DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responsive to communication received on 07/14/2022. Claims 1-20 are pending of which claims 1 3, 4, 7, 12, 14, 15, 18 and 20 are amended.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-8, 10, 12-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Michael et al US 2020/0106696, and further in view of Maes et al US 2019/0222988.
Regarding claims 1, 12 and 20, Michael teaches a system, method and non-transitory CRM comprising instructions executed by a processor implementing the method comprising: one or more processors; and one or more storage devices in communication with the one or more processors, the one or more storage devices storing instructions, when executed by the one or processors, cause the one or more processors to perform operations comprising: 
["Embodiments of the MCN described herein include systems and methods for global control and optimization of data traffic through or in networks including software-defined networks. The MCN comprises numerous nodes placed in data centers across the world and interconnected using private leased lines to form an overlay network that overlays another network (e.g., public network, private network in the form of private leased lines, etc.), referred to herein as an “underlay network”. Components of the MCN are strategically placed in the best locations to provide connectivity to tenants and service application providers across the world. The cloud acceleration realized with use of the MCN provides seamless, accelerated connectivity to tenants from any location, including branch offices and/or distributed or remote locations. The term “tenant” as used herein includes enterprises, clients, customers, and corresponding sites and service applications, to name a few, but is not so limited as it includes all entities and persons using the MCN for routing data traffic.", ¶143]

maintaining a plurality of cluster control planes, each cluster control plane(management plane) comprising one or more respective instances of software of an Application Programming Interface (API) server(multiple instances of a management plane executes tenant modifications via API calls in API gateway, ¶s151, 441) 
[" In addition to the components hosted at each POP, the MCN components include components that form the management plane of the MCN. The management plane components, which are coupled to the MCN components of the POPs, include but are not limited to tenant-facing web user interfaces (UIs) (WEB-UIs), the web application (WEB-APP), a Bouncer configured for role-based user access, and a provisioner configured to manage configurations of the MCN components as well as other network resources. The MCN also includes components configured for monitoring the health of MCN components and logging data of the monitoring (not shown), along with data stores configured to support the MCN components, as described in detail herein.", ¶151] 
 ["High availability of the management plane is realized by operating multiple instances of each management plane component. The load balancer of each component is configured to balance the load between the multiple instances of each component. Each load balancer uses a round-robin process for balancing requests (e.g., TCP request) from its corresponding component, but embodiments are not so limited. When deploying a new version of a component in a high-availability network configuration that includes at least two instances of each component, embodiments generate two new instances of the component, and connect these new instances to the load balancer. Following generation of the new instances, the load balancer is configured to route new connections to the new instances, and to drain existing connections to the previously used set of components or let them expire as described herein. The connections to the previously used set of components are disabled subsequent to the corresponding drain count being zero, meaning no connections are being handled by the components.", ¶441]

wherein each cluster control plane is configured to receive API requests and to process the API requests using the respective one or more instances of the API server( provisioning and deployment request made via management plane through web interface … i.e APIs, ¶151) 
[" In addition to the components hosted at each POP, the MCN components include components that form the management plane of the MCN. The management plane components, which are coupled to the MCN components of the POPs, include but are not limited to tenant-facing web user interfaces (UIs) (WEB-UIs), the web application (WEB-APP), a Bouncer configured for role-based user access, and a provisioner configured to manage configurations of the MCN components as well as other network resources. The MCN also includes components configured for monitoring the health of MCN components and logging data of the monitoring (not shown), along with data stores configured to support the MCN components, as described in detail herein.", ¶151] 

receiving an API request to modify or read a state for a cluster of computing resources of a computing platform(request to provision resources, ¶215); and 
[" As the orchestration system, the provisioner controls the interplay between the management plane and the control plane to create or provision underlay networks. The provisioner also provisions or configures networks over (“overlay networks”) the underlay networks by deploying (through APIs) components of the MCN (e.g., Dolfins, Orcas, Watchdogs) in the overlay network. The provisioner is further configured to create routes for existing networks, and to store data representing the underlay networks, overlay networks, and route configurations. Dolfins and Orcas communicate with the provisioner to receive information representing network configuration, routes, and traffic classes. The provisioner code of an embodiment is written in Python, and Ansible is used to run tables, but embodiments are not so limited.", ¶215]

