Detailed Action 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim 1,9, 16 are amended
Claims 1-20 are pending

Response to Arguments

Applicant's arguments with respect to the amendment filed 06/13/2022 have been considered but are not persuasive. Regarding applicant arguments of Claim 9 in page-12,” Nayakbomman does not have anything to do with a parent NIC providing a child network interface configuration comprising a compute instance associated with a placeholder network interface in which an eNIC utilizes the placeholder network interface and is attached to the compute instance of the parent NIC, as recited in amended independent claim 9.” The Examiner disagrees. Nayakbomman teaches in Fig1, [0040]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines. Network module-17A can be a vNIC (=child NIC) as described in [0051] -Container platform 19A includes a network module 17A that configures virtual network interfaces for virtual network endpoints. [0052] Network module 17A may represent library, a plugin, a module, a runtime, or other executable code for server 12A (=provide compute instance). In the broadest reasonable interpretation, the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]. Network module 17A(=vNIC) is associated with vRouter-21A(=placeholder) using “compute instance of parent NIC” as described in ([0040]- Any of NICs 13 may provide one or more virtual hardware components 2.1 for virtualized input / output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13).
These arguments also apply to claims 1 and 16.




Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 9,10,11,16,17,20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated Nayakbomman et al. (US 2020/0073692 A1) (hereinafter, " Nayakbomman ")
Regarding claim 9, A method for supporting a multi-VNet homing in a cloud computing environment on a single virtual machine, comprising(Nayakbomman teaches in FIG. 4 is a flow diagram illustrating the example creation of multiple network virtual interfaces for a virtual executionelement using a single network module, according to techniques described in this disclosure.[0018] FIG. 4 is a flow diagram illustrating example creation of multiple network virtual interfaces for a virtual execution element using a single network module, according to techniques described in this disclosure).

providing a plurality of compute instances on the single virtual machine (Nayakbomman teaches in [0113] The annotations may be labels for the pod configuration that indicate the virtual networks, such as "virtual network A" and "virtual network B").

implementing a parent network interface controller (NIC) on the virtual machine in which the parent NIC is configured to support one or more flexibly extensible NICs (eNICs) that are each dynamically attachable and detachable from the parent NIC (Nayakbomman teaches in Fig. 1 shows the NIC-13A (=parent NIC) attached using switches to service provider network-7(=service subscription of provider)[0040] Servers 12 each includes at least one network interface card (NIC) 13, which each includes at least one interface to exchange packets with TOR switches 16 over a communication network. For example, server 12A includes NIC 13A. Any of NICs 13 may provide one or more virtual hardware components 21 for virtualized input/output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13 (the "physical function")Also in [0040] as another example, one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines, where such vNICs may also represent a type of virtual hardware component that provide virtual network interfaces to virtual network endpoints. In some instances, the virtual hardware components are virtual I/O (e.g., NIC) components). 

providing management plane access to the plurality of compute instances from a service provider virtual network (VNet) that is at least partially instantiated on the single virtual machine through the parent NIC (Nayakbomman teaches in [0035] The control plane protocol between the control plane nodes of the network controller 24 or a physical gateway (=parent Interface)router (or switch) may be BGP (and may be Net-conf for management). This is the same control plane protocol may also be used for MPLS L3VPNs and MPLS EVPNs. The protocol between the network controller 24 and the virtual routers 21 may be based on XMPP, for instance).

wherein the parent NIC provides a child network interface configuration comprising a compute instance associated with a placeholder network interface;(Nayakbomman teaches in Fig1, and [0051]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines. [0040]- Any of NICs 13 may provide one or more virtual hardware components 2.1 for virtualized input / output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13(=parent NIC provides child network interface configuration). Network module-17A can be a vNIC (=child NIC) as described in [0051] -Container platform 19A includes a network module 17A that configures virtual network interfaces for virtual network endpoints. [0052] Network module 17A may represent library, a plugin, a module, a runtime, or other executable code for server 12A (=provide compute instance to parent NIC within server 12).

