DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to application 17/120,819 that the Applicant filed on December 14, 2020 and presented 22 claims.  Original claims 1-22 remain pending in the application. 
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description:  
60 in Fig. 6; and 
713 in Fig. 7.
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered footnote – a first phrase to be moved upwards to the primary reference analysis.
Lettered footnote – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A.	Claims 1-18 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Kuznetsov et al. (US 2016/0254982, “Kuznetsov”) in view of Khalil et al. (US 2008/0244525, “Khalil”), and further in view of Dagan (US 2017/0034001, “Dagan”) and Bacher et al. (US 2018/0137273, “Bacher”).
Regarding Claim 1
Kuznetsov discloses
A system (abstract, Fig. 1) comprising: 
a …1 network (Fig. 1, ¶ [0011], “network 150”) comprising: 
a {protected} network server (Fig. 1, ¶ [0014], “Node 120 may be any type of computing system including, but not limited to, server computers,”) having a physical microprocessor (¶ [0012], “A computer system [such as the network server] herein may refer to a system comprising one or more [physical] processors, …”); and 
2 …; 
a test network (Fig. 1, ¶ [0011], “Network architecture 100 [as a test network] may include a testing server 110 communicably coupled to a node 120”) in network communication with the {protected} network (Fig. 1, ¶ [0011], , i.e., the “testing server 110” via “network 150” establishes a network communication with “node 120” which is further taught by Khalil Fig. 1, ¶¶ [0023]-[0025]), 
the test network (Fig. 1, ¶ [0011]) comprising: 
a test network server (Fig. 1, ¶ [0011], “Network architecture 100 may include a testing [network] server 110 communicably coupled to a node 120”) having a physical microprocessor (¶ [0012], “Testing server 110 may be any type of computer system…;” and “A computer system [such as the test network server] herein may refer to a system comprising one or more [physical] processors, …”); and 
a test network computer (Fig. 2, ¶ [0019], “Similarly, in one implementation, host machine 210 [as a test network computer] may be the same as node 120 described with respect to FIG. 1;” and Fig. 2, ¶ [0025], “The resource deployment module 232 may then access the save resource packages 250 for a tested product and utilize these packages to deploy VMs 221-222 a-b, 223 a-d representing each resource of the tested product in a virtual test system 220 running on a single host machine 210 [as the test network computer].”) having a physical microprocessor (¶ [0025], “Host machine 210 may include a [physical] hardware platform 202 with components such as a CPU [as a physical microprocessor] (also referred to as a processor or a processing device),”), the test network computer (Figs. 1 & 2, i.e., either “node 120” or “host machine 210”) in network communication with the test network server (Fig. 1, ¶ [0011], “Network architecture 100 may include a testing server 110 [as the test network server] communicably coupled [via a network communication] to a node 120 [as the test network computer] either directly and/or via a network 150.”), wherein: 
the test network computer (Fig. 2, ¶ [0019]) runs a first virtual machine…3 (Fig. 2, ¶ [0025], “The resource deployment module 232 may then access the save resource packages 250 for a tested product and utilize these packages to deploy VMs 221-222 a-b, 223 a-d representing each resource of the tested product in a virtual test system 220 running on a single host machine 210,” i.e., the “host machine 210”/test network computer runs the “hypervisor VMs 223a-d”/first virtual machine), 
the first virtual machine runs a second virtual machine (Fig. 2, ¶ [0029], “As such the hypervisor VMs 223 a-d [as the first virtual machine] are each shown as executing [and thereby running] one or more virtual VMs 225 a-d [as a second virtual machine] inside each hypervisor VM 223 a-d. In this example, the hypervisor VMs 223 a-d are configured to enable nested virtualization.”) that emulates a first {protected} network computer (¶¶ [0026]-[0027], “In one implementation, hypervisor 206 may emulate the underlying hardware platform 202 of the host machine 210 for the VMs,…;” “VMs 221, 222 a-b, 223 a-d can be, for example, hardware emulation;” and Khalil Fig. 1, ¶¶ [0023]-[0025], i.e., the “underlying hardware platform 202” that is emulated are the “client devices” of Khalil), 
the test network server (Fig. 1, ¶ [0011], i.e., “testing server 110”) …4 that is in virtual network communication with the first and second virtual machines (Fig. 2, ¶ [0028], “In addition, the VMs 221-222 a-b [as the virtual server as disclosed by Dagan Fig. 2, ¶ [0014]], 223 a-d are provisioned by resource deployment module 232 to be able to network with one another via a [virtual] network [communication] bridge.”), and 
when the {predetermined test event (Khalil Fig. 6, ¶ [0043])} occurs: 
5 ….  
Kuznetsov doesn’t disclose
	1 … protected {network}…
	2 a plurality of protected network computers in network communication with the protected network server, each protected network computer having a physical microprocessor;
	3 …that monitors the test network computer and/or the first virtual machine for a predetermined test event,
	4 … runs a virtual server…
	5 the first and second virtual machines are automatically disconnected from the virtual server, the test network server, and the36Patent ApplicationAttorney Docket No. VSIO.USPAT.0100 protected network to isolate the first and second virtual machines in a secure test bubble.
