DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office correspondence is in response to the application number 17/248345 filed on January 21, 2021.
Claims 1 – 20 are pending.
Priority
This application is a continuation of application 16/227511 (now Patent 10,917,308) which was filed on December 20, 2018.  Accordingly, the applicant is entitled to the priority date of December 20, 2018.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/21/2021 was filed after the mailing date of the prior office action on 01/21/2021.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Double Patenting
The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 - 4, 8 – 9, and 15 – 16 are rejected on the ground of non-provisional non-statutory anticipatory-type double patenting as being unpatentable over claims 1 – 3, 8 – 9, 15, and 20 of U.S. Patent 10,917,308.  Although the conflicting claims are not identical, they are not patently distinct from each other because both sets of claims are directed to the same invention.  This is a non-provisional non-statutory anticipatory-type double patenting rejection since the claims directed to the same invention have been patented. 
In regard to claim 1:
Application 17/248315
U.S. Patent 10,917308
1. A device, comprising: 
one or more processors to:
1. A device, comprising: 
one or more memories; and 
one or more processors, communicatively coupled to the one or more memories, to:
receive service information that identifies a state of a software-defined networking wide area network (SD-WAN),;
monitor, for a software-defined networking wide area network (SD-WAN) deployment, a set of virtualized network services of the SD-WAN deployment;

apply, concurrent with monitoring the set of virtualized network services, a set of diagnostic tests to evaluate the set of virtualized network services, wherein each virtualized network service, of the set of virtualized network services, is associated with a respective vendor and a respective vendor application programming interface (API), and wherein the one or more processors, when applying the set of diagnostic tests, are to identify particular vendor application APIs with which to communicate to execute the set of diagnostic tests;
detect, based on the service information and an analytics model associated with the SD-WAN, an issue associated with the SD-WAN,
detect, based on monitoring the set of virtualized network services and in connection with applying the set of diagnostic tests, an event associated with a virtualized network service of the set of virtualized network services, wherein the one or more processors, when detecting the event, are to detect the event associated with the virtualized network service based on using the respective vendor API associated with the virtualized network service;
wherein the analytics model determines the issue based on a parameter relating to the issue deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN;
analyze, using an analytics model of SD-WAN operation, the event associated with the virtualized network service; 
identify, based on analyzing the event associated with the virtualized network service, an issue associated with the virtualized network service;
determine, based on the analytics model, a recommendation for resolving the issue; and
determine, based on the analytics model of SD-WAN operation, a recommendation relating to remediating the issue associated with the virtualized network service;

generate an abstraction layer user interface to represent the set of virtualized network services and to convey the recommendation relating to remediating the issue associated with the virtualized network service, wherein the abstraction layer user interface uses an end-user API to abstract information using the respective vendor API to convey the recommendation relating to remediating the issue associated with the virtualized network service; and
providing the recommendation to a client device.
implement, after providing the abstraction layer user interface, the recommendation to remediate the issue associated with the virtualized network service.

It is clear that all of the elements of the instant application 17/248345 (herein ‘345) claim 1 are to be found in U.S. Patent 10,917,308 (herein ‘308) claim 1 (as the instant application ‘345 claim 1 fully encompasses Patent ‘308 claim 1).  The difference between ‘345 claim 1 and ‘308 claim 1 lies in the fact that the ‘308 claim includes many more elements and is thus much more specific.  Thus the invention of claim 1 of the ‘308 patent is in effect a “species” of the “generic” invention of ‘345 claim 1.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Since the ‘345 claim 1 is anticipated by claim 1 of ‘308, it is not patently distinct from ‘308 claim 1.
In regard to claim 2, see claim 1 of ‘308.
In regard to claim 3, see claim 2 of ‘308.
In regard to claim 4, see claim 3 of ‘308.
In regard to claim 8:
Application 17/248345
U.S. Patent 10,917,308
8. A method, comprising:
8. A method, comprising:
applying, by a device, one or more diagnostic tests to a state of a software-defined networking wide area network (SD-WAN);
monitoring, by a device and for a software-defined networking wide area network (SD-WAN) deployment, a set of virtualized network services of the SD-WAN deployment; 
applying, by the device and concurrent with monitoring the set of virtualized network services, a set of diagnostic tests to evaluate the set of virtualized network services, wherein each virtualized network service, of the set of virtualized network services, is associated with a respective vendor and a respective vendor application programming interface (API), and wherein applying the set of diagnostic tests includes identifying particular vendor application APIs with which to communicate to execute the set of diagnostic tests;
receiving, by the device and based on the one or more diagnostic tests, service information relating a plurality of virtualized network services utilized in the SD-WAN;
detecting, by the device and based on monitoring the set of virtualized network services and in connection with applying the set of diagnostic tests, an event associated with a virtualized network service of the set of virtualized network services, wherein detecting the event associated with the virtualized network service is based on using the respective vendor API associated with the virtualized network service; analyzing, by the device using an analytics model of SD-WAN operation, the event associated with the virtualized network service;
determining, by the device and based on the service information and an analytics model associated with the SD-WAN, a parameter deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN, wherein the particular parameter relates to an issue associated with the SD-WAN,
identifying, by the device and based on analyzing the event associated with the virtualized network service, an issue associated with the virtualized network service; generating, by the device, an abstraction layer user interface to represent the set of virtualized network services and to convey the recommendation relating to remediating the issue associated with the virtualized network service, wherein the abstraction layer user interface uses an end-user API to abstract information using the respective vendor API to convey the recommendation relating to remediating the issue associated with the virtualized network service; and
determining, by the device and based on the analytics model, a recommendation for resolving the issue; and
determining, by the device based on the analytics model of SD-WAN operation, a recommendation relating to remediating the issue associated with the virtualized network service;
implementing, by the device, the recommendation for resolving the issue.
implementing, by the device and after providing the abstraction layer user interface, the recommendation to remediate the issue associated with the virtualized network service.

It is clear that all of the elements of the instant application 17/248345 (herein ‘345) claim 8 are to be found in U.S. Patent 10,917,308 (herein ‘308) claim 8 (as the instant application ‘345 claim 8 fully encompasses Patent ‘308 claim 8).  The difference between ‘345 claim 8 and ‘308 claim 8 lies in the fact that the ‘308 claim includes many more elements and is thus much more specific.  Thus the invention of claim 8 of the ‘308 patent is in effect a “species” of the “generic” invention of ‘345 claim 8.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Since the ‘345 claim 8 is anticipated by claim 8 of ‘308, it is not patently distinct from ‘308 claim 8.
In regard to claim 9, see claim 9 of ‘308.
In regard to claim 15:
Application 17/248345
U.S. Patent 10,917,308
15. A non-transitory computer-readable medium storing one or more instructions, the one or more instructions comprising:
15. A non-transitory computer-readable medium storing one or more instructions, the one or more instructions comprising:
one or more instructions that, when executed by one or more processors of a gateway device, cause the one or more processors to:
 receive service information that identifies a state of a software-defined networking wide area network (SD-WAN), wherein the SD-WAN includes a plurality of virtualized network services associated with different vendors;
one or more instructions that, when executed by one or more processors of a gateway device, cause the one or more processors to: 
monitor, for a software-defined networking wide area network (SD-WAN) deployment, a set of virtualized network services of the SD-WAN deployment; apply, concurrent with monitoring the set of virtualized network services, a set of diagnostic tests to evaluate the set of virtualized network services, of the set of virtualized network services, is associated with a respective vendor and a respective vendor application programming interface (API), and wherein the one or more instructions that cause the one or more processors to apply the set of diagnostic tests, cause the one or more processors to identify particular vendor application APIs with which to communicate to execute the set of diagnostic tests;
detect, based on the service information and an analytics model associated with the SD-WAN, an issue associated with the SD-WAN, wherein the analytics model determines the issue based on a particular relating to the issue deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN;
detect, based on monitoring the set of virtualized network services and in connection with applying the set of diagnostic tests, an event associated with a virtualized network service of the set of virtualized network services, wherein the one or more instructions that cause the one or more processors to detect the event cause the one or more processors to detect the event associated with the virtualized network service based on using the respective vendor API associated with the virtualized network service; analyze, using an analytics model of SD-WAN operation, the event associated with the virtualized network service;

identify, based on analyzing the event associated with the virtualized network service, an issue associated with the virtualized network service;
generate, based on the analytics model, a recommendation associated with a resolution of the issue; and
determine, based on the analytics model of SD-WAN operation, a recommendation relating to remediating the issue associated with the virtualized network service;

generate an abstraction layer user interface to represent the set of virtualized network services and to convey the recommendation relating to remediating the issue associated with the virtualized network service, wherein the abstraction layer user interface uses an end-user API to abstract information using the respective vendor API to convey the recommendation relating to remediating the issue associated with the virtualized network service; and
provide the recommendation to a client device.
implement, after providing the abstraction layer user interface, the recommendation to remediate the issue associated with the virtualized network service.

It is clear that all of the elements of the instant application 17/248345 (herein ‘345) claim 15 are to be found in U.S. Patent 10,917,308 (herein ‘308) claim 15 (as the instant application ‘345 claim 15 fully encompasses Patent ‘308 claim 15).  The difference between ‘345 claim 15 and ‘308 claim 15 lies in the fact that the ‘308 claim includes many more elements and is thus much more specific.  Thus the invention of claim 15 of the ‘308 patent is in effect a “species” of the “generic” invention of ‘345 claim 15.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Since the ‘345 claim 15 is anticipated by claim 15 of ‘308, it is not patently distinct from ‘308 claim 15.
In regard to claim 16, see claim 20 of ‘308.
