DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responsive to communication received on 06/15/2022. Claims 1-20 are pending of which claims 1, 5, 6, 8, 12, 13, 15, 19 and 20 are amended.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-3, 8-10 and 15-17 are rejected under 35 U.S.C. 102a2 as being anticipated by Kempe US 10,469,304.
Regarding claims 1, 8 and 15, Kempe teaches a system, method and non-transitory medium comprising instructions implementing the method for cross region resource management for regional infrastructure resources in a cloud infrastructure environment, comprising: a computer comprising one or more microprocessors(console computer provides access to manage and configure network Col 4 Line 65 - Col 5 Line 22) 
["FIG. 1 illustrates an example client configuration on an example provider network implementation in which embodiments of the network visualization service and the network diagrams provided thereby may be implemented, and is not intended to be limiting. A client network 60 may couple to a provider network 10 via an intermediate network 50. Note that other client(s) 80 may also couple to the provider network 10 via the intermediate network 50. The client network 60 may include a local network 62 to which one or more client devices 64 are coupled. The client network may also include a client management console 66. The client network 60 may be operated by a client of the service provider that provides and operates the provider network 10. The provider network 10 may include provider network management process(es) 12 that may be accessed from the client management console 66, for example via one or more user interfaces to the management process(es) 12 displayable on the client management console 66. By accessing the management process(es) 12 via the client management console 66, the client may obtain (e.g., purchase, rent, or lease), configure, and manage resource components 16, including but not limited to computation and storage resource components, load balancer components, router components, gateway components, and appliance components on the provider network 10.” Col 4 Line 65 - Col 5 Line 22]

a cloud infrastructure environment comprising a plurality of regions, wherein a tenancy is defined within the cloud infrastructure environment, the tenancy spanning at least two of the plurality of regions, the tenancy defining a secure(security services  and security groups provide customer security, Col5 Line 60 - Col6 Line 10) and isolated(private client network) computing partition that spans the plurality of regions(customer/tenant create client  private network that include one or more availability zone in one or more geographic regions, Col 3 Lines 3-35, Col 4 Lines 18-54)
["Various embodiments of methods and apparatus for providing dynamic and interactive graphical displays of clients' virtual private network infrastructures and configurations in provider network environments are described. Conventionally, information about a client's configuration on a provider network has been provided in tabular/textual formats. A network visualization service is described that may auto-generate a graphical, dynamic, and interactive network diagram of the infrastructure (resource instances, connections, etc.) of a client's virtual private network as implemented on the provider network. The network diagram may, for example, be provided by the network visualization service to a physical console at the client's external network for display on the console, or to other access-enabled devices for display on the devices. The network diagram may include representations of various components of the client's virtual private network including but not limited to representations of compute instances, data storages (e.g., block-based storage volumes), databases, queues, virtual appliances, routers, load balancers, and other virtual components of the client's virtual private network, as well as relationships among and connections between and among the various components. In at least some embodiments, the network diagram may also display logical and/or physical/geographical groupings of the virtual resources in the client's virtual private network, such as security groups, availability zones, and geographic regions. Embodiments of the network visualization service and the network diagram provided thereby may make visualizing the client's provider network infrastructure and architectural organization much easier than the conventional tabular/textual formats, for example allowing the client to easily detect architectural vulnerabilities.",  Col 3 Lines 3-35]
["FIGS. 13 through 19 and the section titled Example provider network environments illustrate and describe example environments in which embodiments of the methods and apparatus as described herein may be implemented, and are not intended to be limiting. In at least some embodiments, at least some of the resources provided to the clients of the service provider via the provider network may be virtualized computing resources implemented on multi-tenant hardware that is shared with other client(s) and/or on hardware dedicated to the particular client, as illustrated in FIGS. 13 through 19. Each virtualized computing resource (e.g., a virtual machine (VM) 1024 or virtualized storage 1018 as shown in FIG. 14) may be referred to as a resource instance. Note, however, that in at least some provider network implementations at least some of the resources that are provided to clients may be actual physical devices such as server systems or other types of computing or networking devices. In this document, the term “component” may be used to refer to any resource on a provider network that may be provided to a client, where “component” refers to either a virtualized computing resource (e.g., a VM, or a virtualized data volume) that may be configured to perform some function or to a physical resource such as a device or system that may be configured to perform some function. Clients of the service provider may access various services of the provider network via APIs to the services to obtain various resource components and to establish and manage virtual network configurations that include the components, for example virtual private networks as described herein. Embodiments of the network visualization service as described herein may be provided by the service provider and accessed by the clients of the service provider to display and view graphical representations of the client's virtual network configurations (referred to as network diagrams) on the provider network, and to manage or reconfigure the virtual configurations via various user interface manipulations of the graphical representations.",  Col 4 Lines 18-54]
["In at least some embodiments, a private network may itself include one or more subnets. For example, a client's private network may be subdivided into a public-facing subnet and a private-facing subnet, or into other numbers and combinations of public-facing and/or private-facing subnets. The client may have control over network functionality of the subnet(s) in the client's private network, for example controlling incoming and outgoing network traffic. A private network may, for example, enable a client to connect existing infrastructure on the client's network 60 to the logically isolated resource instances in the subnet(s) of the private network, and to extend management capabilities such as security services, firewalls, and intrusion detection systems to include the client's resource instances in the subnet(s) of the private network. As another example, private networks may be used by third parties and/or by the service provider to provide appliance services or other services on the service provider network.", Col5 Line 60 - Col6 Line 10]
 and a cross-region resource management tool comprising a user interface(client management console interface for managing tenant deployment); 
["FIG. 1 illustrates an example client configuration on an example provider network implementation in which embodiments of the network visualization service and the network diagrams provided thereby may be implemented, and is not intended to be limiting. A client network 60 may couple to a provider network 10 via an intermediate network 50. Note that other client(s) 80 may also couple to the provider network 10 via the intermediate network 50. The client network 60 may include a local network 62 to which one or more client devices 64 are coupled. The client network may also include a client management console 66. The client network 60 may be operated by a client of the service provider that provides and operates the provider network 10. The provider network 10 may include provider network management process(es) 12 that may be accessed from the client management console 66, for example via one or more user interfaces to the management process(es) 12 displayable on the client management console 66. By accessing the management process(es) 12 via the client management console 66, the client may obtain (e.g., purchase, rent, or lease), configure, and manage resource components 16, including but not limited to computation and storage resource components, load balancer components, router components, gateway components, and appliance components on the provider network 10.” Col 4 Line 65 - Col 5 Line 22]