Khalil, however, discloses
	2 a plurality of {protected} network computers (Fig. 1, ¶¶ [0023]-[0025], “Client computers 102, 104, 106 are shown [as a plurality of network computers]…”) in network communication (Fig. 1, ¶ [0023], “local area network” that establishes a communication channel with the “client computers”/network computers) with the {protected} network server (¶ [0023], “Although not shown here for the sake of clarity, the local area network 100 could also include a plurality of [network] servers,” such as the network server suggested by “node 120” of Kuznetsov), each protected network computer having a physical microprocessor (Fig. 10, ¶ [0060], “Components of computer 1002 may include, but are not limited to, a processing unit 1004 [as a physical microprocessor],”);
	3 …that monitors the test network computer and/or the first virtual machine for a predetermined test event (Fig. 6, ¶ [0043], “A differential disk is selected from the virtual differential disks archive 550 and attached [as a predetermined test event] at block 615;” “A test startup command is invoked at block 620, which begins the execution of the test on virtual machine 625 [which monitors the test network for the attached differential disk, the “virtual machine 625” corresponding to one of the “hypervisor VMs 223a-d” as disclosed by Kuznetsov];” and ¶ [0037], “Differential disk images may be copied to the virtual machine executing a test or investigation, they may be ‘attached’ [representing a predetermined test event] via a network drive, or they may be stored on a removable drive, a portable hard drive, a flash drive, or the like.”),
Dagan, however, discloses
	4 {the test network server (Kuznetsov Fig. 1, ¶ [0013])} runs a virtual server… (Fig. 2, ¶ [0014], “For example, a plurality of virtual servers may reside on a physical server,” i.e., the “management engine VM 221” and “storage VM 222a-b” as disclosed by Kuznetsov suggest a “virtual server” that is run by “system testing framework utility 115” hosted by the “testing server 110”/test network server, see Kuznetsov Figs. 1 & 2, ¶ [0013], “The system testing framework utility 115 creates a virtual testing system for the product under test that includes VMs and a virtual network all running on a single host.”)
	5 {the first and second virtual machines (Kuznetsov Fig. 2, i.e., “hypervisor VM 223a-d” and “virtual VMs 225a-d)”} are automatically disconnected from the virtual server (Fig. 2, ¶ [0014]), {the test network server (Kuznetsov Figs. 1 & 2, ¶ [0013])}, and the36Patent ApplicationAttorney Docket No. VSIO.USPAT.0100 {protected network (Bacher ¶ [0016])} to isolate the first and second virtual machines in a secure test bubble (¶ [0012], “Topology portions associated with network device operation irregularities can be grouped together using a snapshot module to form a snapshot of a problem topology. The problem isolation described herein is directed primarily at reactive problem management, but may also be included in proactive problem management solutions,” e.g., “hypervisor VM 223a”/first VM and “virtual VMs 225a”/second VM are “grouped together” based upon their “topology,” and although testing is not an “irregularity,” the grouping can be “proactive,” thus, a “proactive” measure is too “isolate” “hypervisor VM 223a”/first VM and “virtual VMs 225a”/second VM during testing, which involves automatically, i.e., without intervention of an administrator, disconnecting the virtual server, the test network server, and the36Patent ApplicationAttorney Docket No. VSIO.USPAT.0100 protected network from the first and second virtual machines; see also Bacher ¶ [0023], “In one aspect, the computing environment is a secure or trustable [or isolated] environment that allows execution of the virtual machines while protecting content of the virtual machines from the hypervisor [or other system elements].”).
Bacher, however, discloses
	1 … protected {network}… (¶ [0016], “In accordance with one or more aspects, a secure debug facility is provided that enables debugging operations to be performed on a secure [and thereby protected] guest (also referred to as a guest virtual machine, a virtual machine or a virtual server) even when the guest is in production mode;” and Fig. 5, ¶ [0033], “a client (e.g., client 220) initiates debugging of a virtual machine (e.g., virtual machine 204) by initiating an encrypted communication” i.e., Bacher suggests a protected network through various strategies, which is a de minimis requirement for any contemporary network given the attendant security concerns)
	Regarding the combination of Kuznetsov and Khalil, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov to have included external storage feature and associated system or method of Khalil. One of ordinary skill in the art would have been motivated to incorporate the external storage feature of Khalil because Khalil teaches that “[b]y using a differential disk image, tests may be partially executed on one virtual machine while the virtual machine is available, and then continued on a different virtual machine when the first is no longer available.”  See Khalil ¶ [0020].
	Regarding the combination of Kuznetsov-Khalil and Dagan, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov-Khalil to have included the test-isolation feature of Dagan. One of ordinary skill in the art would have been motivated to incorporate the test-isolation feature of Dagan because Dagan teaches “Virtualization gives developers a way to create test configurations, and then destroy them and start over, without the procurement time and expense of building a dedicated test system, and without disrupting primary operating systems.”  See Dagan ¶ [0014].