35 USC § 101 Analysis
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 1 – 20 are directed to statutory subject matter.  The claims are directed to non-abstract improvements in computer related technology.  A claim is non-statutory when it is directed to a judicial exception (e.g. either one of mathematical concepts, mental processes, or certain methods of organizing human activity) without significantly more.  The claimed invention is not directed to a judicial exception.  Instead, the claimed invention is directed to a technological improvement for the monitoring and management of an SD-WAN deployment which provides a set of virtualized network services by deploying a device that applies a set of diagnostic tests to evaluate the set of virtualized services concurrent to the monitoring of said services, and when an event that is associated with a virtualized network service is detected, the device analyzes using an analytics model of SD-WAN operation, the event to identify an issue associated with the virtualized network service, and determines, based on the analytics model of SD-WAN operation, a recommendation relating to remediating the issue. Further, the device generates an abstraction layer user interface to represent the set of virtualized network services and to convey the recommendation relating to remediating the issue, and implements, after providing the abstraction layer user interface, the recommendation to remediate the issue.  The ordered combination of the elements and limitations bound the claimed invention to a specific and useful improvement for providing automatic diagnostic testing and remediation for a computerized platform comprising virtualized services, and offers a solution to a problem known in the art for reducing the amount of time that virtualized network services remain malfunctioning.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1 – 2 and 8 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Banikazemi et al. (U.S. 2017/0149637 A1; herein referred to as Banikazemi) in view of Cote et al. (U.S. 2019/0280942 A1; herein referred to as Cote) in further view of Van Der Merwe et al. (U.S. 2015/0365288 A1; herein referred to as Van Der Merwe).
In regard to claim 1, Banikazemi teaches a device (see ¶ [0008]: “. . . a hardware, processor-based monitoring element . . .” see ¶ [0058]: “. . . the monitoring element can be implemented by, for example, the CDPI agent 230 and the SDN controller 220 shown and described with respect to FIG. 2  . ., comprising: one or more processors to (see Fig. 8 ¶ [0096]: “.  . . As shown in FIG. 8, computer system/server 812 in cloud computing node 810 is shown in the form of a general-purpose computing device. The components of computer system/server 812 may include, but are not limited to, one or more processors or processing units 816 . . .”): 
receive service information that identifies a state of a software-defined networking wide area network (SD-WAN) (see ¶ [0012]: “ . . . FIG. 2 shows an exemplary architecture 200 for a Software Defined Network ( SDN) . . .” see Fig. 1 ¶ [0027]: “ . . FIG. 1 illustrates a network architecture 100 to which the present principles can be applied, in accordance with an embodiment of the present principles. As shown in FIG. 1, a plurality of remote networks 102 are provided including a first remote network 104 and a second remote network 106. A gateway 101 may be coupled between the remote networks 102 and a proximate network 108. In the context of network architecture 100, the networks 104, 106 may each take any form including, but not limited to a LAN, a WAN such as the Internet . . .”; see ¶ [0031]: “ . . . methods and systems described herein may be implemented with and/or on virtual systems and/or systems which emulate one or more other systems, such as a UNIX system which emulates an IBM z/OS environment, a UNIX system which virtually hosts a MICROSOFT WINDOWS environment, a MICROSOFT WINDOWS system which emulates an IBM z/OS environment, etc. This virtualization and/or emulation may be enhanced through the use of VMWARE software . . .” see Fig. 2 ¶ [0033]: “. . . FIG. 2 shows an exemplary architecture 200 for a Software Defined Network (SDN), in accordance with an embodiment of the present principles . . .”)
detect, based on the service information(see ¶ [0059]: “. . . The forwarding elements can be real or virtual and they provide traffic statistics pertaining to individual flows. These forwarding elements report their statistics to the monitoring service periodically . . .”)  and an analytics model associated with the SD-WAN(see ¶ [0069]: “. . . analyze the collected data and report the results of the analysis . . . “; see  ¶ [0074]: “ . . . Exemplary diagnostic actions can include, but is not limited to, configuring additional forwarding elements (e.g., switches) to provide flow information, configuring flow elements to provide higher granularity flow information (e.g., every packet instead of every Nth packet), and feeding received flow information to additional analysis . . .”), an issue (e.g. an anomaly)  associated with the SD-WAN(see ¶ [0072]: “. . . the analysis conducted by the monitoring service looks at the history of a given flow to decide if there are any anomalies in the flow's traffic. For each pair of traffic patterns maintained by the service, the analysis determines how well the two series match. A good match indicates that there is not an anomaly. A poor match indicates a network problem such as packet loss or delay. The criteria to decide when to flag a flow as having problems can be based on thresholds customized to the type of flow. Thus, in an embodiment, step 630 can involve indicating whether or not an anomaly exists . . . “), 
Banikazemi fails to explicitly teach wherein the analytics model determines the issue based on a parameter relating to the issue deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN; 
determine, based on the analytics model, a recommendation for resolving the issue; and 
providing the recommendation to a client device.  
However Cote teaches wherein the analytics model (e.g. forecast model)  determines the issue based on a parameter(e.g. snapshots of system during normal operations) relating to the issue deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN (see Fiog. 1A, ¶ [0046]: “. . . FIG. 1A is a block diagram of a machine learning system 10. A data collection engine platform 12 collects telemetry data from devices 14 of a telecommunications network 16 (e.g., Internet Protocol (IP), Ethernet, Optical, and combinations thereof) through resource adapter(s) 18 and stores it in a "data lake" 20. ML Applications 22 such as NHP, Service Health Predictor (SHP), Application Health Predictor (AHP) or others can read back this data, analyze it and report insights to end-users or to a Policy Engine 24, a Software Defined Networking ( SDN) controller 26, etc. . . .”’ see ¶ [0049]” . . .To forecast the occurrence of network anomalies with improved efficiency and confidence, it is desirable to leverage as much information as possible from as many sources as possible. For example, this is done by first modeling the time-evolution of the data, then using a model to extrapolate towards the future. Assuming that the machine learning system 10 collects and prepares all the relevant data, one still needs to solve a problem: how to model the data to provide accurate forecasting . . .” see ¶ [0052]” . . . With unsupervised ML, the training involves three components: a dataset X, a model M(x,θ), and a cost function C(x,M(x,θ)). The vector x represents a “snapshot” of the system under study. For instance, x can contain PM data from a network device at a given time. Then, the dataset X would be a list of “snapshots” collected at multiple times/windows. In mathematical terms, X is vector of vectors, also known as a tensor. The model aims to represent the true probability distribution P(x). It depends on parameters θ whose values are unknown a priori but can be learned from data. The learning itself consists of finding the values θ* that minimize a cost function for the entire dataset X. . . .”);
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for predicting events in a computerized network by obtaining performance monitoring data over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, as taught by Cote, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, as taught by Banikazemi.  Such incorporation provides a platform that can analyze the monitored data to identify failures occurring in the network.
The combination of Banikazemi and Cote fails to explicitly teach determine, based on the analytics model, a recommendation for resolving the issue However Van Der Merwe teaches determine, based on the analytics model (e.g. knowledge store 124, a rules library 125, and a rules engine 126) (see Fig. 3, ¶ [0069]:” . . . At the heart of network management system 119 is network manager 120. Network manager 120 can be configured to separate management of the network infrastructure and the operations from the network services through the use of a knowledge store 124, a rules library 125, and a rules engine 126. Knowledge store 124 maintains information about the network and the network actors, rules library 125 contains rules relating to the network, and rules engine 126 applies the rules in rules library 125 to the information in knowledge store 124 to dynamically make automated decisions with respect to the network. By virtue of knowledge store 124, rules library 125, and rules engine 126, and in conjunction with controller 128 and listener agent 129, network manager 120 can facilitate the automatic setting up and configuring of complex high-level tasks, such as, e.g., setting up new services, as well as the automatic detection and handling of low-level errors. . .”; see ¶ [0058]: “. . . the data network can be a LAN, a WAN, an enterprise network, a software defined network (SDN), a recommendation (e.g. decision) relating for resolving the issue (e.g. faults occurring) (see ¶ [0075]: “. . . “ . . . information about network 102, such as the actors, services, infrastructure, and other information associated with network 102 can be stored in knowledge store 124 as facts. In addition, state information regarding network 102 can be maintained in knowledge store 124 and updated as changes are made or detected in the network, such as services getting configured, faults occurring, etc. Production rules representative of knowledge of network 102 and of subscribers 108 and service providers 110 can be contained in rules library 125. In essence, knowledge store 124 and rules library 125 can contain the facts and rules necessary to make decisions regarding network 102 and the actors 104, 108, and 110 associated therewith . . .”); and providing the recommendation to a client device(see ¶ [0089]:” . . . in which abstraction stores 140 are used, rules can act as glue between the layered stores. Many events and facts can be communicated between stores 140 using rules engine 126. For example, rules can be used to detect a request for a new service at a top layered store and propagate that request down to the lowest layered store, so that the network devices can then be set up accordingly, as discussed below. As another example, rules can be used to detect when an error has occurred at the lowest layered store and propagate that information up to the highest layered store to notify affected network users . . .”; see ¶ [0157] “. . . Rules engine 126 can use rules 204, such as rules 204a-204c, in conjunction with the information included in new fact 202 to attempt to fix the error and/or to alert the appropriate actors. For example, in one embodiment, error fact 202 can be mapped in infrastructure store 140d to the specific network port, switch, etc. corresponding to the error. Rule 204a can be used with network store 140c to automatically correlate affected network flows that correspond to the faulty network resource 132. Based on the severity of the problem, the system may try to automatically fix the problem by rerouting affected services using rule 204b. If rerouting fails or is not performed, rule 204b can be used to set up alerts to provided services that depend on the affected network flows in service store 140b. Rule 204c can then be used to automatically contact network actors associated with the affected services using business store 140a . . .”).  
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for dynamically managing and coordinating network resources through the use of a knowledge store that has abstraction levels used to identify physical and virtual components of the network that may be failing, as taught by Van Der Merve, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, and utilizing performance monitoring data obtained over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, as taught by the combination of Banikazemi and Cote.  Such incorporation provides the system with a knowledge structure that can identify the failure and provide a remediation.
