DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to application filed on 9/17/2020, wherein claims 1-21 are pending.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Dumba et al. (US PGPUB 2022/0050720) in view of Thoemmes et al. (US PGPUB 2022/0027217).

As for claim 1, Dumba teaches a system associated with a cloud-based computing environment (Fig. 1), comprising:
an orchestration layer platform (paragraph 71-72, “management layer 980…resource provisioning 981…provides dynamic procurement of computing resources and other resources that are utilized to perform tasks within the cloud computing environment…fulfillment 985 provide pre-arrangement for, and procurement of, cloud computing resources…workloads layer 990…mapping and navigation…software development and lifecycle management…and a workload management module…”,) comprising:
a computer processor (paragraph 69, “hardware …layer include hardware…components…examples of hardware components include: mainframes…servers…blade servers… storage devices 965…” is hardware and storage devices storing/executing software of management layer 980 and workload layer 990), and
a memory storage device including instructions that, when executed by the computer processor (paragraph 69, “hardware …layer include hardware…components…examples of hardware components include: mainframes…servers…blade servers…storage devices 965…” is hardware and storage devices storing/executing software of management layer 980 and workload layer 990), enable the orchestration layer platform to:
(i) deploy and manage multi-tenant workloads in the cloud-based computing environment (Fig. 9 – workloads layer 990, and paragraph 72, “…examples of workloads …include…991…992…993…994…995…”, see also paragraph 5, “managing…workload in a hybrid cloud invironment…” and paragraph 56, “…using a multi-tenant model…”); and
a Kubernetes control plane operator [kubernetes operator] associated with the multi-tenant workloads to detect a trigger event that results in a reconciliation request for a particular tenant workload (paragraph 26, “…in illustrative embodiments, a kubernetes operator is used…” teaches kubernetes operator can be used to perform the management functions disclosed elsewhere in the prior art.  paragraph 11, “…a reconciliation execution time is determined for execution of each of the identified operations. a reconciliation period between two consecutive reconciliations for each of the identified operations is determined…perform workload management.” teaches determining when a reconciliation task is to be executed, and subsequently perform workload management including reconciliation.  Thus, such a determined time is functionally a time trigger event for performing the reconciliation, thus, it is a time trigger based request to perform the reconciliation).
wherein, responsive to the reconciliation request, perform reconciliation for the particular tenant workload (paragraph 40, “given an input of …operations associated with a reconciliation period (RP) and reconciliation time/cost (RC).  This algorithm schedules all operations…the set of operations assigned…are executed…”) 

Dumba does not explicitly teach serverless tenant execution code, representing reconciler logic compiled into a web assembly module, is executed in a sandbox to perform reconciliation.
However, Thoemmes teaches a known method of kubernete based workload execution including reconciliation task for workload, including serverless tenant execution code, representing reconciler logic [CR…reconciler/CRD controller] compiled into a Web Assembly (“WASM”) module, is spun up in a WASM sandbox [sandbox] to perform reconciliation for the particular tenant workload (paragraph 28-29, “…Each CR requires a…reconciler… that reconciles the particular object type of the CR…maybe referred to herein as a CRD controller…” and “ … compiling …CRD controller into a respective isolation module…embodiments of the present disclosure are described with respect to a web assembly module (WASM) as an example isolation module…” in view of paragraph 31, “each WASAM executes within a virtual machine that is separated from the host runtime using fault isolation techniques, applications compiled into a WASM execute in isolation from the rest of their host environment and can’t escape the “sandbox” of the WASM …”). This known technique is applicable to the system of Dumba as they both share characteristics and capabilities, namely, they are directed to Kubernet based workload execution with reconciliation controller.
One of ordinary skill in the art before the effective filing date of the application would have recognized that applying the known technique of Thoemmes would have yielded predictable results and resulted in an improved system.  It would have been recognized that applying the technique of Thoemmes to the teachings of Dumba would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such workload management features into similar container based workload execution systems.  Further, applying reconciler logic code compiled into a Web Assembly (“WASM”) module, is spun up in a WASM sandbox to perform reconciliation for the particular tenant workload to Dumba with execution of reconciliation code in a multi-tenant cloud system accordingly, would have been recognized by those of ordinary skill in the art as resulting in an improved system that reduces resource utilization by not having CRD controllers running in background while their respective isolation module is not executing (Thoemmes, paragraph 15) and improved enforcement of user specified resource states (Thoemmes, paragraph 25).

As for claims 10 and 19, they are the method and product claims of system claim 1 above.  Thus, they are rejected under the same rationales.

As for claim 2, Dumba also teaches the workloads are deployed within Virtual Machines (“VM”) (paragraph 42, “…there are many different resource types…such as … a virtual machine resource…” see, also, paragraph 29-30).

