships (mappings) between old and new IP subnet configurations and are each associated with a network mapping between protected and recovery sites; ¶29 - IP mapping is thus a rule or a set of rules defined on network mapping {Np, Nr}. For a VM failing over from old network Np to new network Nr, the predicate M is invoked to check if the rule is applicable to the VM).
Vatnikov does not explicitly teaches wherein the second format is a condensed version of firewall rules of the first format.
Parvanov teaches generating user information in a second format different (i.e. internal IP address based on DNAT rule table at firewall) from the first format (i.e. Transient IP address) based on the generated second IP information (i.e. internal IP address) wherein the second format is a condensed version of firewall rules of the first format (i.e. DNAT rule that associates the transient IP address with the internal IP address)(Paragraph 37-40). Examiner would like to point out that according to specification of the current application, in Paragraph 41, states condensed version is simplified version of firewall rules.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the applicant’s invention to implement Parvanov’s teaching in Vatnikov’s teaching to come up with having second format is a simplified version of firewall rules of the first format.  The motivation for doing so would be using DNAT rule table, traffic addressed to transient IP address with be translated by firewall to its associated internal IP address (Paragraph 40)
Vatnikov and Parvanov does not teach wherein the condensed version comprises simplified version of alphanumeric data showing the changes made to the firewall rules.
Das teaches wherein second format is a condensed version of firewall rules and wherein the condensed version comprises simplified version of alphanumeric data showing the changes made to the firewall rules (i.e. certificate fingerprint may include value that represents server certificate chain such as alphanumeric value and may allow security device to detect any modification to the server certificate chain since any modification to the server certificate chain would cause a different certificate fingerprint to be generated by cryptographic hash function) (column 5 lines 35-49)(column 14 lines 10-35).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Das’s teaching in Vatnikov and Parvanov’s teaching to come up with having simplified version of alphanumeric data showing changes made to the firewall rules.  The motivation for doing so would be to detect any modification made therefore appropriate action can take place such as generating a different certificate fingerprint. 
Regarding claim 7, Vatnikov teaches a nontransitory computer readable storage medium having stored thereon instructions that when executed by a processor perform a method for configuring a network environment for a server, the method comprising: 
receiving, at a cloud-based computing platform (¶08-12 - VMs), first internet protocol (IP) information relating to a first network environment associated with a server used by a client machine (¶08 - user may define IP mapping rules that describe how VMs which are connected to specific virtual networks at the protected and recovery sites; ¶11 - user specifies parameter values such as IP address); 
translating the first IP information including determining changes to IP rules of the server, without having to interpose a camouflage layer into the first IP information (¶31 - predicate M may take as input parameters the old static IP address, network mask, and a source IP subnet Classless Inter-Domain Routing (CIDR) string, and check if the old IP address belongs to a specific IP subnet), and generating second IP information in a first format (¶36, automatically resolves new IP configuration settings based on old IP configuration settings using the IP mapping rule(s) for the protected-site-to-recovery-site network mapping) based on the translated first IP information (¶16 - specifying a network mapping between the protected and recovery sites, the user may create one or more IP mapping rules which describe how new static IP addresses and common TCP/IP parameters should be assigned to recovered VMs based on their current protected site TCP/IP configuration; ¶17 - one or more IP mapping rules are identified, site recovery application 206 evaluates the retrieved guest OS TCP/IP settings against the identified rule(s). If the retrieved guest OS TCP/IP settings satisfy the predicate of one of the IP mapping rule(s), which specifies TCP/IP settings to which the IP mapping rule is applicable, site recovery application 206B generates new TCP/IP settings for the VM using a resolver function in the IP mapping rule), the second IP information used for creating a second network environment for the server (¶17 - VM is then reconfigured with the new TCP/IP settings).
creating the second network environment for the server (¶29 - a VM failing over from old network Np to new network Nr, the predicate M is invoked to check if the rule is applicable to the VM. This check occurs at step 320, where the site recovery application evaluates the old guest OS TCP/IP settings against the IP mapping rule and determines whether the boolean function M (that indicates a match to the old IP settings) returns true); 
generating user information in a second format different from the first format based on the generated second IP information (¶31, transform function R may take as input parameters the old IP address, network mask, and a target IP subnet CIDR string, and return a new IP address on the target subnet with all host bits of the original address preserved. This type of IP address conversion is sometimes referred to as "Re-IP-ing"); and 
deploying the server in the created second environment (¶35 - IP customization may also be applied to migration of VMs between data centers and testing). 
wherein the IP rules of the server comprise one of interface rules, resource allocation rules, port location rules, network address rules, or network address translation rules (¶16 - define IP mapping rules, which describe relationships (mappings) between old and new IP subnet configurations and are each associated with a network mapping between protected and recovery sites; ¶29 - IP mapping is thus a rule or a set of rules defined on network mapping {Np, Nr}. For a VM failing over from old network Np to new network Nr, the predicate M is invoked to check if the rule is applicable to the VM)).
