DETAILED ACTION
This Office Action has been issued in response to Applicant's Pre-Appeal Brief Conference Request filed March 29, 2022.
Claims 1-11 and 13-25 have been examined and are pending. 
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed July 28, 2021 have been fully considered but they are not persuasive.

Applicant argues the references do not disclose a global manager that manages multiple sites located at multiple different geographic locations.  Applicant’s argument is moot in view of the new grounds of rejection.

Applicant argues the references do not disclose identifying sites that have not received a group definition.  Examiner disagrees.  The combination of reference discloses this.  
Examiner disagrees.  Paragraph [0065] of Nimmagadda discloses the controller (global manager) and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (local manager) in the data plane. Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine.  Paragraph [0087] of Nimmagadda discloses a controller sends group-based logging rules to a security agent operating on a host machine and the security agent pushes the group-based logging rules to a service filter.  The service filter receives (from a security agent) the required definitions (including the service group definitions).  Accordingly, Nimmagadda discloses distributing rules and group definitions to the sites.  Figure 5B of Wainner discloses checking an indication that a particular group member is not using the current policy (535) and sending a unicast message containing the current policy to that group member (540).  Accordingly, Wainner discloses a technique to identify members that are not using current rules and sending the current policy.  In combination with Nimmagadda’s disclosure of distributing rules and group definition it would have been obvious to use a similar technique for the group definition.

Applicant argues the reference do not disclose enforcing service rules or distributing service rules.  Examiner disagrees.  Paragraph [0116] of Nimmagadda discloses the process identifies a log generation rule that is associated with the dynamic group and applies (at 540) the logging policy defined in the log generation rule to the triggered firewall rule.  Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module in the data plane. Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-10 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2018/0063195 to Nimmagadda et al. (hereinafter “Nimmagadda”) and further in view of US Pub. No. 2017/0005988 to Bansal et al. (hereinafter “Bansal”) and further in view of US Pub. No. 2011/0164752 to Wainner et al. (hereinafter “Wainner”).

As to Claim 1, Nimmagadda discloses a method of distributing a service rule that is to be enforced across a first set of sites and that is defined by reference to a group identifier that identifies a group of machines, the method comprising:
at a global manager that manages a plurality of sites including the first set of sites, [the plurality of sites located at a plurality of different geographic locations] (Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine)
distributing the service rule to local managers at each site in the first set of sites (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane. Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine);
[identifying at least one site in the first set of sites that is not in a second set of sites that has already received] a definition of the group (Paragraph [0081] of Nimmagadda discloses the firewall module then accesses the identified template dynamic group to retrieve template attributes of the packet's source or destination node.  Paragraph [0006] of Nimmagadda discloses a dynamic group is defined as a data structure (e.g., a dynamic container in a controller) that can have members dynamically added to and/or removed from the data structure.  Paragraph [0087] of Nimmagadda discloses a controller sends group-based logging rules to a security agent operating on a host machine and the security agent pushes the group-based logging rules to a service filter.  The service filter receives (from a security agent) the required definitions (including the service group definitions)); and 
distributing the group definition to the local managers at each [identified] site in the first set of sites that has not already received the definition of the group (Paragraph [0081] of Nimmagadda discloses the firewall module then accesses the identified template dynamic group to retrieve template attributes of the packet's source or destination node.  Paragraph [0006] of Nimmagadda discloses a dynamic group is defined as a data structure (e.g., a dynamic container in a controller) that can have members dynamically added to and/or removed from the data structure.  Paragraph [0087] of Nimmagadda discloses a controller sends group-based logging rules to a security agent operating on a host machine and the security agent pushes the group-based logging rules to a service filter.  The service filter receives (from a security agent) the required definitions (including the service group definitions).  Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine).
Nimmagadda does not explicitly disclose the plurality of sites located at a plurality of different geographic locations.
However, Bansal discloses this.  Paragraph [0002] of Bansal discloses Cloud service providers have multiple datacenters in the same or multiple geographical locations.  Paragraph [0003] of Bansal discloses it is desirable to provide enhanced security solutions via a distributed firewall where rules can be propagated to and enforced across all the datacenters.
It would have been obvious to one of ordinary skill in the art at the time of effective filing of the invention to combine the rule distribution method as disclosed by Nimmagadda, with distributing to multiple geographic locations as disclosed by Bansal.  One of ordinary skill in the art would have been motivated to combine to apply a known technique to a similar device.  Nimmagadda and Bansal are directed toward distributing rules/policies and as such it would be obvious to use the techniques of one in the other.
	Nimmagadda does not explicitly disclose identifying at least one site in the first set of sites that is not in a second set of sites that has already received and distributing to the identified.
	However, Wainner disclose this.  Figure 5B of Wainner discloses checking an indication that a particular group member is not using the current policy (535) and sending a unicast message containing the current policy to that group member (540).
	It would have been obvious to one of ordinary skill in the art at the time of effective filing of the invention to combine the rule distribution method as disclosed by Nimmagadda, with identifying members without the information as disclosed by Wainner.  One of ordinary skill in the art would have been motivated to combine to apply a known technique to a similar device.  Nimmagadda and Wainner are directed toward distributing rules/policies and as such it would be obvious to use the techniques of one in the other.