implementing an eNIC that utilizes the placeholder network interface, and which  is attached to the compute instance of the parent NIC; and providing data plane access to the plurality of compute instances from a customer VNet (Nayakbomman teaches in Fig1, [0040]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines. 
Fig1 shows vRouter-21A attached to [0086] a virtual network control plane (including network controller 24 and virtual router agent 216 for minion nodes) manages the configuration of virtual networks implemented in the data plane in part by virtual routers 220 of the minion nodes. Virtual router agent 216 communicates, to network modules 206, interface configuration data for virtual network interfaces to enable an orchestration control plane element (i.e., network module 206) to configure the virtual network interfaces according to the configuration state determined by the network controller 24, thus bridging the gap between the orchestration control plane and virtual network control plane.[0006] Often short-lived, containers can be created and moved more efficiently than VMs, and they can also be managed as groups of logically-related elements (sometimes referred to as "pods" for some orchestration platforms, e.g., Kubernetes).

wherein the management plane access from the service provider VNet and data plane access from the customer VNet are isolated using discrete data paths through the respective parent NIC and eNIC (Nayakbomman teaches in [0035] the control plane protocol between the control plane nodes of the network controller 24 or a physical gateway router (or switch) may be BGP (and may be Net-conf for management). The protocol between the network controller 24 and the virtual routers 21 may be based on XMPP, for instance).

Regarding claim 10, The method of claim 9 in which networking policy is implemented for the compute instances without disruption to traffic on the management plane (Nayakbomman teaches in [0029] Any server of servers 12 may be configured with virtual execution elements by virtualizing resources of the server to provide an isolation among one or more processes (applications) executing on the server. "Hypervisor-based" or "hardware-level" or "platform" virtualization refers to the creation of virtual machines that each includes a guest operating system for executing one or more processes. In general, a virtual machine provides a virtualized/guest operatingsystem for executing applications in an isolated virtual environment. Because a virtual machine is virtualized from physical hardware of the host server, executing applications are isolated from both the hardware of the host and other virtual machines. Each virtual machine may be configured with one or more virtual network interfaces for communicating on corresponding virtual networks).

Regarding claim 11, The method of claim 9 further including implementing a plurality of discrete eNICs in which a unique network partition identifier (NPI) is assigned to respective eNICs among the plurality and in which datapath isolation is provided based on the NPI (Nayakbomman teaches in [0011]wherein the network module is configured to: obtain an identifier of a first virtual network interface for a first virtual network and an identifier of second virtual network interface for a second virtual network; and attach the first virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the first virtual network; and attach the second virtual network interface to the virtual execution element to enable packetized communications by the virtual execution element on the second virtual network).

Regarding claim 16, One or more hardware-based non-transitory computer-readable memory devices storing computer-executable instructions which, upon execution by one or more processors in a computer server, cause the computer server to: create a virtual machine on which a plurality of compute instances is provided (Nayakbomman teaches Fig3 shows a computing device -300 comprising microprocessor-310.Fig-3 having memory-344 connected to network interface card-330 connected to user space -345 through kernel-314. User space-345 implements virtual machine using network controller-324 which is the network controller-24 of Fig1. Network controller-24 of Fig 1 is connected to NIC-13a (=parent NIC) and virtual router 21A(=eNIC)).

create a virtual machine on which a plurality of compute instances is provided (Nayakbomman teaches FIG. 1 is a block diagram illustrating an example computing infrastructure 8 where data center-10 provides an operating environment for applications and services for a customer sites-11 (illustrated as "customers 11").In [0021] For example, data center 10 may host multiple tenants (=customers)each associated with one or more virtual private networks (VPNs)(=virtual machine), each of which may implement one of customer sites 11. In [0029], any server of servers 12 may be configured with virtual execution elements by virtualizing resources of the server...creation of virtual machines that each includes a guest operating system for executing one or more processes).

provide a parent network interface controller (NIC) that is configured for connection to the plurality of compute instances from a first virtual network (VNet) (Nayakbomman teaches Fig. 1 shows the NIC-13A (=parent NIC) attached using switches to service provider network-7(=service subscription of provider). In [0040] Servers 12 each includes at least one network interface card (NIC) 13, which each includes at least one interface to exchange packets with TOR switches 16 over a communication network. For example, server 12A includes NIC 13A. Any of NICs 13 may provide one or more virtual hardware components 21 for virtualized input/output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13 (the "physical function"). In, [0040], as another example, one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines, where such vNICs may also represent a type of virtual hardware component that provide virtual network interfaces to virtual network endpoints. In some instances, the virtual hardware components are virtual I/O (e.g., NIC) components). 