["FIG. 12 is a flow diagram for network provisioning, under an embodiment. The provisioning of underlay networks generally comprises interactions between the provisioner and one or more APIs in order to create networks. The provisioner identifies the cloud type and the topology, and controls network preparation in accordance with the identified type and topology. When a network is identified as being available and having a matching topology and the capacity for accommodating components of the MCN, then the provisioner uses the identified network for deployment of the components. If no such network is available, the provisioner uses its cloud-type specific API to request creation of a network. Following preparation of the network, the provisioner deploys the MCN components (e.g., bridges, containers, etc.) over the network. The network information or data is consolidated and stored in a network table.", ¶216]

the cluster of computing resources corresponding to a tenant identified in the API request(tenant Id among other identification providing in provisioning request, ¶223)
[" The provisioning request includes information about the network topology, type of cloud, tenant identification (ID), and network topology ID. The “provision network” request of an embodiment arrives in a form of a request (e.g., HTTP POST), and the body of each request includes a file (e.g., JSON) comprising the information necessary to provision the network (e.g., network_topology_id, tenant_id, cloud type, etc.), but embodiments are not so limited. The provisioner first checks its data store to determine if the provided network topology ID of the provided tenant ID already exists. This involves the API determining if a pre-provisioned network is available for immediate dedication to the requesting tenant. If there is an available pre-provisioned network, the API returns a message and/or code so indicating (e.g., “provisioned network available” with status code 200).", ¶223]

Michael teaches a multiple instances( i.e multithreaded)  management plane to read/and modify tenant network but does not teach a dedicated per tenant management plane to modify or read  the state of the cluster but does not teach 
in response to receiving the API request: identifying a cluster control plane of the plurality of cluster control planes that controls the cluster of computing resources corresponding to the API request, and
causing the identified cluster control plane to modify or read the state of the cluster in accordance with the API request
determining whether the identified cluster control plane is active for the tenant identified in the API request, and causing the identified cluster control plane to modify or read the state of the cluster in accordance with the API request when the identified cluster control plane is determined to be active. Maes in the analogous area of multitenant service provisioning and management. Maes teaches in response to receiving the API request: identifying a cluster control plane of the plurality of cluster control planes that controls the cluster of computing resources corresponding to the API request, and(Maes teaches tenant provisioning request are made via API calls from a user interface, Maes further teaches determining if a service suite  for a tenant is deployed ie active such determination includes identifying management modules when management modules are deployed per tenant, ¶s20,31)
[" The users may interact with the tenant portal 110 (possibly one instance per tenant) or the users may bypass the tenant portal 110 authorization and access a service suite instance with their credentials directly (via a user interface (UI) or application program interface (API)). In the latter case, the tenant portal 110 behaves as an API exposure gateway (GW), and a user request or an API call is routed to the tenant service suite instance (existing or newly created). In one example, a service suite or a service reside inside different containers. For example, each service 124a-n may be encapsulated inside its own container (or a set of containers if multiple instances have been created by the management module 125a-n). Also, a service suite container may include different service suite instances providing different sets of services (applications) 124a-n. The different containers may be associated with the different service suites. In FIG. 1A, service suite instance 120a is deployed for tenant A and service suite instance 120n is deployed for tenant B. ", ¶20]
[" At 203, a determination is made as to whether an instance of the requested service (or service suite) is deployed for the tenant in the system 100. The instance controller 112 may determine whether the requested service suite is currently deployed. For example, the requested service may be deployed for another user of tenant A, such as service suite instance 120a, and the instance controller 112 determines whether an instance of the requested service suite is deployed for tenant A. In an example, the management plane module 130 may maintain a list of deployed services suites or services for each tenant. The instance controller 112 queries the management plane module 130 to determine if tenant A already has the requested service suite or service deployed. In another example, the instance controller 112 may maintain the list of deployed services suites or services for each tenant.", ¶31]

