DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-33 are presented for examination.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-33 are rejected under 35 U.S.C. 103 as being unpatentable over Moses et al. (hereinafter Moses) (US 2019/0312841 A1 in view of Lampesberger (“Technologies for Web and cloud service interaction: a survey”, March 9, 2015).

As to claim 1, Moses teaches a method for establishing connection to a virtual machine (VM) in a cloud, the method comprising (Abstract; [0002]; [0009]): 
initiating, at a central server (Server Device 10, etc.), a request for connection to a target cloud VM (establishing a connection through proxy/tunnel and communication network 30 to target cloud VM from Client Device 20, etc.), the request specifying a unique resource identifier (ID) of the target cloud VM (instance of AWS ID and/or VPC ID, etc.) (Abstract; Figs. 1-3 and 6-7; [0025]-[0029]; [0050]; [0053]-[0056]); 
determining whether the unique resource ID of the target cloud VM (instance of AWS ID and/or VPC ID, etc.) is registered (registered or published in cloud proxy or through discovery of the service) in a local hosts file (Figs 1-3 and 6-7; [0017]; [0026]-[0031]; [0053]-[0056]); and 
when the unique resource ID (instance of AWS ID and/or VPC ID, etc.) is registered in the local hosts file, connecting to a cloud-native proxy gateway (Network Traffic Management Apparatus A that provides a reverse-tunnel proxy in centralized service tier, e.g., for a secure connection in a cloud environment; the Network Traffic Management Apparatus A can be standalone devices or integrated with one or more other devices or apparatuses, such as the server device, for example) (Figs 1-3 and 6-7; [0017]; [0026]-[0031]; [0053]-[0056]); and 
directing the request for connection to the target cloud VM to the cloud- native proxy gateway, the cloud-native proxy gateway being reachable from both the target cloud VM and the central server (Network Traffic Management Apparatus A that provides a reverse-tunnel proxy in centralized service tier, e.g., for a secure connection between Server Device 10 and Client Device 20 with virtual machine, etc., in a cloud environment; also using communication according to hypertext transfer protocol (HTTP) based application Request for Comments (RFC) Protocol) (Figs 1-3 and 6-7; [0026]-[0031]; [0043]; [0050]).
Although it would have been obvious that Moses’s HTTP Management API and/or WebSocket data channel could determine whether the unique resource ID of the target cloud VM is registered in a cloud network domain in a local hosts file, Moses does not explicitly disclose based on a “cloud network domain.”  However, Lampesberger teaches cloud web service computing with internet/HTTP protocols for communication between server and client, for example, dependent on registration in the Domain Name System (DNS) database, the URL address that identifies the path for a resource within authority (pages 11-13).  Moses and Lampesberger are analogous art with the claimed invention because they are all in the same field of endeavor of communication over a cloud network.  It would have been obvious to one of ordinary skill in the art before the effective date of the application to modify Moses’s cloud network traffic management such that it would considering cloud network domains, as taught and suggested in Lampesberger’s cloud system.   The suggestion/motivation for doing so would have been to provide the predicted result of avoiding the restrictions from using the IP protocol in favor of a more reliable protocol like HTTP to achieve greater success of Web services (pages 1 and 9). 

As to claim 2, Moses teaches wherein the unique resource ID of the target cloud VM is a string of alphanumeric characters not in an Internet Protocol (IP) address format (Abstract; [0053]-[0057]).  It would have been obvious to one of ordinary skill in the art before the effective date of the application that a resource ID (that is not IP address) could contain alphanumeric characters, as suggested. 

As to claim 3, Moses teaches further comprising: at the cloud-native proxy gateway, determining whether a reverse tunnel exists for the target cloud VM, a local port being assigned to the reverse tunnel ([0018]; [0027]; [0051]; [0053]).

As to claim 4, Moses teaches further comprising: at the cloud-native proxy gateway, sending incoming communication flow from the central server to the target cloud VM through the reverse tunnel by adjusting a port designated in the incoming communication flow to the local port assigned to the reverse tunnel (forwarding session flow towards the host located in the cloud service provider environment to leverage the existing established connection) (Abstract; [0017]-[0018]; [0027]; [0050]-[0054]).