wherein the parent NIC provides a child network interface configuration comprising a compute instance associated with a placeholder network interface; (Nayakbomman teaches in Fig1, and [0051]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines. [0040]- Any of NICs 13 may provide one or more virtual hardware components 2.1 for virtualized input / output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13(=parent NIC provides child network interface configuration). Network module-17A can be a vNIC (=child NIC) as described in [0051] -Container platform 19A includes a network module 17A that configures virtual network interfaces for virtual network endpoints. [0052] Network module 17A may represent library, a plugin, a module, a runtime, or other executable code for server 12A (=provide compute instance to parent NIC within server 12).

dynamically implement a flexibly extensible NIC (eNIC) that is attached to the compute instance of the parent NIC without a direct attachment to the compute instances on the virtual machine (Nayakbomman teaches [0040]As another example, one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines, where such vNICs may also represent a type of virtual hardware component that provide virtual network interfaces to virtual network endpoints. In some instances, the virtual hardware components are virtual I/O (e.g., NIC) components. [0040]- Any of NICs 13 may provide one or more virtual hardware components 2.1 for virtualized input / output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13(=vNIC connected to compute resources of parent NIC). Network module-17A can be a vNIC (=child NIC) as described in [0051] -Container platform 19A includes a network module 17A that configures virtual network interfaces for virtual network endpoints.). 

provide an isolated data path to at least one of the compute instances through the eNIC using the placeholder network interface from a second VNet (Nayakbomman teaches and [0051]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines.  [0012] In another example, a controller comprises one or more computing devices interconnected by a physical network, wherein each of the computing devices comprises processing circuitry coupled to a memory device, wherein the controller further comprises: an orchestrator for a virtualized computing infrastructure, wherein the orchestrator is configured for execution by the processing circuitry, wherein the orchestrator is configured to: send, to a network controller, a request to create, for a virtual execution element to be instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for a first virtual network and a second virtual network).

and implement networking policies applicable to the second VNet using the isolated data path to the at least one of compute instances independently from operations on the first VNet (Nayakbomman teaches [0012] and the network controller, wherein the network controller is configured for execution by the processing circuitry, wherein the network controller is configured to: send, to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network, wherein the interface configuration data includes an identifier of the first virtual network interface for the first virtual network and an identifier of the second virtual network interface for the second virtual network).

Regarding claim 17, The one or more hardware-based non-transitory computer-readable memory devices of claim 16 in which the eNIC is compute-independent, and a goal state for the eNIC is controlled by software-defined networking operations that execute, at least in part, on the computer server ( Nayakbomman teaches in [0013] In another example, a method comprises sending, by an orchestrator for a virtualized computing infrastructure to a network controller for the virtualized computing infrastructure, a request to create, for a virtual execution element to be instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfacesfor a first virtual network and a second virtual network; and sending, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network, wherein the interface configuration data includes an identifier of the first virtual network interface for the first virtual network and an identifier of the second virtual network interface for thesecond virtual network).

Regarding claim 20, The one or more hardware-based non-transitory computer-readable memory devices of claim 16 in which the instructions further cause the computer server to attach multiple eNICs to the parent NIC to associate ones of the compute instances with different tenants to thereby implement a multi-tenant virtual machine ( Nayakbomman teaches in FIG. 4 is a flow diagram illustrating the example creation of multiple network virtual interfaces for a virtual execution element using a single network module, according to techniques described in this disclosure.[0018] FIG. 4 is a flow diagram illustrating example creation of multiple network virtual interfaces for a virtual execution element using a single network module, according to techniques described in this disclosure).