In regard to claim 2, the combination of Banikazemi, Cote, and Van Der Merwe teaches wherein the one or more processors, when receiving the service information are configured to:  receive the service information based on applying one or more diagnostic tests to the SD-WAN (see Banikazemi  ¶ [0074] “. . . perform a diagnostic action and/or a corrective action with respect to the network flow to diagnose and/or overcome any degradation in the Quality of Service. The method 600 then returns to step 620. Exemplary diagnostic actions can include, but is not limited to, configuring additional forwarding elements (e.g., switches) to provide flow information, configuring flow elements to provide higher granularity flow information (e.g., every packet instead of every Nth packet), and feeding received flow information to additional analysis. Exemplary corrective actions can include, but are not limited to, restarting network elements, reconfiguring network elements and modifying forwarding and routing table entries. Additionally, corrective action in the cloud can include redirecting traffic around congested areas. This redirection can be achieved by changing routing in the network. . . “).
In regard to claim 8, Banikazemi teaches a  method (see abstract - “ . . . A method includes configuring, by a monitoring element, at least two network elements on a path of a network flow to report statistical information pertaining to the network flow as time series data . . .”), comprising: applying, by a device(see ¶ [0008]: “. . . a hardware, processor-based monitoring element . . .” see ¶ [0058]: “. . . the monitoring element can be implemented by, for example, the CDPI agent 230 and the SDN controller 220 shown and described with respect to FIG. 2  . .), one or more diagnostic tests to a state of a software-defined networking wide area network (SD-WAN) (see Banikazemi  ¶ [0074] “. . . perform a diagnostic action and/or a corrective action with respect to the network flow to diagnose and/or overcome any degradation in the Quality of Service. The method 600 then returns to step 620. Exemplary diagnostic actions can include, but is not limited to, configuring additional forwarding elements (e.g., switches) to provide flow information, configuring flow elements to provide higher granularity flow information (e.g., every packet instead of every Nth packet), and feeding received flow information to additional analysis. Exemplary corrective actions can include, but are not limited to, restarting network elements, reconfiguring network elements and modifying forwarding and routing table entries. Additionally, corrective action in the cloud can include redirecting traffic around congested areas. This redirection can be achieved by changing routing in the network. . . “); 
receiving, by the device and based on the one or more diagnostic tests, service information relating a plurality of virtualized network services utilized in the SD-WAN(see ¶ [0012]: “ . . . FIG. 2 shows an exemplary architecture 200 for a Software Defined Network ( SDN) . . .” see Fig. 1 ¶ [0027]: “ . . FIG. 1 illustrates a network architecture 100 to which the present principles can be applied, in accordance with an embodiment of the present principles. As shown in FIG. 1, a plurality of remote networks 102 are provided including a first remote network 104 and a second remote network 106. A gateway 101 may be coupled between the remote networks 102 and a proximate network 108. In the context of network architecture 100, the networks 104, 106 may each take any form including, but not limited to a LAN, a WAN such as the Internet . . .”; see ¶ [0031]: “ . . . methods and systems described herein may be implemented with and/or on virtual systems and/or systems which emulate one or more other systems, such as a UNIX system which emulates an IBM z/OS environment, a UNIX system which virtually hosts a MICROSOFT WINDOWS environment, a MICROSOFT WINDOWS system which emulates an IBM z/OS environment, etc. This virtualization and/or emulation may be enhanced through the use of VMWARE software . . .” see Fig. 2 ¶ [0033]: “. . . FIG. 2 shows an exemplary architecture 200 for a Software Defined Network (SDN), in accordance with an embodiment of the present principles . . .”); 
determining, by the device and based on the service information see ¶ [0059]: “. . . The forwarding elements can be real or virtual and they provide traffic statistics pertaining to individual flows. These forwarding elements report their statistics to the monitoring service periodically . . .”) and an analytics model ((see ¶ [0069]: “. . . analyze the collected data and report the results of the analysis . . . “;) associated with the SD-WAN see ¶ [0072]: “. . . the analysis conducted by the monitoring service looks at the history of a given flow to decide if there are any anomalies in the flow's traffic. For each pair of traffic patterns maintained by the service, the analysis determines how well the two series match. A good match indicates that there is not an anomaly. A poor match indicates a network problem such as packet loss or delay. The criteria to decide when to flag a flow as having problems can be based on thresholds customized to the type of flow. Thus, in an embodiment, step 630 can involve indicating whether or not an anomaly exists . . . “), 
Banikazemi fails to explicitly teach a parameter deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN, wherein the particular parameter relates to an issue associated with the SD-WAN, 
determining, by the device and based on the analytics model, a recommendation for resolving the issue; and 
implementing, by the device, the recommendation for resolving the issue.
However Cote teaches a parameter(e.g. snapshots of system during normal operations) deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN(see Fig. 1A, ¶ [0046]: “. . . FIG. 1A is a block diagram of a machine learning system 10. A data collection engine platform 12 collects telemetry data from devices 14 of a telecommunications network 16 (e.g., Internet Protocol (IP), Ethernet, Optical, and combinations thereof) through resource adapter(s) 18 and stores it in a "data lake" 20. ML Applications 22 such as NHP, Service Health Predictor (SHP), Application Health Predictor (AHP) or others can read back this data, analyze it and report insights to end-users or to a Policy Engine 24, a Software Defined Networking ( SDN) controller 26, etc. . . .”’ see ¶ [0049]” . . .To forecast the occurrence of network anomalies with improved efficiency and confidence, it is desirable to leverage as much information as possible from as many sources as possible. For example, this is done by first modeling the time-evolution of the data, then using a model to extrapolate towards the future. Assuming that the machine learning system 10 collects and prepares all the relevant data, one still needs to solve a problem: how to model the data to provide accurate forecasting . . .” ), wherein the particular parameter relates to an issue associated with the SD-WAN (see ¶ [0052]” . . . With unsupervised ML, the training involves three components: a dataset X, a model M(x,θ), and a cost function C(x,M(x,θ)). The vector x represents a “snapshot” of the system under study. For instance, x can contain PM data from a network device at a given time. Then, the dataset X would be a list of “snapshots” collected at multiple times/windows. In mathematical terms, X is vector of vectors, also known as a tensor. The model aims to represent the true probability distribution P(x). It depends on parameters θ whose values are unknown a priori but can be learned from data. The learning itself consists of finding the values θ* that minimize a cost function for the entire dataset X. . . .”).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for predicting events in a computerized network by obtaining performance monitoring data over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, as taught by Cote, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, as taught by Banikazemi.  Such incorporation provides a platform that can analyze the monitored data to identify failures occurring in the network.
The combination of Banikazemi and Cote fails to explicitly teach determining, by the device and based on the analytics model, a recommendation for resolving the issue; and implementing, by the device, the recommendation for resolving the issue.  However Van Der Merwe teaches determining, by the device and based on the analytics model (e.g. knowledge store 124, a rules library 125, and a rules engine 126) (see Fig. 3, ¶ [0069]:” . . . At the heart of network management system 119 is network manager 120. Network manager 120 can be configured to separate management of the network infrastructure and the operations from the network services through the use of a knowledge store 124, a rules library 125, and a rules engine 126. Knowledge store 124 maintains information about the network and the network actors, rules library 125 contains rules relating to the network, and rules engine 126 applies the rules in rules library 125 to the information in knowledge store 124 to dynamically make automated decisions with respect to the network. By virtue of knowledge store 124, rules library 125, and rules engine 126, and in conjunction with controller 128 and listener agent 129, network manager 120 can facilitate the automatic setting up and configuring of complex high-level tasks, such as, e.g., setting up new services, as well as the automatic detection and handling of low-level errors. . .”; see ¶ [0058]: “. . . the data network can be a LAN, a WAN, an enterprise network, a software defined network (SDN), a recommendation  (e.g. decision) for resolving the issue(e.g. faults occurring) (see ¶ [0075]: “. . . “ . . . information about network 102, such as the actors, services, infrastructure, and other information associated with network 102 can be stored in knowledge store 124 as facts. In addition, state information regarding network 102 can be maintained in knowledge store 124 and updated as changes are made or detected in the network, such as services getting configured, faults occurring, etc. Production rules representative of knowledge of network 102 and of subscribers 108 and service providers 110 can be contained in rules library 125. In essence, knowledge store 124 and rules library 125 can contain the facts and rules necessary to make decisions regarding network 102 and the actors 104, 108, and 110 associated therewith . . .”); and implementing, by the device, the recommendation for resolving the issue(see ¶ [0089]:” . . . in which abstraction stores 140 are used, rules can act as glue between the layered stores. Many events and facts can be communicated between stores 140 using rules engine 126. For example, rules can be used to detect a request for a new service at a top layered store and propagate that request down to the lowest layered store, so that the network devices can then be set up accordingly, as discussed below. As another example, rules can be used to detect when an error has occurred at the lowest layered store and propagate that information up to the highest layered store to notify affected network users . . .”; see ¶ [0157] “. . . Rules engine 126 can use rules 204, such as rules 204a-204c, in conjunction with the information included in new fact 202 to attempt to fix the error and/or to alert the appropriate actors. For example, in one embodiment, error fact 202 can be mapped in infrastructure store 140d to the specific network port, switch, etc. corresponding to the error. Rule 204a can be used with network store 140c to automatically correlate affected network flows that correspond to the faulty network resource 132. Based on the severity of the problem, the system may try to automatically fix the problem by rerouting affected services using rule 204b. If rerouting fails or is not performed, rule 204b can be used to set up alerts to provided services that depend on the affected network flows in service store 140b. Rule 204c can then be used to automatically contact network actors associated with the affected services using business store 140a . . .”).  
The motivation to combine Van Der Merve with the combination of Banikazemi and Cote is disclosed for the rejection of claim 1 and is incorporated herein.