Vatnikov does not explicitly teaches wherein the second format is a condensed version of firewall rules of the first format.
Parvanov teaches generating user information in a second format different (i.e. internal IP address based on DNAT rule table at firewall) from the first format (i.e. Transient IP address) based on the generated second IP information (i.e. internal IP address) wherein the second format is a condensed version of firewall rules of the first format (i.e. DNAT rule that associates the transient IP address with the internal IP address)(Paragraph 37-40). Examiner would like to point out that according to specification of the current application, in Paragraph 41, states condensed version is simplified version of firewall rules.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the applicant’s invention to implement Parvanov’s teaching in Vatnikov’s teaching to come up with having second format is a simplified version of firewall rules of the first format.  The motivation for doing so would be using DNAT rule table, traffic addressed to transient IP address with be translated by firewall to its associated internal IP address (Paragraph 40)
Vatnikov and Parvanov does not teach wherein the condensed version comprises simplified version of alphanumeric data showing the changes made to the firewall rules.
Das teaches wherein second format is a condensed version of firewall rules and wherein the condensed version comprises simplified version of alphanumeric data showing the changes made to the firewall rules (i.e. certificate fingerprint may include value that represents server certificate chain such as alphanumeric value and may allow security device to detect any modification to the server certificate chain since any modification to the server certificate chain would cause a different certificate fingerprint to be generated by cryptographic hash function) (column 5 lines 35-49)(column 14 lines 10-35).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Das’s teaching in Vatnikov and Parvanov’s teaching to come up with having simplified version of alphanumeric data showing changes made to the firewall rules.  The motivation for doing so would be to detect any modification made therefore appropriate action can take place such as generating a different certificate fingerprint. 
Regarding claim 13, Vatnikov teaches a cloud-based server of a cloud-based computing platform comprising: 
a processor (¶38); and 
a memory coupled to the processor and having stored thereon instructions that when executed by the processor (¶39) configure the cloud-based server to: 
receive, at a cloud-based computing platform (¶08-12 - VMs), first internet protocol (IP) information relating to a first network environment associated with a server used by a client machine (¶08 - user may define IP mapping rules that describe how VMs which are connected to specific virtual networks at the protected and recovery sites; ¶11 - user specifies parameter values such as IP address); 
translate the first IP information including determining changes to IP rules of the server, without having to interpose a camouflage layer into the first IP information (¶31 - predicate M may take as input parameters the old static IP address, network mask, and a source IP subnet Classless Inter-Domain Routing (CIDR) string, and check if the old IP address belongs to a specific IP subnet), and generating second IP information in a first format (¶36, automatically resolves new IP configuration settings based on old IP configuration settings using the IP mapping rule(s) for the protected-site-to-recovery-site network mapping) based on the translated first IP information (¶16 - specifying a network mapping between the protected and recovery sites, the user may create one or more IP mapping rules which describe how new static IP addresses and common TCP/IP parameters should be assigned to recovered VMs based on their current protected site TCP/IP configuration; ¶17 - one or more IP mapping rules are identified, site recovery application 206 evaluates the retrieved guest OS TCP/IP settings against the identified rule(s). If the retrieved guest OS TCP/IP settings satisfy the predicate of one of the IP mapping rule(s), which specifies TCP/IP settings to which the IP mapping rule is applicable, site recovery application 206B generates new TCP/IP settings for the VM using a resolver function in the IP mapping rule), the second IP information used for creating a second network environment for the server (¶17 - VM is then reconfigured with the new TCP/IP settings).
 create the second network environment for the server (¶29 - a VM failing over from old network Np to new network Nr, the predicate M is invoked to check if the rule is applicable to the VM. This check occurs at step 320, where the site recovery application evaluates the old guest OS TCP/IP settings against the IP mapping rule and determines whether the boolean function M (that indicates a match to the old IP settings) returns true); 
generating user information in a second format different from the first format based on the generated second IP information (¶31, transform function R may take as input parameters the old IP address, network mask, and a target IP subnet CIDR string, and return a new IP address on the target subnet with all host bits of the original address preserved. This type of IP address conversion is sometimes referred to as "Re-IP-ing"); and 
deploy the server in the created second environment (¶35 - IP customization may also be applied to migration of VMs between data centers and testing). 