	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8,12-15,18,19 are rejected under 35 U.S.C. 103 as being unpatentable over  Nayakbomman et al. (US 2020/0073692 A1) (hereinafter, " Nayakbomman ") in view of Fritz et al. (US 10938641 B1) (hereinafter, "Fritz")

Regarding claim 1, A computing system operated by a provider of a service, comprising: one or more processors;(Nayakbomman teaches Fig3 shows a computing device -300 comprising microprocessor-310)
	and at least one hardware-based non-transitory computer-readable memory having computer-executable instructions stored thereon which, when executed by the one or more processors, cause the computing system to (Nayakbomman teaches Fig-3 having memory-344 connected to network interface card-330 connected to user space -345 through kernel-314. User space-345 implements virtual machine using network controller-324 which is the network controller-24 of Fig1. Network controller-24 of Fig 1 is connected to NIC-13a (=parent NIC) and virtual router 21A(=eNIC))

implement a virtual machine on the computing system in which computing resources are instantiated, (Nayakbomman teaches FIG. 1 is a block diagram illustrating an example computing infrastructure 8 where data center-10 provides an operating environment for applications and services for a customer sites-11 (illustrated as "customers 11").In [0021] For example, data center 10 may host multiple tenants (customers)each associated with one or more virtual private networks (VPNs)(=virtual machine), each of which may implement one of customer sites 11. In [0029], any server of servers 12 may be configured with virtual execution elements by virtualizing resources of the server...creation of virtual machines that each includes a guest operating system for executing one or more processes. In [0030] Virtual networks are logical constructs implemented on top of the physical networks. Virtual networks may be used to replace VLAN-based isolation and provide multi-tenancy in a virtualized data center, e.g., data center 10. Each tenant or an application can have one or more virtual networks. Each virtual network may be isolated from all the other virtual networks unless explicitly allowed by security policy. In [0032], a virtual network can also be implemented using two networks - the physical underlay network made up of IP fabric 20 and switching fabric 14 and a virtual overlay network. The role of the physical underlay network is to provide an "IP fabric," which provides unicast IP connectivity from any physical device (server, storage device, router, or switch) to any other physical device).

implement a parent network interface controller (NIC) for the virtual machine, in which the parent NIC is associated with a service subscription of the provider (Nayakbomman teaches Fig. 1 shows the NIC-13A (=parent NIC) attached using switches to service provider network-7(=service subscription of provider)[0040] Servers 12 each includes at least one network interface card (NIC) 13, which each includes at least one interface to exchange packets with TOR switches 16 over a communication network. For example, server 12A includes NIC 13A. Any of NICs 13 may provide one or more virtual hardware components 21 for virtualized input/output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13 (the "physical function")).

wherein the parent NIC provides a child network interface configuration comprising a compute instance associated with a placeholder network interface, (Nayakbomman teaches in Fig1, and [0051]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines. [0040]- Any of NICs 13 may provide one or more virtual hardware components 2.1 for virtualized input / output (I/O). A virtual hardware component for I/O maybe a virtualization of a physical NIC 13(=parent NIC provides child network interface configuration). Network module-17A can be a vNIC (=child NIC) as described in [0051] -Container platform 19A includes a network module 17A that configures virtual network interfaces for virtual network endpoints. [0052] Network module 17A may represent library, a plugin, a module, a runtime, or other executable code for server 12A (=provide compute instance to parent NIC within server 12).


create a flexibly extensible NIC (eNIC) configured to provide a connection to the computing resources from a virtual network using the placeholder network interface, in which the eNIC is attachable and detachable from the compute instance of the parent NIC and is further associated with the service subscription(Nayakbomman teaches in Fig1, [0040]- the vRouter-21A is interpreted as a placeholder connecting NIC 13A (=parent NIC) to vNIC (=child NIC) as described in [0040]- one or more servers 12 may implement Open vSwitch to perform distributed virtual multilayer switching between one or more virtual NICs (vNICs)(=eNIC) for hosted virtual machines. 
Fig1 shows vRouter-21A attached to [0086] a virtual network control plane (including network controller 24 and virtual router agent 216 for minion nodes) manages the configuration of virtual networks implemented in the data plane in part by virtual routers 220 of the minion nodes. Virtual router agent 216 communicates, to network modules 206, interface configuration data for virtual network interfaces to enable an orchestration control plane element (i.e., network module 206) to configure the virtual network interfaces according to the configuration state determined by the network controller 24, thus bridging the gap between the orchestration control plane and virtual network control plane.[0006] Often short-lived, containers can be created and moved more efficiently than VMs, and they can also be managed as groups of logically-related elements (sometimes referred to as "pods" for some orchestration platforms, e.g., Kubernetes).

receive a request from a customer to access the computing resources on the virtual machine on demand, in which the customer has a customer subscription for a customer virtual network (VNet) that is operable, at least in part, on the computing system, (Nayakbomman teaches [0011] an orchestration agent configured for execution by the processing circuitry , wherein the orchestration agent is an agent of an orchestrator for a computing infrastructure that includes the computing device , wherein the orchestration agent is configured to : instantiate a virtual execution 
element; and invoke the network module, wherein the network module is configured to: obtain an identifier of a first virtual network interface for a first virtual network and an identifier of second virtual network).