In regard to claim 9, the combination of Banikazemi, Cote, Van Der Merwe, teaches further comprising: generating the analytics model (e.g. knowledge store 124, a rules library 125, and a rules engine 126) based on results of a plurality of diagnostic tests see Van Der Merwe ¶ [0191] “ . . . Using the emulated network environment, a bottom-to-top test was also run to determine if the high-level entities were able to deal with low-level problems, such as network ports going down, using FlowOps. For simplicity, a simulated driver was created to simulate port up/down events. The simulated events would then get added into knowledge store 124 and processed . . .”) that includes the one or more diagnostic tests(e.g. via Flowops) (see Van Der Merwe ¶ [0073] “ . . . In FlowOps, network management and operations tasks involve applying domain specific logic to realize network management objectives based on information derived from the present (i.e., dynamic) state of the network. As such, production rules can be used to reason about and represent knowledge of the domain, and those rules can be applied to a working memory of assertions (or facts) representing the volatile state of the system. As such, in FlowOps, a production rule system can be used as the basis for the approach and the production rules and facts can be stored in rules library 125 and knowledge store 124, respectively . . . “).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe creates analytic models based on the training of testing results.
In regard to claim 10, the combination of Banikazemi, Cote, and Van Der Merwe teaches further comprising: obtaining, based on a proactive monitoring procedure (see FlowOps Van Der Merwe ¶ [0105] “ . . . Another basic functionality of FlowOps is enabling actors to diagnose problems and examine service levels to ensure that services match what was offered, e.g., network speed, bandwidth, etc. In some embodiments the network operator can have complete access to all service information, while subscribers and service providers are given limited views based on their own particular services. These views can include measurement results, path information, etc. It can be left up to network operator 104 to determine what should be included in a view . . .”) data relating to one or more virtualized network services (see Van Der Merwe ¶ [0185] “ . . . An initial evaluation was performed by running FlowOps on a host machine while connected to an emulated network environment inside a virtual machine using Mininet, an open source virtual network supported by the Mininet Support Group. The emulated network environment was designed to emulate the network environment of system 210. Mininet supports creating virtual instances of OpenFlow-enabled switches and connecting them together to simulate a real network environment. In the emulated environment each network switch was a separate instance of Open vSwitch, an open source virtual switch that supports the OpenFlow protocol. The emulated switches were controlled via the Floodlight OpenFlow controller, which in turn was driven by FlowOps. . . .”), of the plurality of virtualized network services (see Van Der Merwe ¶ [0186] “ . . .  Using the emulated network environment, FlowOps was able to successfully configure many services. Some notable ones include: [0187] Services between subscribers. An Ethernet E-LAN between subscribers Alice 108a, Bob 108b, and Carl 108c was successfully set up using abstraction stores 140, as discussed above. The service was set up so that it did not require the use of service provider 110. None of the users 108 needed special equipment that understands VLANs. Using this type of service, a LAN party, for example, could be set up between subscribers 108a, 108b, and 108c. [0188] Services between a service provider and a subscriber. A VLAN E-LINE between service provider 110 and subscriber Bob 108b was successfully set up using abstraction stores 140, as discussed above. Because service provider 110 had access on only one port into network 102, VLANs were required to differentiate services as service provider 110 sent packets. Bob's end point was successfully configured to remove the VLAN so that his equipment had no need to understand VLANs. Service provider 110 can use this approach to provide Internet, VoIP, etc. to individual subscribers 108. [0189] Broadcast services between a service provider and multiple subscribers. A VLAN E-TREE from service provider 110 (acting as the root) to all of the subscribers Alice 108a, Bob 108b, and Carl 108c (acting as leaves) was successfully set up using abstraction stores 140, as discussed above. Similar to the VLAN E-LINE, a VLAN was required for service provider 110 to specify which packets belonged to which service. The tag was successfully removed before the packets reached the subscriber equipment . . .”); and generating, based on the data relating to the one or more virtualized network services, the analytics model (see Van Der Merwe ¶ [0205] “ . . . The exemplary embodiment shown in FIG. 13 was set up, with FlowOps being used to implement all of the portions of network resources coordinator 302. Software was written in PHP except for the rules which were written as a hybrid of the CLIPS rules language and PHP, and data from a relational database. The knowledge store was initiated by FlowOps using configuration files having basic properties of the expected network-like switches and other network equipment with which FlowOps was expected to communicate. Rules were loaded separately from the knowledge store and were compiled into FlowOps although they could alternatively have been loaded externally to support a more pluggable model where network operators can create, edit or load custom rules. FlowOps initialized CLIPS by loading rules and creating a stateful knowledge session which allows facts to persist while running rules. . . “).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe can generate models from the virtual network services.
In regard to claim 11, the combination of Banikazemi, Cote, and Van Der Merwe teaches further comprising: preprocessing data relating to one or more virtualized network devices, of the plurality of virtualized network services (see Cote ¶ [0038] “ . . . A variety of data sources can be exploited to get information about every component of the network, from the physical (or virtual) devices to the communication channels, the usage patterns, the environment, and the business context. Network devices (e.g., network elements) generate Performance Monitoring (PM), alarms, and/or logging data. These include things like power levels, error counters, received, transmitted or dropped packets, Central Processing Unit (CPU) utilization, geo-coordinates, threshold cross, etc. Communication channels (or “services”) also generate PM data, for all layers of the Open Systems Interconnection (OSI) model (ISO/IEC standard 7498-1, 1994). For instance, layer-3 network performance is characterized by bandwidth, throughput, latency, jitter and error rate. End-users', environmental, or business data typically come from third-party databases. . . .”), to provide a data structure for the data relating to the one or more virtualized network devices (see Cote ¶ [0048] “ . . . the ML applications 22 can be hosted on a single computer with regular data storage and CPU. Providing there is software able to collect raw data and transform it into a consumable format by ML algorithms. This basic setup is sufficient to process small data sets in non-production environments. To use deep learning algorithms, it is generally required to accelerate computations with specialized hardware such as Graphics Processing Units (GPU's) or Tensor Processing Units (TPU's). To exploit synergies of ML with Big Data, more infrastructure is required to handle the large Variety, Volume and/or Velocity of the “Big” data. Wide variety requires an abstraction layer between the raw inputs from many sources and the ML algorithms. This abstraction layer can include resource adapters 18. Large volume requires distributed storage and parallel computing on a computer cluster. This is referred to as the “data lake” 20 or a “cloud.” Furthermore, it employs a mechanism to read back and process batches of data. . . “)
wherein the generating the analytics model comprises (see Cote ¶¶ [0049-0051] “ . . . To forecast the occurrence of network anomalies with improved efficiency and confidence, it is desirable to leverage as much information as possible from as many sources as possible. For example, this is done by first modeling the time-evolution of the data, then using a model to extrapolate towards the future. Assuming that the machine learning system 10 collects and prepares all the relevant data, one still needs to solve a problem: how to model the data to provide accurate forecasting . . . In ML, the process of learning from data is called “training.” It is useful to split ML algorithms into two broad categories: supervised learning and unsupervised learning, depending on how their training is performed . . .”): generating, based on a machine learning technique and the data structure, the analytics model (see Cote ¶¶ [0065-0067] “ . . . FIG. 2 is a diagram of a three-step process 50 used by the machine learning system 10. FIG. 3 is a flowchart of a forecast process 52. Here, there is a real-time data stream (PM data) from the telecommunications network 16, such as stored in the data lake 20 and/or analytics platform in FIG. 1.   Step S1: the process 52 includes, for each time bin, reducing a PM to a single number representing the probability of being normal (or “p-value”) of the device/service/application that is being monitored. This transforms the n-dimensional time-series into a 1-dimensional distribution, which is much easier to model.  Step S2: the process 52 includes graphing results from step S1 where the y-axis is the probability of being normal and the x-axis is time. Then, one or more heuristic functions—referred to as forecast models—are adjusted to match the historical data on the graph using statistical regression . . .”).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Cote provides machine learning function for generating the models.
In regard to claim 12, the combination of Banikazemi, Cote, and Van Der Merwe teaches further comprising: determining, based on the analytics model, a set of predictors associated with one or more issues, or with normal operation, of the SD-WAN (see Cote ¶¶ [0057-0058] “ . . . A useful property of supervised ML is its ability to measure accuracy in a reliable way. For example, this can be performed by splitting the labeled dataset in (at least) two independent parts: X.sub.y.sup.train and X.sub.y.sup.test. The model is trained using X.sub.y.sup.train only, and the properties of the trained model can be benchmarked on X.sub.y.sup.test. By doing so, each prediction of M(x,θ*) can be compared to the “truth” provided by the labels in X.sub.y.sup.test. For a binary classifier, for instance, this enables the measurement of true and false positive rates, confusion matrix, etc. Furthermore, it can be safely assumed that these test results are unbiased because X.sub.y.sup.test is statistically independent from X.sub.y.sup.train and that X.sub.y.sup.test is a representative control sample because it derives from the original sample X.sub.y.   A concrete example of this procedure—implemented with the Network Health Predictor application—is shown on FIGS. 1B and 1C. FIG. 1B shows the output of a supervised Random Forest Regression algorithm on X.sub.y.sup.test, for two labels: “normal” and “abnormal.” The output distribution is continuous between 0 and 1, with “normal” outputs towards zero and “abnormal” outputs towards one. This can be turned into a binary classifier with a cut-off threshold illustrated by the dashed line. In turn, the performance of the classifier can be characterized by a ROC curve illustrated in FIG. 1C. The dot on FIG. 1C corresponds to a threshold of 0.3 illustrated in FIG. 1B. Through such a process, it is possible to adjust the threshold on the supervised ML output in order to achieve a target performance point on the ROC curve. This can be handy as different use-cases can require different trade-offs between true positive efficiency and false positive noise . . .”)
wherein the set of predictors correspond to a value associated with an instance of a virtualized network service of the plurality of virtualized network services (see Cote ¶ [0070]“ . . . Back in FIG. 3, at Step S3: the process 52 includes extrapolating results from step S2 towards to future and predict the probability of being normal versus time. At a given time, the most probable p-value is the one obtained with the best value of each model parameter, according to Step S2. This prediction can include uncertainties. The uncertainties are estimated by varying each forecast model parameter within its 95% Confidence Interval and re-calculating the predicted p-value accordingly. Alternatively, the same process can be used to estimate the most probable time and the uncertainty interval within which a network element will reach a given p-value . . .”) ; and 
determining, by the device and based on the set of predictors, that the parameter relates to the issue (see Cote ¶ [0074]“ . . . The systems and methods enable pre-emptive maintenance by being able to identify risky network elements or devices 14 from their trends before they actually get in a problematic state. This can be very valuable for network operators who no longer need to react to catastrophic events but can work on their network during scheduled maintenance windows. In combination with Big Data infrastructure, the application 22 can continuously monitor arbitrarily large and complex networks 16, automatically. When abnormal elements are identified, the application 22 helps operators to troubleshoot the issue and identify its root cause faster . . . “).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Cote provides prediction models to identify an issue with the SD-WAN.