	Regarding the combination of Kuznetsov-Khalil-Dagan and Bacher, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov-Khalil-Dagan to have included trusted environment feature. One of ordinary skill in the art would have been motivated to incorporate the trusted environment feature of Bacher because Bacher teaches creating a trusted environment can be “used, for instance, to provide privacy in public compute environments, such as cloud computing environments, as well as other shared environments.”  See Bacher ¶ [0023]. 
Regarding Claim 2
Kuznetsov in view of Khalil, and further in view of Dagan and Bacher (“Kuznetsov-Khalil-Dagan-Bacher”) discloses the system of claim 1, and Khalil further discloses
wherein the predetermined test event comprises a connection of an external memory device to the test network computer (Fig. 6, ¶ [0043], “A differential disk is selected from the virtual differential disks archive 550 and attached [as a predetermined test event] at block 615;”  and ¶ [0037], “Differential disk images may be copied to the virtual machine executing a test or investigation, they may be ‘attached’ [to the test network computer] via a network drive, or they may be stored on a removable drive, a portable hard drive, a flash drive, or the like [as an external memory device].”).  
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 2. 
Regarding Claim 3
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 2, and Khalil further discloses 
wherein the external memory device comprises a USB flash drive (¶ [0037], “Differential disk images may be copied to the virtual machine executing a test or investigation, they may be ‘attached’ via a network drive, or they may be stored on a removable drive, a portable hard drive, a [USB] flash drive, or the like.”).  
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 3.
Regarding Claim 4
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 2, and Khalil further discloses 
wherein the external memory device (¶ [0037]) includes one or more files stored thereon (¶ [0020], “A differential disk image is one or more files”), 
the one or more files corresponding to changes to the first protected network computer (¶ [0020], “A differential disk image is one or more files or other storage means that contain the changes made to a disk between two points in time. For example, if a first snapshot is made of a first system [comprising the first protected network computer], with a disk containing nothing but a base image comprising an operating system [of the first protected network computer] and a word processing application, and a second snapshot is made of the first system three days later, the second snapshot may contain additions or changes in applications or data that were made to the disk, including any documents that were created using the word processing software.”).
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 4.
Regarding Claim 5
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 1, and Khalil further discloses 
wherein the predetermined test event comprises a user input on the test network computer and/or on the first virtual machine (¶ [0043], “A test startup command [as user input on the test network computer] is invoked at block 620, which begins the execution of the test on virtual machine 625. This startup command may include the executable test file, along with parameters and other information passed to the test at execution time, and the like.”).  
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 5.

Regarding Claim 6
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 1, and Kuznetsov further discloses 
wherein the first virtual machine is configured to automatically restart (¶ [0034], “This is because the execute test environment [with the “virtual VM 225a”/second virtual machine] can be torn down and destroyed after each test iteration, and the virtual test system 220 [and thereby at least “hypervisor VM 223a” and “virtual VM 225a”] reverted to its original state [and thereby restarted via the clean slate snapshot images.”) in response to a signal that indicates that a user has completed a secure service on the second virtual machine (Fig. 3, ¶¶ [0037]-[0038], “Method 300 begins at block 310 where representations of resources of a product to be tested [as a secure service] are built,” and “Lastly, at block 370, the virtual resources are reverted to the ‘clean’ state by using the data of the saved ‘clean’ state of the system. This ‘clean’ state of the system can then be used to run additional iterations [after a first completed secure service] of testing on the installed product using the virtual resources;” see also Khalil Fig. 6, ¶ [0044], “At the end of the test run, or when the available time has run out for the machine, an end run signal is sent to the virtual machine by the execution controller at block 640,” i.e., the “end run signal” serves as a signal that indicates a user has completed a secure service, where the user is the entity who attached the external device to receive the secure service), 
thereby deleting both the first and second virtual machines (¶ [0034], “This is because the execute test environment [comprising the “hypervisor VM 223a” and “virtual VM 225a”] can be torn down and destroyed [and thereby deleted] after each test iteration,…”).  
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 6.
Regarding Claim 7
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 1, and Kuznetsov further discloses
1 …that are readable by the first virtual machine to run the second virtual machine (Fig. 3, ¶ [0038], “Subsequently, at block 330, virtual resources [comprising second virtual machine files] are initialized [and thereby are readable] from the built representations. The virtual resources are initialized to represent the tested resources [or the protected network computers] of the product in a virtual testing environment [comprising the “hypervisor VM 223a”/first virtual machine that runs the “virtual VM 225a”/second virtual machine] and all of the virtual resources are initialized on a single machine (e.g., the host machine).”).  