Nayakbomman does not teach in response to the on-demand customer request, dynamically swap the eNIC from the service subscription to the customer subscription so that the computing resources are connected to the customer VNet.

Fritz teaches in response to the on-demand customer request, dynamically swap the eNIC from the service subscription to the customer subscription so that the computing resources are connected to the customer VNet in (Fig. 5 shows steps 505 through 535 for the compute instance to launch a development environment-520 based on obtaining an identification of a compute instance of the provider network-515. Fig. 4 shows virtual network-135(=eNIC) implemented over provider network-100 as in Fig1.In Col-3L37-54 - In some embodiments, a customer may lease or rent computing resources for the exclusive use of the customer and/or its users. Such computing resources are limited to only those users with permissions to access the computing resources and may be isolated from other parts of the provider network via a virtual private network 135 implemented “over-the-top” of the provider network 100. In some embodiments, computing resources are generally available to customers of the provider network 100 and provided as services. A user's usage of these generally available services may be factored into a cost attributed to the customer. In either case, the computing resources are generally accessible through one or more application programming interfaces (APIs), either directly or indirectly through other services or components of the provider network 100. For example, a computing resource may be an Apache Spark cluster including an Apache Livy API through which a user submits jobs to the cluster).

It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman wherein in response to the on-demand customer request, dynamically swap the eNIC from the service subscription to the customer subscription so that the computing resources are connected to the customer VNet as taught by Fritz to leverage one more computing resources of the provider network for compute and/or data - intensive operations such as stores including cloud-based object - data stores and data lakes spread across a variety of different data stores. Computing resources may further be combinations of computing and data storage resources [Col-3 L20-25].

Regarding claim 2, The computing system of claim 1 in which data traffic between the computing resources and the customer VNet flows through the eNIC.(Nayakbomman teaches [0075] The VRFs 222 of virtual routers 220(part of VNIC of claim-1) for the minion nodes may be configured to cause traffic forwarding along the sequence of services(service provider 7= customer), such as by configuring service VRFs for the containerized network functions to use as left VRFs(=part of compute server 12) for the service.[0069] and see Fig2 -Virtual router 220(part of VNIC = eNIC)  implements one or more virtual routing and forwarding instances (VRFs) 222A-222B for respective virtual networks for which virtual router 220 operates as respective tunnel endpoints).

Regarding claim 3, The computing system of claim 2 in which the computing resources comprise compute instances (Nayakbomman teaches [0034] A given virtual router 21 only needs to contain those routing instances that are locally present on the server 12 (i.e. which have at least one virtual execution element (=compute instance) present on the server 12).

Regarding claim 4, Nayakbomman teaches  The computing system of claim 2 in which one or more networking policies are tied to computing resources, in which the networking policies are expressed by one or more rules for one of  tunneling(in [0033] As described further below with respect to virtual router 21A, virtual routers running in the kernels or hypervisors of the virtualized servers 12 create a virtual overlay network on top of the physical underlay network using a mesh of dynamic "tunnels" amongst themselves).

Regarding claim 5, The computing system of claim 1 in which the parent NIC comprises a created compute instance having at least one placeholder network interface in which the eNIC is dynamically attachable and detachable from the created compute instance (Nayakbomman teaches [0040] Servers 12 each includes at least one network interface card (NIC) 13, which each includes at least one interface to exchange packets with TOR switches 16 over a communication network. For example, server 12A includes NIC 13A. Any of NICs 13 may provide one or more virtual hardware components 21 for virtualized input/output (I/O). Nayakbomman teaches in [0041] Any of NICs 13 may include an internal device switch to switch data between virtual hardware components 21 associated with the NIC. For example, for an SR-IOV-capable NIC, the internal device switch may be a Virtual Ethernet Bridge (VEB) to switch(=attach/detach) between the SR-IOV virtual functions and, correspondingly, between endpoints configured to use the SR-IOV virtual functions, where each endpoint may include a guest operating system).