In regard to claim 13, the combination of Banikazemi, Cote, and Van Der Merwe teaches wherein the determining the set of predictors comprises: determining, using a deep learning network technique (see Cote ¶¶ [0049-0051] “ . . . To forecast the occurrence of network anomalies with improved efficiency and confidence, it is desirable to leverage as much information as possible from as many sources as possible. For example, this is done by first modeling the time-evolution of the data, then using a model to extrapolate towards the future. Assuming that the machine learning system 10 collects and prepares all the relevant data, one still needs to solve a problem: how to model the data to provide accurate forecasting . . . In ML, the process of learning from data is called “training.” It is useful to split ML algorithms into two broad categories: supervised learning and unsupervised learning, depending on how their training is performed . . .”), that a subset of variables, of a plurality of variables associated with a model of an SD-WAN operation, is the set of predictors (see Cote ¶¶ [0063-0064] “ . . . Prediction of Future Events from Trends can use Unsupervised ML—time-series trending: regression of analytical functions, Autoregressive Integrated Moving Average (ARIMA), Long Short-Term Memory (LSTM) neural network.  Learning to Take Actions on the Network can be above ML plus a rules-based Policy Engine, and reinforcement learning can be used as a way to optimize networks . . . “).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Cote provides for using the machine learning to indicate a particular value to march to a particular issue.
In regard to claim 14, the combination of Banikazemi, Cote, and Van Der Merwe teaches further comprising: detecting, based on service information and the analytics model (see Van Der Merwe ¶ [0075] “ . . . To facilitate a production rules approach, information about network 102, such as the actors, services, infrastructure, and other information associated with network 102 can be stored in knowledge store 124 as facts. In addition, state information regarding network 102 can be maintained in knowledge store 124 and updated as changes are made or detected in the network, such as services getting configured, faults occurring, etc. Production rules representative of knowledge of network 102 and of subscribers 108 and service providers 110 can be contained in rules library 125. In essence, knowledge store 124 and rules library 125 can contain the facts and rules necessary to make decisions regarding network 102 and the actors 104, 108, and 110 associated therewith . . .”) , an event that causes the issue and is associated with one or more virtualized network services of the plurality of virtualized network services (see Van Der Merwe ¶ [0076] “ . . . FlowOps employs a layered abstraction model which can allow FlowOps to reason and react to events at different levels of abstraction and to propagate relevant information into other layers as needed. As a result, FlowOps can be used with almost any type of underlying network hardware as long as network 102 can support the abstractions that service providers 110 need to provide services. As such, in these embodiments, network infrastructure 130 can comprise traditional switches, SDN-enabled switches, or a combination of the two, in addition to communication media and other typical network components. . .”).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe provides a relationship between an issue and a service.
In regard to claim 15, Banikazemi teaches a non-transitory computer-readable medium storing one or more instructions (see ¶ [0108]:” . . . The computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention . . .”), the one or more instructions comprising (see ¶ [0109]: “. . . The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device . . .”):
 one or more instructions that(see ¶ [0110]: “. . . Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network. . .”), when executed by one or more processors of a gateway device  (see ¶ [0008]: “. . . a hardware, processor-based monitoring element . . .” see ¶ [0058]: “. . . the monitoring element can be implemented by, for example, the CDPI agent 230 and the SDN controller 220 shown and described with respect to FIG. 2  . .  .”), cause the one or more processors to(see Fig. 8 ¶ [0096]: “.  . . As shown in FIG. 8, computer system/server 812 in cloud computing node 810 is shown in the form of a general-purpose computing device. The components of computer system/server 812 may include, but are not limited to, one or more processors or processing units 816 . . .”):
 receive service information that identifies a state of a software-defined networking wide area network (SD-WAN) (see ¶ [0012]: “ . . . FIG. 2 shows an exemplary architecture 200 for a Software Defined Network ( SDN) . . .” see Fig. 1 ¶ [0027]: “ . . FIG. 1 illustrates a network architecture 100 to which the present principles can be applied, in accordance with an embodiment of the present principles. As shown in FIG. 1, a plurality of remote networks 102 are provided including a first remote network 104 and a second remote network 106. A gateway 101 may be coupled between the remote networks 102 and a proximate network 108. In the context of network architecture 100, the networks 104, 106 may each take any form including, but not limited to a LAN, a WAN such as the Internet . . .”; see ¶ [0031]: “ . . . methods and systems described herein may be implemented with and/or on virtual systems and/or systems which emulate one or more other systems, such as a UNIX system which emulates an IBM z/OS environment, a UNIX system which virtually hosts a MICROSOFT WINDOWS environment, a MICROSOFT WINDOWS system which emulates an IBM z/OS environment, etc. This virtualization and/or emulation may be enhanced through the use of VMWARE software . . .” see Fig. 2 ¶ [0033]: “. . . FIG. 2 shows an exemplary architecture 200 for a Software Defined Network (SDN), in accordance with an embodiment of the present principles . . .”), wherein the SD-WAN includes a plurality of virtualized network services associated with different vendors; 
detect, based on the service information see ¶ [0059]: “. . . The forwarding elements can be real or virtual and they provide traffic statistics pertaining to individual flows. These forwarding elements report their statistics to the monitoring service periodically . . .”) and an analytics model associated with the SD-WAN (see ¶ [0069]: “. . . analyze the collected data and report the results of the analysis . . . “), an issue (e.g. an anomaly) associated with the SD-WAN (see ¶ [0072]: “. . . the analysis conducted by the monitoring service looks at the history of a given flow to decide if there are any anomalies in the flow's traffic. For each pair of traffic patterns maintained by the service, the analysis determines how well the two series match. A good match indicates that there is not an anomaly. A poor match indicates a network problem such as packet loss or delay. The criteria to decide when to flag a flow as having problems can be based on thresholds customized to the type of flow. Thus, in an embodiment, step 630 can involve indicating whether or not an anomaly exists . . . “), 
Banikazemi fails to explicitly teach wherein the SD-WAN includes a plurality of virtualized network services associated with different vendors; wherein the analytics model determines the issue based on a particular relating to the issue deviating from a particular range of values that corresponds to the parameter and is associated with a normal operation of the SD-WAN; 
generate, based on the analytics model, a recommendation associated with a resolution of the issue; and provide the recommendation to a client device.
However Cote teaches wherein the SD-WAN includes a plurality of virtualized network services associated with different vendors (see ¶ [0072]: “. . . Finally, end-users can configure the NHP (or SHP or AHP) application(s) to specify a probability threshold beyond which they consider a network element (or service or application) to be in a problematic state. For instance, a network operator can be willing to tolerate a 0.1% probability of being normal, while another operator can more aggressively set a threshold at 1% probability. Note that this probabilistic approach is general, and can hence be applied to any PM's from any device from any vendor from any network technology. Then, the application(s) 22 can notify users whenever a device 14 (or service or application) is forecasted to cross their user-defined threshold. Or they can optionally leverage the policy engine for more complex rule-based implementations. Furthermore, the application 22 can communicate a time interval within which the threshold-crossing is predicted to occur, allowing the network operator (end-user) to take actions before the problem actually occurs. .  . “); wherein the analytics model (e.g. forecast model)  determines the issue based on a particular relating to the issue deviating from a particular range of values that corresponds to the parameter(e.g. snapshots of system during normal operations) and is associated with a normal operation of the SD-WAN(see Fig. 1A, ¶ [0046]: “. . . FIG. 1A is a block diagram of a machine learning system 10. A data collection engine platform 12 collects telemetry data from devices 14 of a telecommunications network 16 (e.g., Internet Protocol (IP), Ethernet, Optical, and combinations thereof) through resource adapter(s) 18 and stores it in a "data lake" 20. ML Applications 22 such as NHP, Service Health Predictor (SHP), Application Health Predictor (AHP) or others can read back this data, analyze it and report insights to end-users or to a Policy Engine 24, a Software Defined Networking ( SDN) controller 26, etc. . . .”’ see ¶ [0049]” . . .To forecast the occurrence of network anomalies with improved efficiency and confidence, it is desirable to leverage as much information as possible from as many sources as possible. For example, this is done by first modeling the time-evolution of the data, then using a model to extrapolate towards the future. Assuming that the machine learning system 10 collects and prepares all the relevant data, one still needs to solve a problem: how to model the data to provide accurate forecasting . . .” see ¶ [0052]” . . . With unsupervised ML, the training involves three components: a dataset X, a model M(x,θ), and a cost function C(x,M(x,θ)). The vector x represents a “snapshot” of the system under study. For instance, x can contain PM data from a network device at a given time. Then, the dataset X would be a list of “snapshots” collected at multiple times/windows. In mathematical terms, X is vector of vectors, also known as a tensor. The model aims to represent the true probability distribution P(x). It depends on parameters θ whose values are unknown a priori but can be learned from data. The learning itself consists of finding the values θ* that minimize a cost function for the entire dataset X. . . .”);
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for predicting events in a computerized network by obtaining performance monitoring data over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, as taught by Cote, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, as taught by Banikazemi.  Such incorporation provides a platform that can analyze the monitored data to identify failures occurring in the network.