As to Claim 2, Nimmagadda-Wainner-Bansal discloses the method of claim 1, wherein the service rule is enforced on a set of data messages that are associated with the group of machines based on a reference to the group identifier in a particular field of the service rule (Paragraph [0027] of Nimmagadda discloses this data-plane version of the firewall rule uses the dynamic group identifiers defined in the high-level firewall rules to define the source and destination address identifiers, which are two of the qualifiers of the firewall rule).

As to Claim 3, Nimmagadda-Wainner-Bansal discloses the method of claim 2, wherein: when the particular field of the service rule is a source field for the service rule, the rule is enforced across the first set of sites on data messages that originate from the group of machines; and when the particular field of the service rule is a destination field for the service rule, the rule is enforced across the first set of sites on data messages that are directed to the group of machines (Paragraph [0027] of Nimmagadda discloses this data-plane version of the firewall rule uses the dynamic group identifiers defined in the high-level firewall rules to define the source and destination address identifiers, which are two of the qualifiers of the firewall rule).

As to Claim 4, Nimmagadda-Wainner-Bansal discloses the method of claim 2, wherein enforcing the service rule comprises performing match classification operations that compare a set of attributes of each data message with the particular field of the service rule, to determine whether the data message matches the service rule (Paragraph [0027] of Nimmagadda discloses this data-plane version of the firewall rule uses the dynamic group identifiers defined in the high-level firewall rules to define the source and destination address identifiers, which are two of the qualifiers of the firewall rule).

As to Claim 5, Nimmagadda-Wainner-Bansal discloses the method of claim 4, wherein the service rule specifies an action to perform on a data message that matches the service rule, wherein the specified action is one of (i) dropping the data message, (ii) allowing the data message, and (iii) performing a service operation on the data message (Paragraph [0030] of Nimmagadda discloses an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule).

As to Claim 6, Nimmagadda-Wainner-Bansal discloses the method of claim 5, wherein the service operation modifies a header of the data message (Paragraph [0030] of Nimmagadda discloses an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule.  Wherein redirecting a message is understood to modify the header of a message).

As to Claim 7, Nimmagadda-Wainner-Bansal discloses the method of claim 1, wherein the method is performed by a global manager that manages a logical network implemented by managed forwarding elements at a plurality of sites, said plurality of sites comprising the first set of sites and the second set of sites (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane).

As to Claim 8, Nimmagadda-Wainner-Bansal discloses the method of claim 7 further comprising, prior to distributing the service rule to each site in the first set of sites, receiving the service rule definition at the global manager (Paragraph [0013] of Nimmagadda discloses a user (e.g., a network administrator, a tenant of a datacenter, etc.) defines a network monitoring profile that provides one or more logging policies for one or more sets of DCNs (associated with one or more dynamic groups).  Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane).

As to Claim 9, Nimmagadda-Wainner-Bansal discloses the method of claim 8, wherein the service rule is enforced at the first set of sites by a set of service machines that execute on a set of host computers in the first set of sites (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane).

As to Claim 10, Nimmagadda-Wainner-Bansal discloses the method of claim 8, wherein each local manager receives definitions for a set of groups from the global manager, wherein the set of groups are defined by an administrator of the logical network at the global manager (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane.  Paragraph [0013] of Nimmagadda discloses a user (e.g., a network administrator, a tenant of a datacenter, etc.) defines a network monitoring profile that provides one or more logging policies for one or more sets of DCNs (associated with one or more dynamic groups)).

As to Claim 25, Nimmagadda-Wainner-Bansal discloses the method of claim 1, wherein: the global manager manages a logical network that spans the plurality of sites by storing a logical network configuration for the logical network (Paragraph [0063] of Nimmagadda discloses the controller 250 is part of a centralized management and control system (not shown in this figure) that includes one or more server computers (such as controller 250) that perform management and control operations for managing the network elements of a datacenter); 
at each respective site in the plurality of sites, the respective local manager receives a respective set of logical network configuration data from the global manager for managing the logical network at the respective site (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane. Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine.  Paragraph [0087] of Nimmagadda discloses a controller sends group-based logging rules to a security agent operating on a host machine and the security agent pushes the group-based logging rules to a service filter.  The service filter receives (from a security agent) the required definitions (including the service group definitions)); and 
the respective set of logical network configuration data comprises (i) the service rule and the group definition for each site in the first set of sites and (ii) the group definition for each site in the second set of sites (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane. Paragraph [0066] of Nimmagadda discloses the controller 250 distributes the generated security data and log policy data to a security agent 286 that executes on each host machine.  Paragraph [0087] of Nimmagadda discloses a controller sends group-based logging rules to a security agent operating on a host machine and the security agent pushes the group-based logging rules to a service filter.  The service filter receives (from a security agent) the required definitions (including the service group definitions)).