Regarding claim 6, The computing system of claim 1 in which the parent NIC is a virtual NIC that is implemented using one or more compartments, in which each of the one or more compartments contains a separate instance of an eNIC using a child network interface configuration (Nayakbomman teaches [0040] Servers 12 each includes at least one network interface card (NIC) 13, which each includes at least one interface to exchange packets with TOR switches 16 over a communication network .Any of NICs 13 may provide one or more virtual hardware components 21 for virtualized input/output (I/O)).

Regarding claim 7, Nayakbomman teaches, The computing system of claim 1 in which the virtual machine includes a first discrete group of resources that is connected to the customer's VNet through the eNIC ([0012] In another example, a method comprises sending, by an orchestrator for a virtualized computing infrastructure to a network controller for the virtualized computing infrastructure, a request to create, for a virtual execution element to be instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for a first virtual network and a second virtual network; and sending, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual. The virtualized computing infrastructure is described further in [0036] as "virtual execution element" encompassing virtual machines, containers, and other virtualized computing resources that provide an at least partially independent execution environment for applications. The term "virtual execution element" may also encompass a pod of one or more containers (=discrete group of resources). As shown in FIG. 1, server 12A hosts one virtual network endpoint in the form of pod 22A having one or more containers.).
Nayakbomman does not teach and further includes a second discrete group of resources that is accessed through the parent NIC and is not connected to the customer's VNet.
Fritz teaches and further includes a second discrete group of resources that is accessed through the parent NIC and is not connected to the customer's VNet (Col-4 L55-60 A virtual private network 135(=VNet) may isolate one or more of the editor instances 130 , the editor manager service 105,the instance pool manager service 107 , the editor monitor service 109 , the editor metadata 120 , and , option ally , the data store 145 within the provider network 100. Here “discrete group of resources” refers to the editor applications 130,105, 109, 120. Further in Col-5 L7-10, Entries in the editor metadata may include a customer or user identifier that uniquely identifies customers or users with permission to access the associated editor, an editor identifier that uniquely identifies the editor. Here “permission to access” can create - is not connected to the customer's VNet).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman to use the system as taught by Fritz to add virtualization technologies may allow a single physical computing machine to be shared among multiple users by providing each user with one or more virtual machines hosted by the single physical computing machine with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource while also providing application isolation and security among the various virtual machines[Background].

Regarding claim 8, the dynamic swap enables connectivity to the computing resources from the customer's VNet without restarting the virtual machine( Nayakbomman teaches [0034] In some examples, containers are managed by their host kernel to allow limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, in some cases using namespace isolation functionality that allows complete isolation of an application’s (e.g., a given container) view of the operating environment, including process trees, networking, user identifiers and mounted file systems. In [0034] Nayakbomman teaches, no single virtual router 21 needs to contain all IP prefixes or all MAC addresses for all virtual machines in the entire data center).

Regarding claim 12, Nayakbomman does not teach different discrete eNICs are respectively associated with different customer subscriptions 
Fritz teaches different discrete eNICs are respectively associated with different customer subscriptions (in Col4 L10-14 The provider network 100 includes one or more frontend services 115 and a proxy service 140 In an exemplary embodiment, a user requests the launch of a development environment via the frontend service (s) 115 and communicates with a launched development environment via the proxy service 140. In addition, Col2 L45-55 The environment includes a customer device 111 in communication with a provider network 100 via one or more intermediate networks 106, such as the internet. The provider network 100 provides users with the ability to utilize one or more of a variety of types of computing-related resources such as compute resources (e.g., executing virtual machine (VM) instances and/or containers).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman use different discrete eNICs are respectively associated with different customer subscriptions as taught by Fritz to decouple the development of applications from the underlying computing resources on which those applications execute [Col-3 L55-57].