causing the identified cluster control plane to modify or read the state of the cluster in accordance with the API request(request made by tenants may cause changes to the tenant network… i.e adding/scaling instances, terminating instances, ¶16)
[" This means that other users of the same tenant are already using the applications from the service suite instance. Otherwise, a new service or service suite instance may be created by the orchestrator, if the user is the first user to request a service. A notification of an insufficient load may be used to terminate the service or service suite instance to conserve computer resources and allow other processes to utilize the computer resources that were provisioned for the service or service suite instance being terminated. In one example, a service suite instance may be scaled out when used by too many users or when a load on the instance exceeds a certain limit, which may be defined by the SLA. In this case, an orchestrator may create another service or service suite instance for additional users of the same tenant. Conversely, when the load or a number of tenants is reduced, the orchestrator may scale in the instances of the tenant by retiring some of the service or service suite instances. The system may include an orchestrator in a form of a management plane module coupled to an instance controller that may launch service suite instances and perform other life cycle operations and management operations for services and service suites as is further discussed below.", ¶16]
determining a control plane is active and thus does not teach determining whether the identified cluster control plane is active for the tenant identified in the API request(determination of whether service suite for tenant is deployed ¶31,  service suite can include management module ( equivalent to control plane instance of Michaels) ¶20, thus determination is made to whether management module is deployed and if deployed  thus active user request is directed toward the deployed instance, ¶32, 
and causing the identified cluster control plane to modify or read the state of the cluster in accordance with the API request when the identified cluster control plane is determined to be active(determination of whether service suite for tenant is deployed ¶31,  service suite can include management module ( equivalent to control plane instance of Michaels) ¶20, thus determination is made to whether management module is deployed and if deployed  thus active user request is directed toward the deployed instance, ¶32) .
[" Also, the service suite instances deployed in the system 100 may include their own management plane, shown as management modules 125a-n for service suite instances 120a-n. In one example, a tenant may have several service containers that may have one of the management modules 125 to support them. In one example a common cross-tenant management module may be implemented on the management plane module 130 as shown in FIG. 1B. Referring again to FIG. 1A, each of the management modules 125a-n monitors usage of the service suite, facilitates use of the service suite 118a-n by authorized users by communicating with the instance controller 112, and facilitates management of the service suite 118a-n, including lifecycle management from creation to termination and creating new instances in cases when scaling in and out of the instances is needed. In one example, the management modules 125a-n may route the request, balance the instance loads, and expose service 124a-n APIs. The service suite instances 120a-n may include resources and repositories to be used by the services 124a-n. In one example, the services 124a-n may be loaded from the infrastructure 128 where persistent data may be physically or virtually segregated.", ¶20]
[" At 203, a determination is made as to whether an instance of the requested service (or service suite) is deployed for the tenant in the system 100. The instance controller 112 may determine whether the requested service suite is currently deployed. For example, the requested service may be deployed for another user of tenant A, such as service suite instance 120a, and the instance controller 112 determines whether an instance of the requested service suite is deployed for tenant A. In an example, the management plane module 130 may maintain a list of deployed services suites or services for each tenant. The instance controller 112 queries the management plane module 130 to determine if tenant A already has the requested service suite or service deployed. In another example, the instance controller 112 may maintain the list of deployed services suites or services for each tenant.", ¶31]