wherein a plurality of resources of the tenancy are provided, wherein each of the plurality of resources are located within the computing partition defined within a respective region of the at least two of the plurality of regions(client private network exist across geographical regions and availability zones, Col 11 Line 65 - Col 12 Line 5]) 
[" For example, in some embodiments, the private network diagram may be overlaid on a geographic map to visualize geographical distribution of the private network across geographic regions and/or across availability zones within a geographic region. See FIGS. 18 through 20 for more information on geographic regions and availability zones, and FIG. 20 for an example of overlaying the private network diagram on a map.", Col 11 Line 65 - Col 12 Line 5]
wherein, upon receiving a request associated with the tenancy, the cross-region resource management tool displays, via the user interface, a listing of the plurality of resources of the tenancy(client management console allows displaying and requesting additional information on client network resources, Col 12 Line 65 -  Col 13 Line 6); 
["However, in at least some embodiments, the provider network management processes via which the client obtains compute instances 130 may allow the user to provide names and/or descriptions for compute instances 130, and this information may be displayed to the client private network diagram 101 as textual labels and/or as meta-information that may be displayed by the client, e.g. by selecting a particular compute instance and requesting additional information (see, e.g., FIGS. 7A through 7C)." Col 12 Line 65 -  Col 13 Line 6]
wherein the cross-region resource management tool displays, in association with the display of the plurality of resources, an indication of a respective location of each of the plurality of resources, the respective location of each of the plurality of resources corresponding to the respective region in which each of the plurality of resources of the tenancy are provided, wherein at least two of the respective locations are different( management console displays various screen showing information and locations, topology of client private network  Col 11 Line 65 - Col 12 Line 5, Fig 18-20)
[" For example, in some embodiments, the private network diagram may be overlaid on a geographic map to visualize geographical distribution of the private network across geographic regions and/or across availability zones within a geographic region. See FIGS. 18 through 20 for more information on geographic regions and availability zones, and FIG. 20 for an example of overlaying the private network diagram on a map.", Col 11 Line 65 - Col 12 Line 5]