wherein the IP rules of the server comprise one of interface rules, resource allocation rules, port location rules, network address rules, or network address translation rules (¶16 - define IP mapping rules, which describe relationships (mappings) between old and new IP subnet configurations and are each associated with a network mapping between protected and recovery sites; ¶29 - IP mapping is thus a rule or a set of rules defined on network mapping {Np, Nr}. For a VM failing over from old network Np to new network Nr, the predicate M is invoked to check if the rule is applicable to the VM)).
Vatnikov does not explicitly teaches wherein the second format is a condensed version of firewall rules of the first format.
Parvanov teaches generating user information in a second format different (i.e. internal IP address based on DNAT rule table at firewall) from the first format (i.e. Transient IP address) based on the generated second IP information (i.e. internal IP address) wherein the second format is a condensed version of firewall rules of the first format (i.e. DNAT rule that associates the transient IP address with the internal IP address)(Paragraph 37-40). Examiner would like to point out that according to specification of the current application, in Paragraph 41, states condensed version is simplified version of firewall rules.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the applicant’s invention to implement Parvanov’s teaching in Vatnikov’s teaching to come up with having second format is a simplified version of firewall rules of the first format.  The motivation for doing so would be using DNAT rule table, traffic addressed to transient IP address with be translated by firewall to its associated internal IP address (Paragraph 40)
Vatnikov and Parvanov does not teach wherein the condensed version comprises simplified version of alphanumeric data showing the changes made to the firewall rules.
Das teaches wherein second format is a condensed version of firewall rules and wherein the condensed version comprises simplified version of alphanumeric data showing the changes made to the firewall rules (i.e. certificate fingerprint may include value that represents server certificate chain such as alphanumeric value and may allow security device to detect any modification to the server certificate chain since any modification to the server certificate chain would cause a different certificate fingerprint to be generated by cryptographic hash function) (column 5 lines 35-49)(column 14 lines 10-35).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Das’s teaching in Vatnikov and Parvanov’s teaching to come up with having simplified version of alphanumeric data showing changes made to the firewall rules.  The motivation for doing so would be to detect any modification made therefore appropriate action can take place such as generating a different certificate fingerprint. 
Regarding claim 4, Vatnikov teaches the method of claim 1, wherein the generated user information includes the determined changes made to the IP rules of the server (¶33 - script at step 328 for applying IP customization to the guest OS. Customization scripts are commonly used to bring VMs to desired customized states. In one embodiment, the TCP/IP settings resolved at step 322 according to IP mapping rules are inputs to a customization script for IP customization. Such a customization script may be uploaded to the VM and executed therein at step 338 to customize the network settings of the guest OS; ¶34 - IP customization is enabled but set to manual recovery, then the site recovery application retrieves IP customization settings from a database at step 334. That is, explicit IP customization settings are not subjected to IP mapping evaluation so that the automated IP customization discussed above is compatible with traditional IP customization that is manually defined on a per-VM basis. Similar to the case of automated IP customization, the site recovery application generates inputs to a script at step 328 for applying manual IP customization settings retrieved from the database. Such a script is then uploaded to the VM and executed therein at step 338, after which the VM is ready for use).
 The nontransitory computer readable medium of claim 10 and the server of cloud 16 are rejected for the same reasons set forth in the rejection of claim 4. 

Claims 2, 8 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Publication No. 2015/0341221 issued to Vatnikov et al. in view of Parvanov further in view of Das further in view of US Patent Publication No. 2017/0149585 issued to Norris et al. 

Regarding claim 2, Vatnikov teaches the method of claim 1.
Vatnikov, Parvanov and Das does not explicitly indicate wherein translating the first IP information comprises determining target devices needed for creating the second network environment and generating the second IP information comprises excluding non-targeted devices from the second IP information.
However, Norris teaches wherein translating the first IP information comprises determining target devices needed for creating the second network environment and generating the second IP information comprises excluding non-targeted devices from the second IP information (¶53 - MTDC 100 advantageously employs OSI Layer 2 tagging and is not reliant upon IP addresses, these issues are irrelevant and each client system 102 is permitted to operate without interference). 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine the teachings of Vatnikov, Parvanov and Das’s system for customizing network configuration of virtual machines using subnet mapping rules with Norris’ system for a multi-tenant datacenter with a layer 2 cloud interconnection to improve the system of Vatnikov in the same field of endeavor in order to establish within a second datacenter a second cloud computing environment in a multi-tenant environment for the expansion and contraction of resources to meet needs (see, Lee ¶ 17-24).