[" At 204, if an instance of the requested service suite or service is currently deployed, the user is directed to the deployed service suite or service instance. For example, the instance controller 112 directs the user 101 to the service suite instance 120a. This may include instructing the management module 125a to allow creation of a session between the user 101 and the service suite instance 120a. In an example, the instance controller 112 may send the instructions to the management plane module 130, and the management plane module 130 may communicate with the management module 125a through the service suite container 118a to create the session with the user 101. The management plane module 130 may include a virtual bridge that allows communication with management modules 125a-n running in the containerized service sites 118a-n. When the containerized service sites 118a-n are created, the containerized service sites 118a-n may include settings that allow communication with the management plane module 130.", ¶32]
[" At 302, a determination is made as to whether the monitored service suite or service instance is idle based on the monitoring performed at 301. For example, the management module 125a determines whether the service suite instance 120a is idle based on active users and/or monitored computer resource metrics of service suite instance 120a. If there are no users for the service suite instance 120a, such as no active user sessions, then the service suite instance 120a may be considered idle. If there are no active processes, then the service suite instance 120a may be considered idle. If the monitored computer resource metrics indicate that there is no activity for the service suite instance 120a for a predetermined period of time or that the usage is below a predetermined threshold for a predetermined period of time, then the service suite instance 120a may be considered idle. In an example, a combination of the monitored user sessions, processes and/or computer resource metrics may be considered to determine whether the service suite instance 120a is idle. A determination of whether the service suite instance is idle may be made for each of the deployed service suite instances 120a-n. In one example, the service suite instance usage may lead to performance issues because of an overload of the service suite instance due to too many users or to large loads created by a user. In this case, the management plane 130 may automatically scale out the instance by creating more instances of the same service suite for a tenant to improve the performance and to maintain SLA guarantees. In one example, when a new user joins, the management plane 130 may create a new service or service suite instance to avoid overloading and drop in performance. Likewise, the management plane 130 may scale in by reducing the number of service or service suite instances if a user or a number of users log out or if the load is down.", ¶35]
It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Michaels with checking the status prior attempting to perform an action on the tenant network. The reason for this modification would be to ensure that the management plane is operational(not idle or failed ¶35) thus capable of executing actions to modify or read data from the tenant network.
Regarding claims 2 and 13, Michael teaches wherein causing the identified cluster control plane to modify or read the state of the cluster comprises causing the identified cluster control plane to modify the execution of one or more worker nodes associated with the cluster control plane(modification include scaling up/down service instancs on physical nodes i.e worker nodes, ¶s16,24)
[" This means that other users of the same tenant are already using the applications from the service suite instance. Otherwise, a new service or service suite instance may be created by the orchestrator, if the user is the first user to request a service. A notification of an insufficient load may be used to terminate the service or service suite instance to conserve computer resources and allow other processes to utilize the computer resources that were provisioned for the service or service suite instance being terminated. In one example, a service suite instance may be scaled out when used by too many users or when a load on the instance exceeds a certain limit, which may be defined by the SLA. In this case, an orchestrator may create another service or service suite instance for additional users of the same tenant. Conversely, when the load or a number of tenants is reduced, the orchestrator may scale in the instances of the tenant by retiring some of the service or service suite instances. The system may include an orchestrator in a form of a management plane module coupled to an instance controller that may launch service suite instances and perform other life cycle operations and management operations for services and service suites as is further discussed below.", ¶16]