Regarding claim 13, Nayakbomman does not teach the service provider injects one or more compute instances into the customer VNet to implement a cloud-computing service 
Fritz teaches the service provider injects one or more compute instances into the customer VNet to implement a cloud-computing service (in Col-15 L32-35, Using the virtualized computing resource instances 612 and public IP addresses 614 provided by the service provider , a customer of the service provider such as the operator of customer network ( s ) 650A - 650C may , for example , implement customer - specific applications and present the customer's applications on an intermediate network 640 , such as the Internet ).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman wherein the service provider injects one or more compute instances into the customer VNet to implement a cloud-computing service as taught by Fritz to provide resource virtualization to customers via one or more virtualization services that allow customers to purchase , rent , or otherwise obtain instances of virtualized resources , including but not limited to computation and storage resources , implemented on devices within the provider net- work or networks in one or more data centers[Col-15,L5-7].

Regarding claim 14, Nayakbomman does not teach the compute instances are injected into different customer subnets on the virtual machine 
Fritz teaches the compute instances are injected into different customer subnets on the virtual machine (in Col-10 L47-55 In some embodiments, the editor application may be connected to multiple, different computing resources 150 so that different portions of a user's code may execute on different computing resources 150. In Fig. 4, the virtual environment-407 includes compute instances or virtual containers-420 which can launch multiple compute resources-150 within virtual network-470).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman wherein the compute instances are injected into different customer subnets on the virtual machine as taught by Fritz to decouple the development of applications from the underlying computing resources on which those applications execute [Col-3 L55-57].

Regarding claim 15, Nayakbomman does not teach different discrete eNICs are respectively associated with the different customer subnets.
     Fritz teaches different discrete eNICs are respectively associated with the different customer subnets (in Col-3 L20-25 A customer may leverage one more computing resources of the provider network for compute- and / or data - intensive operation, such as a computing resource 150. Such computing resources include, but are not limited to, computing clusters and / or distributed data stores).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman wherein use different discrete eNICs are respectively associated with the different customer subnets as taught by Fritz to add virtualization technologies that may allow data storage hardware to be shared among multiple users by providing each user with a virtualized data store which may be distributed across multiple data storage devices , with each such virtualized data store acting as a distinct logical data store that provides users with the illusion that they are the sole operators and administrators of the data storage resource[Background].

Regarding claim 18, Nayakbomman does not teach the parent NIC and the eNIC are associated with a common subscription.
	Fritz teaches the parent NIC and the eNIC are associated with a common subscription (in Col-3 L55-60 A virtual private network 135 may isolate one or more of the editor instances 130, the editor manager service 105, the instance pool manager service 107, the editor monitor service 109, the editor metadata 120, and the data store 145 within the provider network 100).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman wherein in response to the on-demand customer request, dynamically swap the eNIC from the service subscription to the customer subscription so that the computing resources are connected to the customer VNet as taught by Fritz to enable a user to directly utilize a compute instance hosted by the provider network to perform a variety of computing tasks or may indirectly utilize a compute instance by submitting code to be executed by the provider network , which in turn utilizes a compute instance to execute the code[Col-3 L15-19].

Regarding claim 19, Nayakbomman does not teach the parent NIC and the eNIC are associated with different subscriptions.
Fritz teaches the parent NIC and the eNIC are associated with different subscriptions.
(in Col4 L10-14 The provider network 100 includes one or more frontend services 115 and a proxy service 140 In an exemplary embodiment, a user requests the launch of a development environment via the frontend service (s) 115 and communicates with a launched development environment via the proxy service 140. In addition, Col2 L45-55 The environment includes a customer device 111 in communication with a provider network 100 via one or more intermediate networks 106, such as the internet. The provider network 100 provides users with the ability to utilize one or more of a variety of types of computing-related resources such as compute resources (e.g., executing virtual machine (VM) instances and/or containers).
It would have been obvious to a person having an ordinary skill in the art before the effective date of the claimed invention to modify the system of Nayakbomman as to the parent NIC and the eNIC associated with different subscriptions as taught by Fritz to decouple the development of applications from the underlying computing resources on which those applications execute [Col-3 L55-57].


Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Anindita Sen whose telephone number is (571)-272-2390. The examiner can normally be reached 7:30am-5:30pm,PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Avellino can be reached at (571)-272-3905. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANINDITA SEN/Examiner, Art Unit 2478

/JOSEPH E AVELLINO/Supervisory Patent Examiner, Art Unit 2478