Khalil further discloses
	1 wherein the {virtual server (Dagan Fig. 2, ¶ [0014])} is configured to convert each protected network computer into second virtual machine files…(¶ [0020], “For example, if a first snapshot is made of a first system [that converts a protected network computer into a second virtual machine file], with a disk containing nothing but a base image comprising an operating system [of each protected network computer comprising the “client computers 102, 104, and 106” that experience conversion via the captured snapshot] and a word processing application,…”) 
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 7.
Regarding Claim 8
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 7, and Khalil further discloses 
wherein the virtual server is configured to monitor for changes to each protected network computer (¶ [0020], “A differential disk image is one or more files [of each protected network computer] or other storage means that contain the changes made to a disk between two points in time. For example, if a first snapshot is made of a first system [for a protected network computer], with a disk containing nothing but a base image comprising an operating system and a word processing application, and a second snapshot is made of the first system three days later, the second snapshot may contain additions or changes in applications or data that were made to the disk, including any documents that were created using the word processing software.”) and to update the second virtual machine files accordingly (¶ [0020], “The differences between the two snapshots [comprise an update and] may be stored in a differential disk image [comprising second virtual machine files].”).  
Regarding Claim 9
Kuznetsov-Khalil-Dagan-Bacher discloses the system of claim 7, and Kuznetsov further discloses
wherein the second virtual machine is configured to have access to a local copy of a network-accessible shared folder (¶¶ [0030]-[0031], “The resource deployment module 232 may create template and snapshots for each VM 221, 222 a-b, 223 a-d [as the second virtual machine] of the tested product. These templates and snapshots may be stored [as a local copy of a network-accessible shared folder] in VM snapshots and templates 251 of data store 106.”), 
the local copy comprising one or more files that correspond to downloadable files for the first protected network computer (¶¶ [0030]-[0031], “The resource deployment module 232 may create template and snapshots for each VM 221, 222 a-b, 223 a-d of the tested product [comprising at least one file that is a downloadable file to the virtual test system comprising at least the the “hypervisor VM 223a” and the “virtual VM 225a”].”).  
Regarding Independent Claim 10
Kuznetsov discloses
A method (abstract) comprising: 
establishing a first network connection (Fig. 1, ¶ [0011], , i.e., the “testing server 110” via “network 150” establishes a first network communication with “node 120” which is further taught by Khalil Fig. 1, ¶¶ [0023]-[0025]) between a test network server (Fig. 1, ¶ [0011], “Network architecture 100 may include a testing [network] server 110 communicably coupled to a node 120”) and a …1 network (Fig. 1, ¶ [0011], “network 150”), 
the {protected} network (Fig. 1, ¶ [0011]) including a protected network server (Fig. 1, ¶ [0014], “Node 120 may be any type of computing system including, but not limited to, server computers,”) and…2, 
3 …; 
establishing a second network connection between the test network server (Fig. 1, ¶ [0011], i.e., “testing server 110”) and a plurality of test network computers (Fig. 2, ¶ [0019], “Similarly, in one implementation, host machine 210 [as a test network computer] may be the same as node 120 described with respect to FIG. 1;” and Fig. 2, ¶ [0025], “The resource deployment module 232 [of the “system testing framework utilty 115” within the “testing server 110”/test network server] may then access the save resource packages 250 for a tested product and utilize these packages to deploy [via a second network connection] VMs 221-222 a-b, 223 a-d representing each resource of the tested product in a virtual test system 220 running on a single host machine 210 [as the test network computer];” and ¶ [0035], “However, the test deployment module 234 can reduce overall time of running all tests by cloning the deployed testing environment into other identical environments (either on the same host machine 210 or on another connected host machines [as a plurality of test network computers]).”); 
running a first virtual machine on a first test network computer (Fig. 2, ¶ [0025],  “The resource deployment module 232 may then access the save resource packages 250 for a tested product and utilize these packages to deploy VMs 221-222 a-b, 223 a-d representing each resource of the tested product in a virtual test system 220 running on a single host machine 210,” i.e., the “host machine 210”/test network computer runs the “hypervisor VMs 223a-d”/first virtual machine); 
4 …, 
5 …, 
the second virtual machine files readable by the first virtual machine (Fig. 3, ¶ [0038], “Subsequently, at block 330, virtual resources [comprising second virtual machine files] are initialized [and thereby are readable] from the built representations. The virtual resources are initialized to represent the tested resources [or the protected network computers] of the product in a virtual testing environment [comprising the “hypervisor VM 223a”/first virtual machine that runs the “virtual VM 225a”/second virtual machine] and all of the virtual resources are initialized on a single machine (e.g., the host machine).”); 