["As discussed above, the use of the containerized suites allows for fast and efficient creation, scaling in and out of service suite instances as compared to applications running on a physical host or inside a Virtual Machine (VM) that may need to have a previously created service suite instance to be used as a VM. In one example, a service suite may not be containerized and may be implemented on a physical host or the service suite or its components may be running inside a Virtual Machine (VM). In this case, a pool of unsigned service suite instances residing on a set of physical hosts or inside a set of VMs may be used to act in the same manner as a containerized service suite without any losses in speed. The service suite instances of the pool are made available to be deployed for tenants and may be returned back to the pool once they are no longer used by the tenants. This may be particularly important when the service suites or services have components that may be deployed on-premise by a user's choice or by implementations of the service or the service suite. In this case, the use of the pool may allow for fast instantiation of tenant instances or for scaling out when a user needs a better performance.",¶24]

Regarding claims 3 ad 14, Maes teaches wherein spawning one or more threads to execute an API server instance configured to modify the state of the cluster in accordance with the API request when the identified cluster control plane is determined to be inactive. 
[" At 205, if an instance of the requested service suite or service is not currently deployed, a new instance of requested service suite or service is deployed for the tenant. For example, the instance controller 112 creates a new instance of the requested service suite or service for the tenant A. In an example, a containerized image of the requested service suite or service is deployed on the infrastructure 128. At 206, the user is provided with access to the deployed service suite or service instance. For example, a session may be created for the user 101 to access the deployed service suite instance 120a-n.", ¶33]

Regarding claims 4 and 15, Maes teaches wherein the spawned one or more threads are configured to communicate data across one or more channels, wherein each thread is configured to communicate among other threads using the one or more channels, wherein each channel is a data structure configured to store data communicated between threads(VPNs are virtual networks that communicate with each other by encapsulated packets(ie. data structure), ¶21) .
[" The isolation between one VPC user and all other users of the same cloud (other VPC users as well as other public cloud users) may be achieved through allocation of a private IP subnet and a virtual communication construct (such as a VLAN or a set of encrypted communication channels) per tenant. According to the examples of the present disclosure, multiple service suites for a tenant may include different services (i.e., different sets of applications) subscribed to by the tenant. The service suite instances 120a-n may belong to the same tenant with integration between the containerized service suites 118a-n to support execution of user service requests across the service suite instances 120a-n provided by integration layer 116. In another example, the containerized service sites 118a-n may belong to different tenants A and B as shown in FIG. 1A. The integration layer 116 may be implemented as a gateway, a bus, a message broker or an orchestrator or combination of these elements.", ¶21]

Regarding claims 5 and 16, Maes teaches destroying multiple service suite instances  when they become idle after a period of time but does not specifically teach that the same actions performed with respect to management modules 125a-n.
["As discussed above, service suite instances may consist of containerized service instances that interact with each other. Also, each service suite instance may include a management module, such as management modules 125a-n. The management modules 125a-n may scale in or scale out the services 124a-n based on the loads and SLA requirements. In one example, multiple service suite instances (different scaled instances or different suites offering different services) of a tenant may share the same management module implemented on the management plane module 130 as shown in FIG. 1B discussed below. The management modules 125a-n may serve as a gateway into the containerized service sites 118a-n for management functions of the service suite instance. For example, the management modules 125a-n may monitor usage of the services 124a-n and collect usage data. In one example, the instance controller 112 may request the usage data from the management module via the management plane module 130, which has access to the management modules 125a-n inside the containerized service sites 118a-n. If the usage data indicates that the service suite instance has been idle for a predetermined period of time, the instance controller 112 may instruct the management plane module 130 to terminate the service suite instance. Also, the management plane module 130 may monitor whether any users are currently using service suite instances. If no users are using a service suite instance, such as no more sessions exist between users and a service suite instance, the instance controller 112 may instruct the management plane module 130 to scale in by retiring the service suite instance. The instance controller 112 may detect overloads of the service suite instances 120a-n. If the service instance does not meet SLA requirements or other performance objectives, the management plane module 130 may create another instance (i.e., scale out) of the same service suite to balance the load among the existing service suite instances of the same tenant. Likewise, the management plane module 130 may scale in (i.e., terminate) the instances if the instance controller 112 detects idle service instances or if a user or several users log out from the tenant portal 110 and the load decreases. Note that while service suite instances 120a-120n may be scaled, the scaling in and out may also take place at the level of services 124a-n. In other words, a single service within a suite may have several instances that may be scaled in and out based on tenant's needs.", ¶25]
 It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to further modify Michael/Maes by applying the teaching of terminating service suite instances when idle with terminating the management module when the management becomes idle after a period of time. The reason for this modification would be to save computing resources.	 Thus Michael/Maes as further modified above teaches wherein the operations further comprise: destroying at least one thread of the one or more spawned threads following a predetermined time period after causing the identified cluster control plane to modify or read the state of the cluster.
Regarding claims 6 and 17, Michael teaches wherein causing the identified cluster control plane(management plane) to modify or read the state of the cluster comprises: maintaining a pool of controllers(multiple instances of management plane components are deployed, ¶441),
["High availability of the management plane is realized by operating multiple instances of each management plane component. The load balancer of each component is configured to balance the load between the multiple instances of each component. Each load balancer uses a round-robin process for balancing requests (e.g., TCP request) from its corresponding component, but embodiments are not so limited. When deploying a new version of a component in a high-availability network configuration that includes at least two instances of each component, embodiments generate two new instances of the component, and connect these new instances to the load balancer. Following generation of the new instances, the load balancer is configured to route new connections to the new instances, and to drain existing connections to the previously used set of components or let them expire as described herein. The connections to the previously used set of components are disabled subsequent to the corresponding drain count being zero, meaning no connections are being handled by the components.", ¶441]