Claims 11, 13-19, 23 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Nimmagadda-Wainner-Bansal and further in view of US Pub. No. 2015/0237014 to Bansal-2 et al. (hereinafter “Bansal-2”).

As to Claim 11, Nimmagadda-Wainner-Bansal discloses the method of claim 1.  Nimmagadda-Wainner-Bansal does not explicitly disclose wherein prior to distributing the service rule to local managers at each site in the first set of sites, the service rule is defined in a first network domain, wherein the first network domain comprises a first domain span attribute that defines the first set of sites as a span of the first network domain.
However, Bansal-2 discloses this.  Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment.
It would have been obvious to one of ordinary skill in the art at the time of effective filing of the invention to combine the rule distribution method as disclosed by Nimmagadda, with identifying members to enforce the rules to as disclosed by Bansal-2.  One of ordinary skill in the art would have been motivated to combine to apply a known technique to a similar device.  Nimmagadda and Bansal-2 are directed toward distributing rules/policies and as such it would be obvious to use the techniques of one in the other.

As to Claim 13, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 11, wherein: the service rule is automatically assigned a rule span attribute that defines the first set of sites as a span of the service rule based on the rule being defined in the first network domain (Paragraph [0053] of Bansal-2 discloses the controller of some embodiments allows the AppliedTo firewall rules (1) to be specified (e.g., by a network administrator or by an automated firewall configurator). Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment); 
prior to distributing the service rule to each site in the first set of sites, the group is defined in a second network domain (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment); and 
the second network domain comprises a second domain span attribute that defines the second set of sites as a span of the second network domain (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment).

As to Claim 14, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 13, wherein the domain span attributes are defined by an administrator of a logical network at the global manager, the global manager manages the logical network at the plurality of sites, said plurality of sites comprises at least the first set of sites and the second set of sites (Paragraph [0053] of Bansal-2 discloses the controller of some embodiments allows the AppliedTo firewall rules (1) to be specified (e.g., by a network administrator or by an automated firewall configurator).  Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment).

As to Claim 15, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 14, wherein (i) each domain spans at least one site, (ii) any domain with a span of two or more sites is a multi-site domain, and (iii) no site is part of the span of more than one multi-site domain (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment).

As to Claim 16, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 14, wherein the group is assigned a group span attribute that defines the second set of sites as a span of the group based on the group being defined in the second network domain (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment).

As to Claim 17, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 16, wherein, each site comprises a plurality of host computers physically located at the site the group comprises machines executing on host computers that are physically located at one or more of the second set of sites (Paragraph [0032] of Bansal-2 discloses in other embodiments, all of the identifier values are defined in the physical domains).

As to Claim 18, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 16, wherein identifying the at least one site in the first set of sites comprises (i) comparing the rule span attribute to the group span attribute, (ii) determining based on the comparison that the span of the group does not include the span of the rule, and (iii) based on the determination, identifying the at least one site in the first set of sites as missing from the span of the group (Paragraph [0008] of Bansal-2 discloses when a dynamic container that is used to define the AppliedTo tuple(s) of one or more firewall rules is modified, the method of some embodiments does not resend the firewall rule to the affected network nodes, but instead only sends the updated membership change to the group that is defined by the dynamic container).

As to Claim 19, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the method of claim 16, wherein distributing the group definition to each identified site in the first set of sites comprises extending the span of the group to include the span of the service rule (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment).

As to Claim 23, Nimmagadda-Wainner-Bansal discloses the non-transitory machine-readable medium of claim 20.  Nimmagadda-Wainner-Bansal does not explicitly disclose wherein prior to distributing the service rule to each site in the first set of sites, the service rule is defined in a first network domain, wherein the first network domain comprises a first domain span attribute that defines the first set of sites as a span of the first network domain.
However, Bansal-2 discloses this.  Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment.
	Examiner recites the same rationale to combine used for claim 11.