running a second virtual machine on the first virtual machine (Fig. 2, ¶ [0029], “As such the hypervisor VMs 223 a-d [as the first virtual machine] are each shown as executing [and thereby running] one or more virtual VMs 225 a-d [as a second virtual machine] inside each hypervisor VM 223 a-d. In this example, the hypervisor VMs 223 a-d are configured to enable nested virtualization.”) using the second virtual machine files for a specific protected network computer (¶¶ [0026]-[0027], “In one implementation, hypervisor 206 may emulate the underlying hardware platform 202 [as a specific protected network computer/”client device” of Khalil] of the host machine 210 for the VMs,…;” “VMs 221, 222 a-b, 223 a-d can be, for example, hardware emulation;” and Khalil Fig. 1, ¶¶ [0023]-[0025], i.e., the “underlying hardware platform 202” that is emulated are the “client devices” of Khalil); 
establishing a virtual network connection between (a) the first virtual machine and the second virtual machine and (b) and the virtual server (Fig. 2, ¶ [0028], “In addition, the VMs 221-222 a-b [as the virtual server as disclosed by Dagan Fig. 2, ¶ [0014]], 223 a-d [as the first virtual machine that possesses the virtual VM 225a-d to facilitate an additional network connection] are provisioned by resource deployment module 232 to be able to network with one another via a [virtual] network [communication] bridge.”); 38Patent ApplicationAttorney Docket No. VSIO.USPAT.0100 
6 ; and 
when the {predetermined test event (Khalil Fig. 6, ¶ [0043])} occurs: 
7 …,and 
performing a secure service with the second virtual machine while the first and second virtual machines are in the secure test bubble (Fig. 3, ¶¶ [0037]-[0038], “Method 300 begins at block 310 where representations of resources of a product to be tested [as a secure service] are built,” and “Lastly, at block 370, the virtual resources are reverted to the ‘clean’ state by using the data of the saved ‘clean’ state of the system. This ‘clean’ state of the system can then be used to run additional iterations [after a first completed secure service] of testing on the installed product using the virtual resources;” see also Khalil Fig. 6, ¶ [0044], “At the end of the test run, or when the available time has run out for the machine, an end run signal is sent to the virtual machine by the execution controller at block 640,” i.e., the “end run signal” serves as a signal that indicates a user has completed a secure service, where the user is the entity who attached the external device to receive the secure service).  
Kuznetsov doesn’t disclose
	1 … protected {network}…
	2 …a plurality of protected network computers,…
	3 the protected network server and the protected network computers in network communication with each other;
	4 running a virtual server on the test network server,
5 the virtual server configured to convert each protected network computer into second virtual machine files,
6 monitoring, with the first virtual machine, the test network computer and/or the first virtual machine for a predetermined test event;
7 automatically disabling the virtual network connection to isolate the first and second virtual machines from the virtual server, the test network server, and the protected network in a secure test bubble,
Khalil, however, discloses
2 …a plurality of {protected} network computers,… (Fig. 1, ¶¶ [0023]-[0025], “Client computers 102, 104, 106 are shown [as a plurality of network computers]…”)
	3 the {protected} network server (¶ [0023], “Although not shown here for the sake of clarity, the local area network 100 could also include a plurality of [network] servers,” such as the network server suggested by “node 120” of Kuznetsov) and the protected network computers in network communication with each other (Fig. 1, ¶ [0023], “local area network” that establishes a communication channel with the “client computers”/network computers);
5 the {virtual server (Dagan Fig. 2, ¶ [0014])} configured to convert each protected network computer into second virtual machine files (¶ [0020], “For example, if a first snapshot is made of a first system [that converts a protected network computer into a second virtual machine file], with a disk containing nothing but a base image comprising an operating system [of each protected network computer comprising the “client computers 102, 104, and 106” that experience conversion via the captured snapshot] and a word processing application,…”)
6 monitoring, with the first virtual machine, the test network computer and/or the first virtual machine for a predetermined test event (Fig. 6, ¶ [0043], “A differential disk is selected from the virtual differential disks archive 550 and attached [as a predetermined test event] at block 615;” “A test startup command is invoked at block 620, which begins the execution of the test on virtual machine 625 [which monitors the test network for the attached differential disk, the “virtual machine 625” corresponding to one of the “hypervisor VMs 223a-d” as disclosed by Kuznetsov];” and ¶ [0037], “Differential disk images may be copied to the virtual machine executing a test or investigation, they may be ‘attached’ [representing a predetermined test event] via a network drive, or they may be stored on a removable drive, a portable hard drive, a flash drive, or the like.”);
Dagan, however, discloses
	4 running a virtual server (Fig. 2, ¶ [0014], “For example, a plurality of virtual servers may reside on a physical server,” i.e., the “management engine VM 221” and “storage VM 222a-b” as disclosed by Kuznetsov suggest a “virtual server” that is run by “system testing framework utility 115” hosted by the “testing server 110”/test network server, see Kuznetsov Figs. 1 & 2, ¶ [0013], “The system testing framework utility 115 creates a virtual testing system for the product under test that includes VMs and a virtual network all running on a single host.”) on the {test network server (Kuznetsov Fig. 1, ¶ [0013])},