Regarding claims 7 and 18, Michael teaches wherein the cluster comprises a plurality of discrete portions of computing resources, wherein each discrete portion of the plurality of discrete portions of the cluster comprises a resource identifier uniquely identifying the discrete portion of computing resources of the cluster(tenant_id identifies the resurces for respective tenants, ¶212); 
[" FIG. 11 is a flow diagram for an authentication of Bouncer including use of tokens, under an embodiment. Prior to any action, a user first requests a token from Bouncer. In response, Bouncer validates the user credentials, stores a token with some “session” information, and returns the token to the user. This token is used for any subsequent calls to the system. The token of an embodiment includes identification data, and can include one or more of user_id, organization_id (tenant_id), roles, permissions, expiration time, and audit_id, for example.", ¶212]

wherein the API request comprises metadata that includes resource identifiers(configuration information); 
["In addition to the provisioner of an embodiment, the overlay network system includes a web application (WEB-APP) configured to include a tenant-facing web or web-based user interface (WEB-UI). While the provisioner initializes or configures components of the MCN as described herein, it is generally configured to provision the assets of the overlay network using information provided by an authorized user via the UI. The WEB-UI, which is generated by the web application and presented to a user, is configured to receive login credentials of an authorized tenant or user. At the first instance of tenant login, the WEB-UI prompts the user to name the network, and to input or specify network configuration information. The network is configured to use the configuration information or data, as described in detail herein. The MCN further includes a Bouncer that is configured to validate a user based on the login credentials by checking or determining permissions of an authorized user, and determining that the user belongs to an tenant group with authorization to access the overlay network.", ¶184]
and wherein identifying the cluster control plane comprises identifying a cluster control plane that corresponds to resources whose identifiers match the resource identifiers in the metadata of the API request(tenant request are routed toward corresponding POP managing the tenant’s deployed resources, ¶s 212,264).
[" FIG. 11 is a flow diagram for an authentication of Bouncer including use of tokens, under an embodiment. Prior to any action, a user first requests a token from Bouncer. In response, Bouncer validates the user credentials, stores a token with some “session” information, and returns the token to the user. This token is used for any subsequent calls to the system. The token of an embodiment includes identification data, and can include one or more of user_id, organization_id (tenant_id), roles, permissions, expiration time, and audit_id, for example.", ¶212]
["As routing in the MCN is reactive and dynamic, each POP is configured at any time to function as both ingress POP and egress POP. In response to the receipt of the configured route information, however, the Orca NAT component performs the SNAT/DNAT operations corresponding to the routes of the IP address. These operations include generating rules to perform DNAT operations that configure the POP as an egress POP for the destination address by changing the destination address of received traffic to be the public IP address of the egress destination. The Orca will establish its own IP address as the source IP address. Subsequently, when the Orca receives from another POP traffic directed to a destination address for which the Orca serves as the egress POP, the NAT is configured as the egress POP to route the received traffic to that egress destination.", ¶264]