Regarding claims 2, 9 and 16, Kempe teaches wherein the cross-region resource management tool performs a management action on at least one resource of the plurality of resources of the tenancy(client can reconfigure network config via GUI, Col 4 Lines 41-54).
["Clients of the service provider may access various services of the provider network via APIs to the services to obtain various resource components and to establish and manage virtual network configurations that include the components, for example virtual private networks as described herein. Embodiments of the network visualization service as described herein may be provided by the service provider and accessed by the clients of the service provider to display and view graphical representations of the client's virtual network configurations (referred to as network diagrams) on the provider network, and to manage or reconfigure the virtual configurations via various user interface manipulations of the graphical representations.", Col 4 Lines 41-54]

Regarding claims 3, 10 and 17, Kempe teaches wherein the cross-region resource management tool performs the management action on at least one resource of the plurality of resources of the tenancy in response to instructions received from a user via the user interface of the cross-region resource management tool(client can reconfigure network config via GUI, Col 4 Lines 41-54).
["Clients of the service provider may access various services of the provider network via APIs to the services to obtain various resource components and to establish and manage virtual network configurations that include the components, for example virtual private networks as described herein. Embodiments of the network visualization service as described herein may be provided by the service provider and accessed by the clients of the service provider to display and view graphical representations of the client's virtual network configurations (referred to as network diagrams) on the provider network, and to manage or reconfigure the virtual configurations via various user interface manipulations of the graphical representations.", Col 4 Lines 41-54]

Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kempe as applied to claims 3, 10 and 17 above, and further in view of Moorthy US 9,806,958.

Regarding claims 4, 11 and 18, Kempe does not teach wherein prior to performing the management action on the at least one resource of the plurality of resources of the tenancy, the cross-region resource management tool determines a sufficient level of access of the user. Moorthy in the same field of endeavor teaches a system for administration of multi-tenant computing systems. Moorthy teaches wherein prior to performing the management action on the at least one resource of the plurality of resources of the tenancy, the cross-region resource management tool determines a sufficient level of access of the user(administrative roles can be assigned to certain client users to allow management of their own network).
[" As used herein, the term “administrative role” generally refers to any role (e.g., a role used for Role-Based Access Control (RBAC)) that may be assigned to a user that authorizes the user to administer one or more types of components within a computing system. Examples of administrative roles may include, without limitation, a server or system administrator role that is authorized to administer server components, a cluster administrator role that is authorized to administer cluster components, a storage administrator role that is authorized to administer storage components, an application administrator role that is authorized to administer application components, a security administrator role that is authorized to administer security components, a backup administrator role that is authorized to administer backup and/or restoration components, and a disaster-recovery administrator role that is authorized to administer disaster-recovery components.", Col 9 Lines 24-40]

[" As indicated above, the systems described herein may use several different levels of administrative roles to limit the administrative actions that a user is authorized to perform. In these examples, interface module 110 may provide a perspective to a user that enables the user to perform only those administrative actions that the user is authorized to perform. As also indicated above, an administrative role that has been assigned to a user may authorize the user to administer only a portion of a particular type of component within a computing system. In these examples, interface module 110 may ensure that the perspective of a computing system that is provided to a user contains only the portion of the particular type of component that the user is authorized to administer. Upon completion of step 310, exemplary method 300 in FIG. 3 may terminate." Col 13 Lines 51-65]

It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Kempe with permissions to control the ability of users to perform administrative tasks as taught by Moorthy. The reason for this modification would be to protect access to the client network of Kempe
	