7 automatically disabling the virtual network connection to isolate the first and second virtual machines from the virtual server, the test network server, and the protected network in a secure test bubble (¶ [0012], “Topology portions associated with network device operation irregularities can be grouped together using a snapshot module to form a snapshot of a problem topology. The problem isolation [to form a secure test bubble] described herein is directed primarily at reactive problem management, but may also be included in proactive problem management solutions,” e.g., “hypervisor VM 223a”/first VM and “virtual VMs 225a”/second VM are “grouped together” to form a secure test buble based upon their “topology,” and although testing is not an “irregularity,” the grouping can be “proactive,” thus, a “proactive” measure is too “isolate” “hypervisor VM 223a”/first VM and “virtual VMs 225a”/second VM during testing, which involves automatically, i.e., without intervention of an administrator, disabling the virtual network connection to isolate the first and second virtual machines from the virtual server the test network server, and the protected network in a secure test bubble; see also Bacher ¶ [0023], “In one aspect, the computing environment is a secure or trustable [or isolated] environment that allows execution of the virtual machines while protecting content of the virtual machines from the hypervisor [or other system elements].”),
Bacher, however, discloses
1 … protected {network}… (¶ [0016], “In accordance with one or more aspects, a secure debug facility is provided that enables debugging operations to be performed on a secure [and thereby protected] guest (also referred to as a guest virtual machine, a virtual machine or a virtual server) even when the guest is in production mode;” and Fig. 5, ¶ [0033], “a client (e.g., client 220) initiates debugging of a virtual machine (e.g., virtual machine 204) by initiating an encrypted communication” i.e., Bacher suggests a protected network through various strategies, which is a de minimis requirement for any contemporary network given the attendant security concerns)
	Regarding the combination of Kuznetsov and Khalil, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov to have included external storage feature and associated system or method of Khalil. One of ordinary skill in the art would have been motivated to incorporate the external storage feature of Khalil because Khalil teaches that “[b]y using a differential disk image, tests may be partially executed on one virtual machine while the virtual machine is available, and then continued on a different virtual machine when the first is no longer available.”  See Khalil ¶ [0020].
	Regarding the combination of Kuznetsov-Khalil and Dagan, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov-Khalil to have included the test-isolation feature of Dagan. One of ordinary skill in the art would have been motivated to incorporate the test-isolation feature of Dagan because Dagan teaches “Virtualization gives developers a way to create test configurations, and then destroy them and start over, without the procurement time and expense of building a dedicated test system, and without disrupting primary operating systems.”  See Dagan ¶ [0014].
	Regarding the combination of Kuznetsov-Khalil-Dagan and Bacher, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov-Khalil-Dagan to have included trusted environment feature. One of ordinary skill in the art would have been motivated to incorporate the trusted environment feature of Bacher because Bacher teaches creating a trusted environment can be “used, for instance, to provide privacy in public compute environments, such as cloud computing environments, as well as other shared environments.”  See Bacher ¶ [0023]. 
Regarding Dependent Claims 11-17
With respect to dependent claims 11-17, a corresponding reasoning as given earlier for dependent claims 2-6 and 8-9 applies, mutatis mutandis, to the subject matter of claims 11-17. Therefore, claims 11-17 are rejected, for similar reasons, under the grounds set forth for claims 2-6 and 8-9. 	
Regarding Claim 18
Kuznetsov-Khalil-Dagan-Bacher discloses the method of claim 10, and Kuznetsov further discloses 
further comprising: using the first virtual machine…1 (Fig. 2, ¶ [0025]); and 
when the first virtual machine…2 (Fig. 2, ¶ [0025]), the method further includes: 
saving files corresponding to the software changes to a shared folder on the test network server (¶ [0031], “In one implementation, the resource deployment module 232 creates a local repository for the data (e.g., built packages, VM snapshots & templates, test configurations 252 and data 253, etc.) used in the testing phase [that can incorporate software changes] of the product [contained within a shared folder]. The local repository [for saving files] may be part of host machine 210, or may be configured network access [to the test network server] by host machine 210.”); 
synchronizing the shared folder on the test network server with a shared folder on the protected network server to copy the files from the test network server to the protected network server (¶ [0032], “The test deployment module 234 may then be invoked to install the tested product [within the shared folder] from the locally-served repository [on the test network server]. The tested product may be installed [to the protected network server/”node 120” and the associated VMs 223/225] using the source code and revisions of the tested product [that are synchronized with the original version], as well as the packages built from the source code.”); and 
copying the files from the shared folder on the protected network server to the {first protected network computer} (¶ [0032], “The test deployment module 234 [within the protected network server] may then be invoked to install the tested product [on the protected network computer/”client device 102 as disclosed by Khalil] from the locally-served repository.”).  