The combination of Banikazemi and Cote fails to explicitly teach generate, based on the analytics model, a recommendation associated with a resolution of the issue; and provide the recommendation to a client device.  However Van Der Merwe teaches generate, based on the analytics model (e.g. knowledge store 124, a rules library 125, and a rules engine 126) (see Fig. 3, ¶ [0069]:” . . . At the heart of network management system 119 is network manager 120. Network manager 120 can be configured to separate management of the network infrastructure and the operations from the network services through the use of a knowledge store 124, a rules library 125, and a rules engine 126. Knowledge store 124 maintains information about the network and the network actors, rules library 125 contains rules relating to the network, and rules engine 126 applies the rules in rules library 125 to the information in knowledge store 124 to dynamically make automated decisions with respect to the network. By virtue of knowledge store 124, rules library 125, and rules engine 126, and in conjunction with controller 128 and listener agent 129, network manager 120 can facilitate the automatic setting up and configuring of complex high-level tasks, such as, e.g., setting up new services, as well as the automatic detection and handling of low-level errors. . .”; see ¶ [0058]: “. . . the data network can be a LAN, a WAN, an enterprise network, a software defined network (SDN),, a recommendation(e.g. decision)  associated with a resolution of the issue(e.g. faults occurring) (see ¶ [0075]: “. . . “ . . . information about network 102, such as the actors, services, infrastructure, and other information associated with network 102 can be stored in knowledge store 124 as facts. In addition, state information regarding network 102 can be maintained in knowledge store 124 and updated as changes are made or detected in the network, such as services getting configured, faults occurring, etc. Production rules representative of knowledge of network 102 and of subscribers 108 and service providers 110 can be contained in rules library 125. In essence, knowledge store 124 and rules library 125 can contain the facts and rules necessary to make decisions regarding network 102 and the actors 104, 108, and 110 associated therewith . . .”); and provide the recommendation to a client device (see ¶ [0089]:” . . . in which abstraction stores 140 are used, rules can act as glue between the layered stores. Many events and facts can be communicated between stores 140 using rules engine 126. For example, rules can be used to detect a request for a new service at a top layered store and propagate that request down to the lowest layered store, so that the network devices can then be set up accordingly, as discussed below. As another example, rules can be used to detect when an error has occurred at the lowest layered store and propagate that information up to the highest layered store to notify affected network users . . .”; see ¶ [0157] “. . . Rules engine 126 can use rules 204, such as rules 204a-204c, in conjunction with the information included in new fact 202 to attempt to fix the error and/or to alert the appropriate actors. For example, in one embodiment, error fact 202 can be mapped in infrastructure store 140d to the specific network port, switch, etc. corresponding to the error. Rule 204a can be used with network store 140c to automatically correlate affected network flows that correspond to the faulty network resource 132. Based on the severity of the problem, the system may try to automatically fix the problem by rerouting affected services using rule 204b. If rerouting fails or is not performed, rule 204b can be used to set up alerts to provided services that depend on the affected network flows in service store 140b. Rule 204c can then be used to automatically contact network actors associated with the affected services using business store 140a . . .”).  
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for dynamically managing and coordinating network resources through the use of a knowledge store that has abstraction levels used to identify physical and virtual components of the network that may be failing, as taught by Van Der Merve, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, and utilizing performance monitoring data obtained over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, as taught by the combination of Banikazemi and Cote.  Such incorporation provides the system with a knowledge structure that can identify the failure and provide a remediation.
In regard to claim 16, the combination of Banikazemi, Cote, and Van Der Merwe  teaches wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to (see Banikazemi  ¶ ¶ [0108-0110] as described for the rejection of claim 15 and is incorporated herein) evaluate a hierarchy (e.g. deployment model) associated with a deployment of the SD-WAN to identify the issue (see Banikazemi  ¶ [0076] “ . . . Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service. This cloud model may include at least five characteristics, at least three service models, and at least four deployment mode . . .”) , and wherein the hierarchy includes at least one of: a hardware diagnostics evaluation (see Banikazemi  ¶¶ [0094-0095] “ . . . In cloud computing node 810 there is a computer system/server 812, which is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with computer system/server 812 include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputer systems, mainframe computer systems, and distributed cloud computing environments that include any of the above systems or devices, and the like.  Computer system/server 812 may be described in the general context of computer system executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, and so on that perform particular tasks or implement particular abstract data types. Computer system/server 812 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices . . .”) a network connectivity diagnostics evaluation (see Banikazemi  ¶¶ [0100-0101] “ . . . Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a networking environment. Program modules 842 generally carry out the functions and/or methodologies of embodiments of the invention as described herein.  [0101] Computer system/server 812 may also communicate with one or more external devices 814 such as a keyboard, a pointing device, a display 824, etc.; one or more devices that enable a user to interact with computer system/server 812; and/or any devices (e.g., network card, modem, etc.) that enable computer system/server 812 to communicate with one or more other computing devices. Such communication can occur via Input/Output (I/O) interfaces 822. Still yet, computer system/server 812 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via network adapter 820. As depicted, network adapter 820 communicates with the other components of computer system/server 812 via bus 818 . . .”), or a virtualized network services diagnostics evaluation (see Banikazemi  ¶¶ [0084-0085] “ . . . Software as a Service (SaaS): the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.  Platform as a Service (PaaS): the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. . . “).
In regard to claim 17, the combination of Banikazemi, Cote, and Van Der Merwe  teaches wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to (see Banikazemi  ¶ ¶ [0108-0110] as described for the rejection of claim 15 and is incorporated herein): identify a new network service for deployment in the SD-WAN (see Van Der Merwe ¶ [0069] “ . . . At the heart of network management system 119 is network manager 120. Network manager 120 can be configured to separate management of the network infrastructure and the operations from the network services through the use of a knowledge store 124, a rules library 125, and a rules engine 126. Knowledge store 124 maintains information about the network and the network actors, rules library 125 contains rules relating to the network, and rules engine 126 applies the rules in rules library 125 to the information in knowledge store 124 to dynamically make automated decisions with respect to the network. By virtue of knowledge store 124, rules library 125, and rules engine 126, and in conjunction with controller 128 and listener agent 129, network manager 120 can facilitate the automatic setting up and configuring of complex high-level tasks, such as, e.g., setting up new services, as well as the automatic detection and handling of low-level errors . . .”); and
add the new network service into a group of monitored network services evaluated using a set of diagnostic tests (see Van Der Merwe ¶ [0075] “ . . . To facilitate a production rules approach, information about network 102, such as the actors, services, infrastructure, and other information associated with network 102 can be stored in knowledge store 124 as facts. In addition, state information regarding network 102 can be maintained in knowledge store 124 and updated as changes are made or detected in the network, such as services getting configured, faults occurring, etc. Production rules representative of knowledge of network 102 and of subscribers 108 and service providers 110 can be contained in rules library 125. In essence, knowledge store 124 and rules library 125 can contain the facts and rules necessary to make decisions regarding network 102 and the actors 104, 108, and 110 associated therewith . . .”)
wherein the group of monitored network services includes a set of physical network services and the plurality of virtualized network services (see Van Der Merwe ¶ [0076] “ . . . FlowOps employs a layered abstraction model which can allow FlowOps to reason and react to events at different levels of abstraction and to propagate relevant information into other layers as needed. As a result, FlowOps can be used with almost any type of underlying network hardware as long as network 102 can support the abstractions that service providers 110 need to provide services. As such, in these embodiments, network infrastructure 130 can comprise traditional switches, SDN-enabled switches, or a combination of the two, in addition to communication media and other typical network components. . . “;see Van Der Merwe ¶¶ [0083-0084] “ . . . Business store 140a provides views and alerts to the actors 104, 108, and 110 that use network 102. For example, through business store 140a, subscribers 108 can view a list of available services to request as well as information corresponding to those services. In addition, subscribers 108 and/or service providers 110 may be able to view the status of services already requested, such as, e.g., whether network resources have been provisioned, allocated, and/or deleted, as discussed below. Through business store 140a, subscribers 108 and/or service providers 110 can also request services, cancel services, and view information about each service, such as measured speed of service, actual bandwidth, etc. In addition, subscribers 108 and/or service providers 110 can receive alerts corresponding to the services they receive or supply when errors are detected on network 102 or when planned network maintenance is scheduled that affect those services.  Service store 140b exposes reservable network resources. As such, each service provided on network 102 can be described in service store 140b with respect to the network resources required to provide the service. For example, a VLAN from point A to point B or a LAN with multiple end points can be defined in service store 140b by the types of network resources required. In one embodiment, service store 140b defines the services that can be provided in network 102 and leaves the implementation details to network operator store 140c . . . “).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe provides a means to update resources that can be monitored in the SD-WAN.
In regard to claim 18, the combination of Banikazemi, Cote, and Van Der Merwe  teaches wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to (see Banikazemi  ¶ ¶ [0108-0110] as described for the rejection of claim 15 and is incorporated herein): automatically implement the resolution (see Van Der Merwe ¶¶ [0119-0120] “ . . . As shown in FIG. 6A, when a service is requested from service provider 110, a service fact 170 can be added to service store 140b. Service fact 170 can include information about the requested service, including identifying the subscriber, the service provider, and the requested service. If the service request has been placed using network 102, service fact 170 can be automatically added to service store 140b of knowledge store 124 by rules of rules library 125 that detect new facts corresponding to the request on business store 104a when the service request is placed. Alternatively, if the service request is not placed using network 102 (e.g., the request was placed by telephone) or if automatic addition is not desired, service fact 170 can be added to service store 140b by service provider 110 through business store 104a. In the depicted embodiment, service provider 110 accesses the abstraction stores via API 160 and portal 121.  Rules engine 126 can automatically detect when new fact 170 is added to service store 140b. Rules engine 126 can use rules 172 of rule library 125, such as rules 172a and 172b, in conjunction with the information included in new fact 170 to attempt to map and allocate the required network resources 132 using abstraction stores 140. For example, if an Ethernet service has been requested (such as Ethernet service 176 shown in FIG. 6B), then rule 172a in network operator store 140c can map the requested Ethernet service to a particular network flow. If the network operator 104 uses VLANs in the backbone to support such services, then the network can be a backbone VLAN. As such, rules applied to network operator store 140c can be used to determine if a possible path exists through network 102 that will support the requested service. Once a possible network path has been determined, such as path 177 in FIG. 6B, the required network resources 132 along path 177 can be identified. . . “).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe provides automatic implementation of recommendations.