As for claims 11, they are the method claims of system claim 2 above.  Thus, they are rejected under the same rationales.
As for claim 3, Dumba also teaches wherein each VM is assigned an amount of resources (paragraph 53, “…shared pool of configurable computing resources (e.g., …virtual machines…that can be …provisioned and released…” thus it is understood as containing computing resources.  Examiner additionally note, it is wellknown in the art VM is a compute resource that uses software instead of a physical computer to run programs and deploy apps, but it inherently is assigned and uses physical system resources, such as the CPU, RAM, and disk storage (or subset there of each of the physical resources) to execute.  See, e.g., “Virtual Machine Definition”, techterms.com/definition/virtual_machine, Sept 21, 2018).

As for claims 12, they are the method claims of system claim 3 above.  Thus, they are rejected under the same rationales.

As for claim 4, Dumba also teaches the resources are associated with at least one of: (i) memory size, (ii) Central Processing Unit (“CPU”) utilization, and (iii) disk space (paragraph 53, “…shared pool of configurable computing resources (e.g., …virtual machines…that can be …provisioned and released…” thus it is understood as containing computing resources.  Examiner additionally note, it is wellknown in the art VM is a compute resource that uses software instead of a physical computer to run programs and deploy apps, but it inherently is assigned and uses physical system resources, such as the CPU, RAM, and disk storage (or subset there of each of the physical resources) to execute.  See, e.g., “Virtual Machine Definition”, techterms.com/definition/virtual_machine, Sept 21, 2018).

As for claims 13, they are the method claims of system claim 4 above.  Thus, they are rejected under the same rationales.

As for claim 5, Thoemmes also teaches the trigger event represents an actual VM state not matching a desired VM state (paragraph 25, “….observe the state of the cluster……then make changes to the cluster to ensure that the current state matches the desired state …observes and reconciles…receive a notification that the object has been changed…” teaches observing actual VM state (i.e., current state observed) does not match a desired VM state, and triggers to make it match/reconcile it to match).

As for claims 14, they are the method claims of system claim 5 above.  Thus, they are rejected under the same rationales.

As for claim 20, it contains similar limitations as claims 2 and 5 above.  Thus, it is rejected under the same rationales.

As for claim 6, Thoemmes also teaches wherein the serverless tenant execution code does not consume resources after the reconciliation is performed for the particular tenant workload (paragraph 37, “…CRD controllers 219…may run in a single host service…executes the correct WASM 224 when a new API event is received (the WASM module 224 corresponding to the CRD controller 219 that services that API event type)…each CRD controller may be used dynamically like a function…and does not run continuously in the background…significantly reduces the overhead on memory and CPU resources, because CRD controllers are ‘woken up’ from their inactive state and executed only when they are actually needed…” teaches the particular code is only executing when it’s needed, and does NOT run when it is no longer needed.  when the code is not running in the background, it is understood as not consuming resources).

As for claims 15 and 21, they are the method and product claims of system claim 6 above.  Thus, they are rejected under the same rationales.

As for claim 7, Thoemmes also teaches the WASM sandbox provides memory isolation from other tenants (paragraph 31, “…each WASM executes within a virtual machine that is separated from the host runtime ….execute in isolation from the rest of their host environment…” and paragraph 39, “…each CRD controller 219 …maybe hosted on a special service that is separate from the controller-manager 217…”) .

As for claims 16, they are the method claims of system claim 7 above.  Thus, they are rejected under the same rationales.

As for claim 8, Thoemmes also teaches the WASM sandbox maintains code flow integrity (paragraph 32, “…each CRD controller 219…compiled into a WASM …”  Examiner note, “maintains code flow integrity” is not a functional step, rather, an inherent benefit of compiling the code into a WASM module.  Here, present specification explicitly teaches, “compiling reconciler logic into WASM modules may provide several benefits, such as….maintenance of code flow integrity…”  in another word, by compiling the code, that inherently give you the benefit.  Thus, the corresponding functional step to perform that results in maintenance of code flow integrity, is compiling the code into a WASM module, which is taught by the prior art.  Examiner additionally note, control flow integrity benefit provided through the act of the compiling of code into WASM is a wellknown and explicitly stated benefit and design goal of the original WASM project well before the filing of the present application, and is understood as an inherent benefit.  See, e.g., “Webassembly – Security”, webassembly.org/docs/security/, Dec, 2016)

As for claims 17, they are the method claims of system claim 8 above.  Thus, they are rejected under the same rationales.

As for claim 9, Thoemmes also teaches the WASM sandbox executes a tenant control plane (paragraph 44, WASM executes controllers 219, each controller is understood as a tenant control plane software.  See also paragraph 28) and inherits security features by default (paragraph 29 and 31.  Present application does not specify what the security features are.  Under the BRI, it is understood to include any sort of isolation techniques to prevent it from affecting rest of their host environment.  Here, executing the controller inside WASM sandbox clearly isolates it from rest of the host environment, which is a security feature.  In addition, it is noted this feature is inherent to WASM isolation module that would be enforced without additional changes, hence, it is clearly default security feature of WASM.).

As for claims 18, they are the method claims of system claim 9 above.  Thus, they are rejected under the same rationales.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN X LU whose telephone number is (571)270-1233.  The examiner can normally be reached on M-F 10am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 5712723759.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/KEVIN X LU/
Examiner, Art Unit 2199

/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199