Khalil further discloses
	1 … to determine whether a software change (¶ [0020], “A differential disk image is one or more files or other storage means that contain the changes made to a disk between two points in time.”) is safe to install on the first protected network computer (Fig. 5, ¶ [0039], “When the execution is complete, the execution controller notifies the requester, such as a test developer, that the request has been fulfilled, and provides information about the run, such as test pass [and the software change is safe to install on the “client device 102”/protected network computer], test failure, investigation complete, or the like.”);
	2 … determines that the software change is safe to install (Fig. 5, ¶ [0039]),…
	Regarding the combination of Kuznetsov and Khalil, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov to have included installation feature of Khalil. One of ordinary skill in the art would have been motivated to incorporate the testing feature of Khalil because Khalil teaches “[t]he use of virtual machines provides a number of advantages in the process of testing software, including … and allowing more flexibility in investigating test failures,” see Khalil ¶ [0020], such as those related to the installation of software, thereby improving the efficiency of changing software. 
Regarding Claim 21
Kuznetsov-Khalil-Dagan-Bacher discloses the method of claim 10, and Kuznetsov further discloses 
wherein the secure service comprises downloading a file from the second virtual machine to an external memory device (¶ [0016], “Data store 106 may include one or more mass storage devices which can include, for example, flash memory [as an external memory device,…;” “In one implementation, system testing framework utility stores information [and thereby downloads], such as source code and code revisions of the tested product [as tested within the “virtual VM 225a”/second virtual machine], deployment configurations of the tested product (e.g., VM templates/snapshots), test information, test result data, and so on, in the data store 106;” and ¶ [0033], “The test deployment module may cause tests (e.g., stored in tested software data 252) to be run on the installed product in the virtual test system 200, where the VMs 221, 222 a-b, 223 a-d interact with each other (e.g. over Internet Protocol (IP)), during the test phase as if there were regular machines in a production environment. Test result data [produced in “virtual VM 225a”/second virtual machine] may be saved as test results data 253 in data store 106”). 
B.	Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Kuznetsov in view of Khalil, Dagan, and Bacher, and further in view of Beloussov et al. (US 8,074,276, “Beloussov”).
Regarding Claim 19
Kuznetsov-Khalil-Dagan-Bacher discloses the method of claim 18, and Kuznetsov further discloses 
	1 ….
a … first virtual machine… (Fig. 2, ¶ [0025])
Kuznetsov-Khalil-Dagan-Bacher doesn’t disclose
1 further comprising running an antivirus application on the …a to determine whether the software change includes a virus or a malware (Col. 14:45-61, “FIG. 12 illustrates how a designated VEE provides anti-virus protection for a plurality of other VEEs. Anti-virus application 1202 runs within the designated VEE on VM 904A [as the first virtual machine] and provides anti-virus protection to VMs 904B-904D.”).
Beloussov, however, discloses
 1 further comprising running an antivirus application on the …a to determine whether the software change includes a virus or a malware (Col. 14:45-61, “FIG. 12 illustrates how a designated VEE provides anti-virus protection for a plurality of other VEEs. Anti-virus application 1202 runs within the designated VEE on VM 904A [as the first virtual machine] and provides anti-virus protection to VMs 904B-904D.”).
Regarding the combination of Kuznetsov-Khalil-Dagan-Bacher and Beloussov, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov-Khalil-Dagan-Bacher to have included anti-virus feature of Beloussov. One of ordinary skill in the art would have been motivated to incorporate the anti-virus feature of Beloussov because Beloussov teaches the inclusion of an anti-virus application “provides anti-virus protection services to VMs,” which thereby increases the effectiveness of security.  See Beloussov Col. 14:45-61. 
C.	Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kuznetsov in view of Khalil, Dagan, and Bacher, and further in view of Breitgand et al. (US 2012/0240110, “Breitgand”) and Ciano et al. (US 9,710,249, “Ciano”).
Regarding Claim 20
Kuznetsov-Khalil-Dagan-Bacher discloses the method of claim 10, and Kuznetsov further discloses 
further comprising: using the first virtual machine…1 (Fig. 2, ¶ [0025]); and 
when the first virtual machine…2 (Fig. 2, ¶ [0025]), the method further includes: 
3 {saving a modified image (Khalil ¶ [0020])}… to a shared folder on the test network server (¶ [0031], “In one implementation, the resource deployment module 232 creates a local repository for the data (e.g., built packages, VM snapshots & templates, test configurations 252 and data 253, etc.) used in the testing phase [that can incorporate a modified image] of the product [contained within a shared folder]. The local repository [for saving images] …, or may be configured network access [to the test network server] by host machine 210.”), 
4 …; 
saving the modified image from the shared folder on the test network server to a shared folder on the protected network server (¶ [0032], “The test deployment module 234 may then be invoked to install the tested product [within the shared folder] from the locally-served repository [on the test network server]. The tested product may be installed [to the protected network server/”node 120” and the associated VMs 223/225] using the source code and revisions [of the modified image] of the tested product, as well as the packages built from the source code.”); and 
cloning the modified image to the {first protected network computer (Khalil ¶ [0020])} from the shared folder on the protected network server…5 (Fig. 3, ¶ [0038], “At block 340, the product to be tested is installed [and thereby cloned] in the virtual resources. The install may utilize the software stored in the local copy of the repository [as the storage within protected network computer, such as “storage VM 222b”].”). 