In regard to claim 19. the combination of Banikazemi, Cote, and Van Der Merwe teaches wherein the one or more instructions, that cause the one or more processors to identify the issue, cause the one or more processors to (see Banikazemi  ¶ ¶ [0108-0110] as described for the rejection of claim 15 and is incorporated herein): generate an abstraction layer user interface (e.g. views and alerts) for providing the recommendation to the client device (see Van Der Merwe ¶¶ [0082-0083] “ . . . FIG. 4 illustrates one embodiment in which four layered abstraction stores 140 (140a-140d) are used in knowledge store 124. Of course, more or fewer abstraction stores are also possible. Abstraction stores 140 include a business store 140a, a service store 140b, a network operator store 140c, and an infrastructure store 140d, stacked on top of each other in the order shown.  Business store 140a provides views and alerts to the actors 104, 108, and 110 that use network 102. For example, through business store 140a, subscribers 108 can view a list of available services to request as well as information corresponding to those services. In addition, subscribers 108 and/or service providers 110 may be able to view the status of services already requested, such as, e.g., whether network resources have been provisioned, allocated, and/or deleted, as discussed below. Through business store 140a, subscribers 108 and/or service providers 110 can also request services, cancel services, and view information about each service, such as measured speed of service, actual bandwidth, etc. In addition, subscribers 108 and/or service providers 110 can receive alerts corresponding to the services they receive or supply when errors are detected on network 102 or when planned network maintenance is scheduled that affect those services.
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe provides views and alerts for the abstraction layers of the SD-WAN.
In regard to claim 20, the combination of Banikazemi, Cote, and Van Der Merwe teaches wherein the abstraction layer user interface represents the plurality of virtualized network services(see Van Der Merwe ¶¶ [0208-0211] “ . . . Exemplary system 210 shown in FIG. 10 was again used to test the FlowOps system, this time using network management system 319 instead of network management system 119. Similar to the testing of network management system 119, an initial evaluation was performed by running FlowOps on a host machine while connected to an emulated network environment designed to emulate the network environment of system 210 inside a virtual machine using Mininet.  Using the emulated network environment, FlowOps was again able to successfully configure many network services, including (i) services between subscribers, (ii) services between a service provider and a subscriber, and (iii) broadcast services between a service provider and multiple subscribers, in the same manner as discussed above. Furthermore, FlowOps was again able to handle simulated low-level network problems, including (i) a port down in a network path which can be rerouted and (ii) a port down in a network path where no other possible path exists, in the same manner as discussed above.  This again demonstrates real-world applications of many of the value-added features available through FlowOps, including the dynamic and automatic manner in which FlowOps (i) can set up and manage network service resources and (ii) can detect network resource problems, attempt to fix those problems, and notify respective parties of affected services accordingly.  Using FlowOps with the exemplary network environments discussed above has demonstrated that FlowOps supports the creation of usable data networks using the architectures described herein. In particular, it has demonstrated that FlowOps can operate a data network, such as an open access network, in a dynamic, automated manner, based on external users asking for slices of the network resulting in reasoning in the various abstraction layers. It has also demonstrated that FlowOps can detect errors in the network and, if possible, automatically reroute services around the detected errors or, if not possible, alert users to the detected errors. . .”).
The motivation to combine the references is described for the rejection of claim 1 and is incorporated herein.  Additionally, Van Der Merwe provides user visibility to the abstraction layers of the virtual service.
Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Banikazemi et al. (U.S. 2017/0149637 A1; herein referred to as Banikazemi) in view of Cote et al. (U.S. 2019/0280942 A1; herein referred to as Cote) in further view of Van Der Merwe et al. (U.S. 2015/0365288 A1; herein referred to as Van Der Merwe) as applied to claims 1 -2 and 8 - 20 in further view of Soderlund (U.S. 2018/0234288 A1; herein referred to as Soderlund).
In regard to claim 3, the combination of Banikazemi, Cote, and Van Der Merwe fails to explicitly  teach wherein the one or more processors are further configured to: select the one or more diagnostic tests according to a set of configured instructions, wherein the set of configured instructions include one or more conditional instructions relating to one or more virtualized network services.  However Soderlund teaches wherein the one or more processors are further configured to: select the one or more diagnostic tests according to a set of configured instructions (e.g. instruction to collect specific host information to the VIM 28 in a step S36 and sends an instruction to collect specific failure information to the VNF 21 in a step S37), wherein the set of configured instructions include one or more conditional instructions relating to one or more virtualized network services (e.g. virtualized network function (VNF 21)) (see Fig. 3, ¶ [0097]:” . . . As shown in FIG. 3, the HA service of the VNF 21 performs failure detection in a step S30 and failure mitigation in a step S31 and propagates the failure information in a step S32 to the diagnostics function of the VNF 21. The diagnostics function determines to start data collection in a step S33 and sends an indication triggering the data symptom collection in a step S34 to the VNF Manager 24. Upon receiving the trigger from the VNF 21, the VNF Manager 24 runs the symptom data collection processing in a step S35 and collects information from both the VNF 21 and the VIM 28. In particular, the VNF Manager 24 sends an instruction to collect specific host information to the VIM 28 in a step S36 and sends an instruction to collect specific failure information to the VNF 21 in a step S37. After data collection being performed by the VNF 21 and the VIM 28 (step S38), the VNF Manager 24 receives the data from the VNF 21 and the VIM 28 and combines the collected data in a step S39. Then, the VNF Manager 24 stores the collected and combines data in the operator diagnostics data storage in a step S310 . . .”).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for symptom data collection in a cloud deployment wherein failures are detected using diagnostic tests comprising instructions pertinent to the type of network service that triggered the failure, as taught by Soderlund, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, and utilizing performance monitoring data obtained over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, and remediate such issues through the use of a knowledge store that has abstraction levels used to identify physical and virtual components of the network that may be failing, as taught by the combination of Banikazemi. Cote, and Van Der Merwe.  Such incorporation enhances the identification and remediation of virtual service failures.
In regard to claim 4, the combination of Banikazemi, Cote, and Van Der Merwe fails to explicitly  teach wherein, when applying the one or more diagnostic tests, the one or more processors are configured to:  execute the one or more diagnostic tests based on a type of one or more virtualized network services.  However Soderlund teaches wherein, when applying the one or more diagnostic tests, the one or more processors are configured to:  execute the one or more diagnostic tests based on a type of one or more virtualized network services(see ¶ [0025]: “. . . High availability (resiliency (which is the ability of the NFV framework to limit disruption and return to normal or at a minimum acceptable service delivery level in the face of a fault, failure, or an event that disrupts the normal operation) and failure tolerance/recovery) are mandatory in the telecom environment, and moreover, with emergence of Voice over LTE (VoLTE), the requirements towards recovery times are very strict (at least <1 s, the shorter the better). The resiliency needed in the network elements consists usually of multiple layers. The VNFM 24/VIM (Virtualized Infrastructure Manager) 28 monitor the physical resources and virtual machines running on top of the infrastructure, and the VNF itself monitors the application status with some specialized built-in service. The latter part is essential for stateful 2N or N+M active-standby replication solutions, which are needed in order to reach the required recovery times without losing sessions in the operation. .  .”).
The motivation to combine Soderlund with the combination of Banikazemi, Cote, and Van Der Merwe is described for the rejection of claim 3 and is incorporated herein.  Additionally Soderlund provides a relationship between the diagnostic testing and the virtualized network service.
Claims 5 – 6 are rejected under 35 U.S.C. 103 as being unpatentable over Banikazemi et al. (U.S. 2017/0149637 A1; herein referred to as Banikazemi) in view of Cote et al. (U.S. 2019/0280942 A1; herein referred to as Cote) in further view of Van Der Merwe et al. (U.S. 2015/0365288 A1; herein referred to as Van Der Merwe) as applied to claims 1 -2 and 8 – 20 in further view of Wadikar et al. (U.S. 2020/0159380 A1; herein referred to as Wadikar).
In regard to claim 5, the combination of Banikazemi, Cote, and Van Der Merwe fails to explicitly  teach wherein, when applying the one or more diagnostic tests, the one or processors are configured to: execute the one or more diagnostic tests based on a test-suite workflow specification.  However Wadikar teaches wherein, when applying the one or more diagnostic tests, the one or processors are configured to: execute the one or more diagnostic tests based on a test-suite workflow specification (see  Fig. 1, ¶¶ [0037-0038]: “. . . As an example is illustrated in FIG. 1 to further clarify the described functionalities associated with some embodiments of the present technology. FIG. 1 illustrates an example interface view 100 that provides a visual rendering of a set of network events triggered as a result of a common workflow initiated by, for example, a Cisco DNA Center™ administrator. With reference to FIG. 1, at 102 Network Administrator profile is created. The network administrator then initiates a device discovery operation shown by the panel view 106. A site is then created by the network administrator, corresponding to the panel view 108 and one or more devices are assigned to the created site as indicated by 110. As shown by the interface view 100, the workflow information is visually represented as a series of events (102, 106, 108 and 110) along a time axis 111. The interface view 100 also provides a slider 112 as a navigation mechanism responsive to user input. The slider 112 enables a user to navigate further through the timeline by sliding the slider 112 along a scroll bar 113. Furthermore, the search box 114 shown in the example interface view 100, enables the network monitoring system to conduct a search based on one or more user-provided filtering criteria (i.e., on one or more IP addresses) such that only events related to the specified criteria will appear.  With reference to interface view 100, the chronological progression of the workflow is represented visually in an immediately identifiable way, starting from a user profile creation event at 12:15 hrs and includes subsequent events, triggered by the administrator initiated workflow, that occur within a 3 hour time period from 12:00 pm to 3:00 pm (15:00 hrs) as shown by the referenced points along the time axis 111. FIG. 2 illustrates an interface view 200 corresponding to moving the slider 112 to a position along the scroll bar 113 corresponding to 13:00 Hrs on the time axis 111. With respect to the interface view 200, the slider position corresponds to Device Discovery event at 13:05 Hrs. Considering that the displayed portion of the time axis 111, in the provided example, corresponds to a 3 hour time period, this brings into view event panel 204 corresponding to a device provisioning operation conducted as part of the network administrator's workflow. . . “).