Claims 5 -7, 12-14, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kempe/Moorthy as applied to claims 4, 11 and 18 above, and further in view of Vig US 10,853,182.
Regarding claims 5, 12, and 19, Kempe/Moorthy does not teach wherein the cross-region resource management tool is provided in a first region of the at least two of the plurality of regions; wherein the first region of the at least two of the plurality of regions is a home region of the user. Vig in the same field of endeavor teaches a system for multi-tenant cloude resource deployment. Vig teaches wherein the cross-region resource management tool is provided in a first region of the at least two of the plurality of regions; wherein the first region of the at least two of the plurality of regions is a home region of the user(one region may be assigned home region Col 24 Lines 22-35).
[" In the depicted scenario, contents 1008 of a base table may initially be stored at devices located at the three data centers 1004A-1004C of region 1002A. In some embodiments, each client of the database service may be assigned a “home” region, and the client's tables may be stored at data centers located within that home region by default. Continuous data protection may be enabled for table T1, e.g., at the request of the client on whose behalf T1 was created. As a result, the transmission of T1's change records to a journal service (whose resources may also be distributed across the different data centers and regions) maybe initiated, and snapshots of T1 may be stored periodically as discussed above (e.g., at a storage service whose resources may also be distributed). “, Col 24 Lines 22-35]

It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Kempe/Moorthy with designating a region/zone as a home region zone. The reason for this modification would be to identify a home network
	
 Regarding claims 6 and 13, Kempe teaches wherein the at least one resource on which the management action is performed on is located in a second region of the at least two of the plurality of regions(user can move instance from one region/zone to another, Col 3 Line 57 - Col 4 Line 4 ).
[" In at least some embodiments, the network diagram may be interactive. For example, the client may use the cursor or other user interface methods to select particular graphical objects on the network diagram to, for example, display additional information about a respective resource instance or connection. As another example, the client may use the cursor or other user interface methods to change the client's virtual private network configuration via the network diagram. For example, the client may drag-and-drop a representation of a resource instance from one security group into another, or from one availability zone to another Col 3 Line 57 - Col 4 Line 4]

Regarding claims 7, and 14, Kempe teaches wherein the management action comprises at least one of starting the at least one resource; stopping the at least one resource; creating the at least one resource; moving the at least one resource; and deleting the at least one resource(client can reconfigure network config via GUI, Col 4 Lines 41-54).
["Clients of the service provider may access various services of the provider network via APIs to the services to obtain various resource components and to establish and manage virtual network configurations that include the components, for example virtual private networks as described herein. Embodiments of the network visualization service as described herein may be provided by the service provider and accessed by the clients of the service provider to display and view graphical representations of the client's virtual network configurations (referred to as network diagrams) on the provider network, and to manage or reconfigure the virtual configurations via various user interface manipulations of the graphical representations.", Col 4 Lines 41-54]

Regarding claim 20, Kempe teaches wherein the at least one resource on which the management action is performed on is located in a second region(user can move instance from one region/zone to another, Col 3 Line 57 - Col 4 Line 4 ).
[" In at least some embodiments, the network diagram may be interactive. For example, the client may use the cursor or other user interface methods to select particular graphical objects on the network diagram to, for example, display additional information about a respective resource instance or connection. As another example, the client may use the cursor or other user interface methods to change the client's virtual private network configuration via the network diagram. For example, the client may drag-and-drop a representation of a resource instance from one security group into another, or from one availability zone to another Col 3 Line 57 - Col 4 Line 4]

and wherein the management action comprises at least one of starting the at least one resource; stopping the at least one resource; creating the at least one resource; moving the at least one resource; and deleting the at least one resource(client can reconfigure network config via GUI, Col 4 Lines 41-54).
["Clients of the service provider may access various services of the provider network via APIs to the services to obtain various resource components and to establish and manage virtual network configurations that include the components, for example virtual private networks as described herein. Embodiments of the network visualization service as described herein may be provided by the service provider and accessed by the clients of the service provider to display and view graphical representations of the client's virtual network configurations (referred to as network diagrams) on the provider network, and to manage or reconfigure the virtual configurations via various user interface manipulations of the graphical representations.", Col 4 Lines 41-54]

Applicant Remarks
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOM Y. CHANG whose telephone number is (571)270-5938.  The examiner can normally be reached on Monday - Thursday from 9am to 5pm.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, William Trost , can be reached on (571)272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 
Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/TOM Y CHANG/
Primary Examiner, Art Unit 2456