Kuznetsov doesn’t disclose
1 … to determine whether a software change;
	2 … determines that the software change is safe to install,…
	3 saving a modified image of the first protected network computer to a shared folder on the test network server,
	4 wherein the software change comprises a maintenance activity for the first protected network computer;
	5 …at a time selected with the least traffic on the protected network based on historical traffic data.
Khalil further discloses
1 … to determine whether a software change (¶ [0020], “A differential disk image is one or more files or other storage means that contain the changes made to a disk between two points in time.”) is safe to install on the first protected network computer (Fig. 5, ¶ [0039], “When the execution is complete, the execution controller notifies the requester, such as a test developer, that the request has been fulfilled, and provides information about the run, such as test pass [and the software change is safe to install on the “client device 102”/protected network computer], test failure, investigation complete, or the like.”);
	2 … determines that the software change is safe to install (Fig. 5, ¶ [0039]),…
	3 saving a modified image of the first protected network computer… (¶ [0020], “For example, if a first snapshot is made of a first system [of the first protected network computer], with a disk containing nothing but a base image comprising an operating system and a word processing application, and a second snapshot is made of the first system three days later, the second snapshot may contain additions or changes in applications or data [to create a modified image] that were made to the disk, including any documents that were created using the word processing software.”),
Ciano, however, discloses
	4 wherein the software change comprises a maintenance activity for the first protected network computer (Col. 10:12-31, “At this point, a test is made [as a maintenance activity] to verify whether any local program installed on the virtual machine [associated with the first protected computer] is become obsolete; for example, this may happen when the corresponding external program has been upgraded to a newer level or the corresponding virtual appliance has been moved to another virtual environment (as indicate by a comparison between a current version of the local environment information and a previous version thereof).”);
Breitgand, however, discloses
	5 …at a time selected with the least traffic on the protected network based on historical traffic data (¶ [0028], “Certain [historical] parameters (e.g., system bandwidth [relating to traffic], service requests, application history and execution pattern, etc.) may be used to determine [and thereby select] in advance when [and at a time], how often and how many copies of VM's image are to be cloned.”).
Regarding the combination of Kuznetsov and Khalil, the rationale to combine is the same as provided for claim 18 due to the overlapping subject matter of claims 18 and 20.
Regarding the combination of Kuznetsov-Khalil-Dagan-Bacher and Ciano, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the test system of Kuznetsov-Khalil-Dagan-Bacher to have included the maintenance feature of Ciano. One of ordinary skill in the art would have been motivated to incorporate the maintenance feature of Ciano because Ciano teaches “newer level[s]” of software occur, see Ciano Col. 10:12-31, and the test as a maintenance activity ensures the replacement of obsolete programs.
Regarding the combination of Kuznetsov-Khalil-Dagan-Bacher-Ciano and Breitgand, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the test system of Kuznetsov-Khalil-Dagan-Bacher-Ciano to have included the timing feature of Breitgand. One of ordinary skill in the art would have been motivated to incorporate the timing feature of Breitgand because Breitgand teaches “optimiz[ing]” the cloning process to thereby take the “shortest time possible.”  See Breitgand ¶ [0029]. 
D.	Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Kuznetsov in view of Khalil, Dagan, and Bacher, and further in view of Kumar et al. (US 2021/0357246, “Kumar”).
Regarding Claim 22
Kuznetsov-Khalil-Dagan-Bacher discloses the method of claim 10, and Kuznetsov further discloses 
wherein the second virtual machine files comprises a virtual machine disk…1 readable by the first virtual machine (Fig. 3, ¶ [0038], “Subsequently, at block 330, virtual resources [comprising second virtual machine files] are initialized [and thereby are readable] from the built representations. The virtual resources are initialized to represent the tested resources of the product in a virtual testing environment [comprising the “hypervisor VM 223a”/first virtual machine that runs the “virtual VM 225a”/second virtual machine] and all of the virtual resources are initialized on a single machine (e.g., the host machine);” and “The install may utilize the software stored in the local copy of the repository [comprising a virtual machine disk.”).
Kuznetsov-Khalil-Dagan-Bacher doesn’t disclose
	1 …VMDK format…
Kumar, however, discloses
	1 …VMDK format… (¶ [0078], “The hypervisor typically stores the data of virtual disks in files on the file system of the physical host machine, called virtual machine disk files (“VMDK” in VMware lingo) or virtual hard disk image files (in Microsoft lingo).”)
Regarding the combination of Kuznetsov-Khalil-Dagan-Bacher and Kumar, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the testing system of Kuznetsov-Khalil-Dagan-Bacher to have included the VMDK storage feature of Kumar. One of ordinary skill in the art would have been motivated to incorporate the VMDK storage feature of Kumar because Kumar teaches “A virtual machine reads data from and writes data to its virtual disk much the way that a physical machine reads data from and writes data to a physical disk,” and thus it would be obvious to employ the means required for a virtual machine to read and write data through the use of VMKD file.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491