As to Claim 24, Nimmagadda-Wainner-Bansal-Bansal-2 discloses the non-transitory machine-readable medium of claim 23, wherein: the service rule is automatically assigned a rule span attribute that defines the first set of sites as a span of the service rule based on the rule being defined in the first network domain (Paragraph [0053] of Bansal-2 discloses the controller of some embodiments allows the AppliedTo firewall rules (1) to be specified (e.g., by a network administrator or by an automated firewall configurator). Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment); 
prior to distributing the service rule to each site in the first set of sites, the group is defined in a second network domain (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment); and 
the second network domain comprises a second domain span attribute that defines the second set of sites as a span of the second network domain (Paragraph [0014] of Bansal-2 discloses the applicability of AppliedTo firewall rules to higher level constructs and dynamic constructs allows firewall rules to be easily specified for higher level constructs and to dynamically change the group of elements to which the rules are applicable by changing the membership to the dynamic constructs. As such, AppliedTo firewall rules can be used to easily create firewall rules for a single tenant or a single logical network for a tenant in a multi-tenant environment).

Claims 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Nimmagadda and further in view of Wainner.

As to Claim 20, Nimmagadda discloses a non-transitory machine-readable medium storing a program which when executed by at least one processing unit distributes a service rule that is to be enforced across a first set of sites and that is defined by reference to a group identifier that identifies a group of machines, the program comprising sets of instructions for: 
distributing the service rule to each site in the first set of sites (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane);
[identifying at least one site in the first set of sites that is not in a second set of sites that has already received] a definition of the group (Paragraph [0081] of Nimmagadda discloses the firewall module then accesses the identified template dynamic group to retrieve template attributes of the packet's source or destination node.  Paragraph [0006] of Nimmagadda discloses a dynamic group is defined as a data structure (e.g., a dynamic container in a controller) that can have members dynamically added to and/or removed from the data structure); and 
distributing the group definition to each [identified] site in the first set of sites that has not already received the definition of the group (Paragraph [0081] of Nimmagadda discloses the firewall module then accesses the identified template dynamic group to retrieve template attributes of the packet's source or destination node.  Paragraph [0006] of Nimmagadda discloses a dynamic group is defined as a data structure (e.g., a dynamic container in a controller) that can have members dynamically added to and/or removed from the data structure).
Nimmagadda does not explicitly disclose identifying at least one site in the first set of sites that is not in a second set of sites that has already received and distributing to the identified.
	However, Wainner disclose this.  Figure 5B of Wainner discloses checking an indication that a particular group member is not using the current policy (535) and sending a unicast message containing the current policy to that group member (540).
	Examiner recites the same rationale to combine used for claim 1.

As to Claim 21, Nimmagadda-Wainner-Bansal discloses the non-transitory machine-readable medium of claim 20, wherein: the service rule is enforced on a set of data messages that are associated with the group of machines based on a reference to the group identifier in a particular field of the service rule (Paragraph [0027] of Nimmagadda discloses this data-plane version of the firewall rule uses the dynamic group identifiers defined in the high-level firewall rules to define the source and destination address identifiers, which are two of the qualifiers of the firewall rule); 
enforcing the service rule comprises performing match classification operations that compare a set of attributes of each data message with the particular field of the service rule to determine whether the data message matches the service rule (Paragraph [0027] of Nimmagadda discloses this data-plane version of the firewall rule uses the dynamic group identifiers defined in the high-level firewall rules to define the source and destination address identifiers, which are two of the qualifiers of the firewall rule); and 
the service rule specifies an action to perform on a data message that matches the service rule (Paragraph [0030] of Nimmagadda discloses an action (e.g., drop, allow, redirect, etc.) that should be taken if the network traffic (e.g., a data packet) matches the rule).

As to Claim 22, Nimmagadda-Wainner-Bansal discloses the non-transitory machine-readable medium of claim 20, wherein: the method is performed by a global manager that manages a logical network implemented by managed forwarding elements at a plurality of sites that includes the first set of sites and the second set of sites (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane); the program further comprises a set of instructions for, prior to distributing the service rule to each site in the first set of sites, receiving the service rule definition at the global manager (Paragraph [0013] of Nimmagadda discloses a user (e.g., a network administrator, a tenant of a datacenter, etc.) defines a network monitoring profile that provides one or more logging policies for one or more sets of DCNs (associated with one or more dynamic groups).  Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane); the set of instructions for distributing the service rule to each site in the first set of sites comprises a set of instructions for distributing the service rule from the global manager to a local manager that manages the logical network at each site (Paragraph [0065] of Nimmagadda discloses the controller and the hosts distributes the service rules and/or logging rules that are defined by reference to dynamic groups to a security module (such as the security module 282) in the data plane).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN S MAI whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 5712703037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KEVIN S MAI/Primary Examiner, Art Unit 2448