The nontransitory computer readable medium of claim 8 and the server of cloud 14 are rejected for the same reasons set forth in the rejection of claim 2. 

Claims 5, 11 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Publication No. 2015/0341221 issued to Vatnikov et al. in view of Parvanov further in view of Das further in view of US Patent Publication No. 2017/0060608 issued to Raghunathan et al.

Regarding claim 5, Vatnikov teaches the method of claim 4, further comprising: 
performing a test for the created second network environment using at least one of the generated second IP information and the generated user information (¶35 - with respect to disaster recovery (failover), techniques disclosed herein for IP customization may also be applied to migration of VMs between data centers and testing, among other things. Here, testing refers to a special mode of verifying a disaster recovery scenario, which can be rolled back. In such a case, VMs fail over to designated "test" networks at a recovery site, and IP subnet rules may be automatically transposed to those networks so that correctness of the rules can be tested prior to executing actual recovery).
Vatnikov, Parvanov and Das does not explicitly indicate after performing the test, transmitting results of the test to the client machine; and if the results of the test meet expectations, deploying the server in the created second network environment.
However, Raghunathan teaches after performing the test, transmitting results of the test to the client machine (¶49-51 - a comparison against multiple recorded resource consumption snapshots might be employed. For example, the following comparisons may be used: Compare most recent 1 week moving average against 1 week moving average of values at an initial deployment of the group of VMs. Compare the most recent 1 week moving average against 1 week moving average of values at deployment of the group of VMs to a test environment; ¶71 -  cost of downtime vs. specific periods of time (user-specified sync points) may be charted; e.g., at initial deployment of the virtual application, when the virtual application moves into a test cluster, when the virtual application moves into production, at quarterly intervals while the virtual application is in production, and so on. Other charts may include a graph of a particular consumption metric (e.g., CPU usage, memory usage, etc.) charted over time)
if the results of the test meet expectations, deploying the server in the created second network envinronment(¶51-52 - Compare the most recent 1 week moving average against 1 week moving average of values at deployment of the group of VMs to a test environment. Compare the most recent 1 week moving average against 1 week moving average of values at deployment of the group of VMs from the test environment to a production environment).
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention was filed to combine the teachings of Vatnikov, Parvanov and Das’s system for customizing network configuration of virtual machines using subnet mapping rules with Raghunathan’s system for disaster recovery protection based on resource consumption patterns in the same field of endeavor in order to send test results to client device and migrate a VM to another data center if the test is successful (Raghunathan, see ¶06). 
The nontransitory computer readable medium of claim 11 and the server of cloud 17 are rejected for the same reasons set forth in the rejection of claim 5.
Response to Arguments
Applicant’s arguments with respect to amended claim(s) have been considered but are moot in view of new grounds of rejection. 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A).  Mittal et al. U.S. Patent Publication # 2020/0099656 which in Paragraph 69, 73, 78 teaches implementing cloud-based platform receives consumers IP address, translating a first source IP address in the data packet into a second source IP packet and creating a subnet in the virtual network of the service provider, mapping the service executing in the virtual network of the service provider into the virtual network of the service consumer.
B).  Gupta et al. U.S. Patent Publication # 2020/0099603 which in Paragraph 2, 15 teaches determining a second group of network performance indicator values that measure network performance between the network device and the one or more neighboring network devices.  The method may include determining overall network performance indicator values based on the first group of network performance indicator values and the second group of network performance indicator values.
C).  Rodrigues et al. U.S. Patent Publication # 2020/0242019 which in Paragraph 65, 67, 261 teaches about generating reports based on results of the network performance tests to facilitate cross-layer visibility and troubleshooting.
D).  Dreyer et al. U.S. Patent Publication # 2020/0084178 which in Paragraph 48 teaches having role field including a core firewall, an edge firewall, each with a corresponding alphanumeric string that indicates the particular role of the device.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DHAIRYA A PATEL whose telephone number is (571)272-5809. The examiner can normally be reached M-F 7:30am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

DHAIRYA A. PATEL
Primary Examiner
Art Unit 2453



/DHAIRYA A PATEL/Primary Examiner, Art Unit 2453