As to claim 5, Moses teaches further comprising: at the cloud-native proxy gateway, for outgoing communication flow from the target cloud VM, adjusting the local port back to the port originally designated in the incoming communication flow and making a connection to a local host on the originally designated port (Abstract; [0017]-[0018]; [0049]-[0056]).

As to claim 6, Lampesberger teaches further comprising: when the reverse tunnel does not exist, establishing a reverse tunnel from the target cloud VM back to the cloud-native proxy gateway (page 13).

As to claim 7, Moses teaches further comprising: keeping the connection from the central server to the cloud-native proxy gateway alive (continuous) while establishing the reverse tunnel (Abstract; [0018]; [0027]; [0051]).

As to claim 8, Moses teaches wherein establishing the reverse tunnel from the target cloud VM back to the cloud-native proxy gateway includes looking up calling information for the target cloud VM in a cloud resources inventory, the calling information including information needed to issue an Application Programming Interface (API) call to establish a shell connection to the target cloud VM ([0053]-[0054]; Fig. 5).

As to claim 9, Moses teaches further comprising: issuing a command to an agent in the target cloud VM to establish a reverse tunnel from the target cloud VM back to the cloud-native proxy gateway (Fig. 5; [0053]-[0054]; [0018]; [0027]; Abstract).

As to claim 10, Moses teaches further comprising: directing incoming communication flow to the target cloud VM through the reverse tunnel (Abstract; [0029]-[0031]).

As to claim 11, Moses teaches further comprising: when the unique resource ID of the target cloud VM is not registered in a cloud network domain in the local hosts file, forwarding the request to a local network (Abstract; [0017]-[0018]; [0049]-[0056]).

As to claim 12, it is rejected for the same reasons as stated in the rejection of claim 1.

As to claim 13, it is rejected for the same reasons as stated in the rejection of claim 2.

As to claim 14, it is rejected for the same reasons as stated in the rejection of claim 3.

As to claim 15, it is rejected for the same reasons as stated in the rejection of claim 4.

As to claim 16, it is rejected for the same reasons as stated in the rejection of claim 5.

As to claim 17, it is rejected for the same reasons as stated in the rejection of claim 6.

As to claim 18, it is rejected for the same reasons as stated in the rejection of claim 7.

As to claim 19, it is rejected for the same reasons as stated in the rejection of claim 8.

As to claim 20, it is rejected for the same reasons as stated in the rejection of claim 9.

As to claim 21, it is rejected for the same reasons as stated in the rejection of claim 10.

As to claim 22, it is rejected for the same reasons as stated in the rejection of claim 32.

As to claim 23, it is rejected for the same reasons as stated in the rejection of claim 1.

As to claim 24, it is rejected for the same reasons as stated in the rejection of claim 2.

As to claim 25, it is rejected for the same reasons as stated in the rejection of claim 3.

As to claim 26, it is rejected for the same reasons as stated in the rejection of claim 4.

As to claim 27, it is rejected for the same reasons as stated in the rejection of claim 5.

As to claim 28, it is rejected for the same reasons as stated in the rejection of claim 6.

As to claim 29, it is rejected for the same reasons as stated in the rejection of claim 7.

As to claim 30, it is rejected for the same reasons as stated in the rejection of claim 8.

As to claim 31, it is rejected for the same reasons as stated in the rejection of claim 9.

As to claim 32, Moses teaches wherein the one or more processors (at least one processor 40) in conjunction with the memory (at least one memory 50) are further configured to: direct incoming communication flow to the target cloud VM through the reverse tunnel (Fig. 2; Abstract; [0018]; [0021]-[0023]; [0049]).

As to claim 33, it is rejected for the same reasons as stated in the rejection of claim 11.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Aizikovich (US 2019/0207784 A1) discloses a set of instructions for sending a prompt to establish a reverse tunnel between a first network and a second network from a tunneling control service in the first network to a tunneling control agent in the second network over a control session. In addition, a request for a reverse tunnel connection between a tunneling server in the first network and the tunneling agent in the second network is transmitted. The tunneling agent is configured to redirect received traffic from the reverse tunnel to the target resource at the network address in the second network. Data traffic is transmitted from the requesting resource in the first network through the reverse tunnel to the tunneling agent for redirection by the tunneling agent to the target resource.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH TANG whose telephone number is (571)272-3772. The examiner can normally be reached Monday-Friday 7AM-3PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH TANG/Primary Examiner, Art Unit 2199