Regarding claim 8, Michael teaches, wherein the plurality of discrete portions of computing resources comprises at least one of an application, a service, a load balancer, a node, a pod, or a container.
["The MCN is configured to provide optimization for all applications accessed via the MCN, irrespective of the tenant location from which the MCN is accessed. The connectivity to such service applications is seamless to users, so they are not required to change the way in which they currently access the service applications, and yet be able to get the best possible user experience accessing such resources (e.g., IaaS, PaaS, SaaS, UCaaS, etc.).", ¶147]
[“The first cloud environment 401 comprises components of the MCN management plane. The management plane components include but are not limited to tenant-facing WEB-UIs, the WEB-APP, Bouncer, provisioner, one or more load balancers (LBs), components configured for monitoring the health of MCN components and logging data of the monitoring, and one or more data stores or databases supporting the WEB-APP, Bouncer, provisioner, and monitoring/logging components.”, ¶159]
["FIG. 12 is a flow diagram for network provisioning, under an embodiment. The provisioning of underlay networks generally comprises interactions between the provisioner and one or more APIs in order to create networks. The provisioner identifies the cloud type and the topology, and controls network preparation in accordance with the identified type and topology. When a network is identified as being available and having a matching topology and the capacity for accommodating components of the MCN, then the provisioner uses the identified network for deployment of the components. If no such network is available, the provisioner uses its cloud-type specific API to request creation of a network. Following preparation of the network, the provisioner deploys the MCN components (e.g., bridges, containers, etc.) over the network. The network information or data is consolidated and stored in a network table.", ¶216]

Regarding claim 10, Michael teaches wherein each of the plurality of cluster control planes corresponds to a tenant of the computing platform, and wherein the operations further comprise: generating a cluster control plane comprising an instance of the API server, wherein the generating comprises executing an instance of a modified API server, which is initialized with a configuration specified by a tenant corresponding to the cluster control plane(tenant specify configuration parameters via GUI, ¶184).
["In addition to the provisioner of an embodiment, the overlay network system includes a web application (WEB-APP) configured to include a tenant-facing web or web-based user interface (WEB-UI). While the provisioner initializes or configures components of the MCN as described herein, it is generally configured to provision the assets of the overlay network using information provided by an authorized user via the UI. The WEB-UI, which is generated by the web application and presented to a user, is configured to receive login credentials of an authorized tenant or user. At the first instance of tenant login, the WEB-UI prompts the user to name the network, and to input or specify network configuration information. The network is configured to use the configuration information or data, as described in detail herein. The MCN further includes a Bouncer that is configured to validate a user based on the login credentials by checking or determining permissions of an authorized user, and determining that the user belongs to an tenant group with authorization to access the overlay network.", ¶184]


Claims 9, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Michael/Maes as applied to claims 1 and 12 above, and further in view of Yu US 11,188,354.
Regarding 9 and 19, Michael does not teach wherein maintaining the plurality of cluster control planes further comprises: storing data shared among the plurality of cluster control planes in a shared cache of memory accessible to the plurality of cluster control planes, wherein the data is stored immutably. Yu in the analogous networking art teaches service deployment environment using containers. Yu teaches wherein maintaining the plurality of cluster control planes further comprises: storing data shared among the plurality of cluster control planes in a shared cache of memory accessible to the plurality of cluster control planes, wherein the data is stored immutably(immutable portions of a class or placed in a shared class and referenced by multiple instance/VMs, Col2 Lines 41-57).
["A container orchestrator, in accordance with some embodiments of the present invention, comprises a class sharing orchestrator (CSO) subsystem. The CSO manages sharing of class data among containerized applications in a cloud environment to improve application startup performance, CPU consumption and memory footprint. A shared class cache allows multiple virtual machines, that operate in isolation from one another, to share a single cache, herein referred to as a “shared class cache” (SCC) that holds application class data. A class cache configured as a memory mapped file stores three pieces of information: (1) the immutable part of the classes, (2) ahead-of-time (AOT) compiled code and (3) profiling data.", Col2 Lines 41-57]