It would been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for monitoring workflows for particular diagnostic events occurring in a network such as a SD-WAN, as taught by Wadikar, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, and utilizing performance monitoring data obtained over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, and remediate such issues through the use of a knowledge store that has abstraction levels used to identify physical and virtual components of the network that may be failing, as taught by the combination of Banikazemi. Cote, and Van Der Merwe.  Such incorporation provides a methodology for testing operations for the SD-WAN.
In regard to claim 6, the combination of Banikazemi, Cote, and Van Der Merwe fails to explicitly  teach wherein the test-workflow specification defines a set of service tags for identifying one or more virtualized network services for executing the one or more diagnostic tests.  However Wadikar teaches wherein the test-workflow specification defines a set of service tags for identifying one or more virtualized network services for executing the one or more diagnostic tests (see ¶ [0036] “ . . . each (network) event at a particular point in time may be represented in a form of a card or panel. The card may have textual description of an event or workflow and a thumbnail image which identifies the workflow. The cards may have color-coded tags which show if the result of workflow was success, failure or warning. A user may interact with the card by clicking on it to get detailed information about the event and the results associated with it. The user may also navigate using a slider or scroll bar which would allow them to bi-directionally traverse a time axis (i.e., going forward or backward in time) and view the event cards or panel views along the z-axis (3rd dimension) of the perspective. The user may search and filter the panel views/event cards (corresponding to various network events) based on a specified filtering criteria (i.e., attributes such as IP ranges, device identifiers, users and workflows). In this way, a subset of panel views that match the specified filtering criteria may be displayed along the time axis representation. The user may also search based on tags, such that only the failed events could be filtered for troubleshooting . . . “).
The motivation to combine Wadikar with the combination of Banikazemi, Cote, and Van Der Merwe is described for the rejection of claim 5 and is incorporated herein.  Additionally, Wadikar provides tagging of significant events in the workflow. 
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Banikazemi et al. (U.S. 2017/0149637 A1; herein referred to as Banikazemi) in view of Cote et al. (U.S. 2019/0280942 A1; herein referred to as Cote) in further view of Van Der Merwe et al. (U.S. 2015/0365288 A1; herein referred to as Van Der Merwe) as applied to claims XX in further view of Soderlund (U.S. 2018/0234288 A1; herein referred to as Soderlund) as applied to claims 3 – 4 in further view of Ziimmermann et al. (U.S. 2016/0149790 A1; herein referred to as Zimmermann).
In regard to claim 7, the combination of Banikazemi, Cote, Van Der Merwe, and Soderlund fails to explicitly teach wherein the test-workflow specification defines a set of vendor tags for identifying one or more vendor application program interfaces (APIs), of a plurality of vendor APIs associated with different virtualized network services, for executing the one or more tests.  However Ziimmermann teaches wherein the test-workflow specification defines a set of vendor tags (see ¶ [0036] “ . . . Information in IT device requests may be collected by the Discovery and Monitoring Engine 663 and treated as the Personality Identification(s) of some or all of IT device(s) 610 in order to automatically add those IT device(s) 610 into the system 600. Alternatively, an IT device (e.g. 611 through 622) may also be added via Configuration Engine 661 by providing the IT device Personality Identification associated with an IT device (e.g. 611 through 622) manually via a Command Line interface 681; Web interface 682 or programmatically via an Application Programmable Interface (API) 685. IT devices (e.g. 611 through 622), which may be from single or multiple vendors (possibly with different protocols, user interfaces and features), added to the system 600 may be available for interaction. Access-Control-Search Engine 664 and Management Engine 662 may be configured to be responsible for enabling interaction with the IT devices 610 via Abstraction Layer 650. Abstraction Layer 650 (which may be responsible for the dictionary and translation between the engines and different protocols) may provide a foundation for the normalization of the interaction and allow extensibility via the extensible communication modules 630. . . .”) for identifying one or more vendor application program interfaces (APIs) (see Fig. 6, ¶ [0036]“ . . . Examples modules that implement protocols and services may comprise, by are not limited to: IPMI 633 for generic vendors, CIMC 634 for Cisco devices, DRAC 632 for Dell devices, ILO 631 for HP devices, IMM 636 for IBM devices, ALOM 635 for Oracle devices, Telnet/SSH 638 for generic devices, serial console port 637, VM serial 641 for VMware devices such as VM/Mouse-Keyboard-Screen (MKS) and Virtual Serial for keyboard-Video-Mouse (KVM) and SNMP 639, others 642 that may be extended, combinations thereof, and/or the like. Information exchanged with IT devices 610 and access/interaction mechanism(s) may vary according to the IT device type. Access/interaction and associated complex information, which may have for example mouse-keyboard-screen data, serial console data, event data, and environment data among others, may be presented in a normalized manner to a user (or device) via Web, Command Line and API interfaces for IT devices handled by the system in order to provide a common user experience irrespective of IT device characteristics. . .”), of a plurality of vendor APIs  (see ¶ [0034]) “. . . Some of the various embodiments relate to enabling communication with and/or between various IT devices, for example, from multiple vendors through standardized interactions. The various IT devices may comprise, but are not limited to : virtual devices operating on configured hardware computing devices and/or physical computing devices . . .”) associated with different virtualized network services (e.g. IT devices employing virtual devices)(see ¶ [0016]) “ . . . An IT device is an "Information Technology" device related to computing technology, comprising, but not limited to: data center devices, networking devices, hardware devices, software operating in combination with a hardware IT device, Internet devices, and/or the like. Some IT devices may employ virtual devices operating on specially configured hardware. Additional examples of IT devices include compute nodes, networking nodes, storage nodes, power nodes, cooling nodes, combinations thereof, and/or the like . . . “; (see Fig. 6, ¶ [0035] “. . . FIG. 6 is a block diagram showing an example architecture comprising various components employed to enable standardized interactions with heterogeneous information technology devices from various vendors according to some aspects of various embodiments of the present invention. The vendor-neutral system 600 for enabling standardized interaction with IT devices 610 of various types and from multiple vendors presented in FIG. 6 shows a set of extensible communications modules 630 that may communicate with the IT devices 610 over network 690. These IT devices 610 may comprise physical and/or virtual nodes (e.g. compute nodes, networking nodes, storage nodes, power nodes, cooling nodes, and/or the like) and they may request connection and configuration and/or be polled via network protocols once they are powered on, and/or on a periodic basis, according to their protocol specifications. . . Alternatively, an IT device (e.g. 611 through 622) may also be added via Configuration Engine 661 by providing the IT device Personality Identification associated with an IT device (e.g. 611 through 622) manually via a Command Line interface 681; Web interface 682 or programmatically via an Application Programmable Interface ( API) 685. IT devices (e.g. 611 through 622), which may be from single or multiple vendors (possibly with different protocols, user interfaces and features), added to the system 600 may be available for interaction. . . “;), for executing the one or more tests (see ¶ [0037] “ . . . With respect to the action performed by 530, for example, a pre-defined command like “power off” may be included in a script and/or program to be executed as part of a set of actions taken by the infrastructure management in response to an IT device console session state like “disconnected.” The extensible communication module(s) 630 may provide the means to communicate with the IT device in order to determine the state change and carry out the execution of the command “power off” on the IT device regardless of the IT device type enrolled in the infrastructure management. In another example, the IT device may report a firmware version state like “firmware version 1.2”, which may require a complex set of actions performed by a user defined command such as “firmware upgrade” implemented via a custom script residing on one or more of the IT device(s) in the network. The custom script may make use of the abstraction provided by the extensible communication module(s) 630 in order to carry out multiple actions like upgrading firmware on the IT device follow by a “power reboot. . . .”)/
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s invention to incorporate a system and method for the monitoring of IT devices having both virtual and physical components provided by various vendors, and each device accessed by its own API, wherein a vendor neutral system using communication modules accessible through API’s that function through an abstraction layer to translate between the communications modules of the IT devices and the user interface of the monitoring device is implemented, as taught by Zimmermann, into a system and method that utilizes a monitoring device that monitors the performance of an SDN network and diagnoses possible failures within the network based on concurrent testing of network flow, and utilizing performance monitoring data obtained over time which is used to build a prediction model to identify issues that could impact the performance and operations of the network, such that a knowledge store can be managed that has abstraction levels used to identify physical and virtual components of the network that may be failing and the failures are detected using diagnostic tests comprising instructions pertinent to the type of network service that triggered the failure as taught by the combination of Banikazemi , Cote, Van Der Merve and Suderland .  Such incorporation provides an efficient way to process the information obtained by the monitoring and diagnosis.
Conclusion
There are prior art made of record which are not relied upon but are considered pertinent to applicant’s disclosure.  They are listed on the PTO-892 accompanying this action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES N FIORILLO whose telephone number is (571)272-9909.  The examiner can normally be reached on 7:30 - 5 PM Mon - Fri..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John A. Follansbee can be reached on 571-272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAMES N FIORILLO/Examiner, Art Unit 2444