It would have been obvious to a person of ordinary skill in the art at the time of the filing to modify Michael with class sharing as taught by Yu. The reason for this modification would be deploy containerized applications that save memory by sharing parameters in a container/image rather than maintaining a copy for each instance of a VM/deployed app container.
Regarding claim 11, Michael does not teach wherein maintaining the plurality of cluster control planes further comprises: storing, in separate caches of memory, respective data unique to each of the plurality of cluster control planes, wherein data stored in one of the separate caches for a first cluster control plane of the plurality of cluster control planes is not accessible by a second control plane of the plurality of cluster control planes. Yu in the analogous networking art teaches service deployment environment using containers. Yu teaches wherein maintaining the plurality of cluster control planes further comprises: storing, in separate caches of memory, respective data unique to each of the plurality of cluster control planes, wherein data stored in one of the separate caches for a first cluster control plane of the plurality of cluster control planes is not accessible by a second control plane of the plurality of cluster control planes(only immutable portions are placed shared cache meaning portions not immutable i.e not common are maintained in different caches, Col2 Lines 41-57)
["A container orchestrator, in accordance with some embodiments of the present invention, comprises a class sharing orchestrator (CSO) subsystem. The CSO manages sharing of class data among containerized applications in a cloud environment to improve application startup performance, CPU consumption and memory footprint. A shared class cache allows multiple virtual machines, that operate in isolation from one another, to share a single cache, herein referred to as a “shared class cache” (SCC) that holds application class data. A class cache configured as a memory mapped file stores three pieces of information: (1) the immutable part of the classes, (2) ahead-of-time (AOT) compiled code and (3) profiling data.", Col2 Lines 41-57]

It would have been obvious to a person of ordinary skill in the art at the time of the filing to modify Michael with class sharing as taught by Yu. The reason for this modification would be deploy containerized applications that save memory by sharing parameters in a container/image rather than maintaining a copy for each instance of a VM/deployed app container.




Applicant Remarks

Applicant’s arguments that Michael does not teach request to modify or ready a tenant clusters via an API request are considered an found unpersuasive. Michael teaches a user i.e. the tenant accessing and modifying the tenant network via a web user interface/web-ui/webapp ¶s184,187. Thus Michael further teaches requests received via API request to the control plane( management plane in Michael).
The applicant further argues that the control plane of Michael corresponds to routing configurations of a tenant.  The examiner contends that the control plane i.e routing configuration of a tenant network meets a broad and reasonable interpretation of the term control plane. Control plane as it is know is the art is directed to routing paths/configurations of a tenant network. Michael teaches a per tenant control plane(routing configuration) and further that changes to made by a client can including routing config changes(see Michael ¶230 regarding tenant changing DNS address). Is appears from the applicant amendments and arguments that the  applicant wishes the control plane claimed to refer to the modifying/reading of application/services of a tenant. Although the broadest reasonable interpretation would include interpretation of control plane as regarding routing configuration, the examiner takes the applicant’s intended interpretation. Under such an interpretation the examiner contends that the Michael in further view of Maes teaches identification of a control plane, and determination of whether a control plane is active prior to performing modification of a tenant network as claimed.
.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOM Y. CHANG whose telephone number is (571)270-5938.  The examiner can normally be reached on Monday - Thursday from 9am to 5pm.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, William Trost, can be reached on (571)272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 
Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/TOM Y CHANG/
Primary Examiner, Art Unit 2456