DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 6, 7, 13, 14 and 20 are objected to because of the following informalities:  The claims recite “hosed”. This appears to be a misspelling with the intent to recite “housed”.  Appropriate correction is required.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Patent Application Publication 2015/0052525 to Raghu.
As concerns claims 1, 8 and 15, a computer-implemented method executed by one or more processors comprising: 
maintaining a distributed network security service, the service configured to: 
generate, for each of a plurality of client networks (0006-virtual private networks), an associated node container (0029-containers); 
executing, in each node container, one or more nodes (0029-virtual machine containers; 0058-container for virtual machine) that are each configured to examine i) traffic addressed to the associated client network and originating from sources outside the distributed network (0065-handle traffic, various policies and rules to direct packets for local and wide-area networks (i.e. “outside”)); and ii) traffic addressed to the sources outside the distributed network and originating from the associated client network (0065-handle traffic, various policies and rules to direct packets for local and wide-area networks (i.e. “outside”)); 
wherein traffic associated with one client network is accessible to node containers associated with other client networks (0054-routing of messages through communication system to intended destination; 0059-intercommunication between vms and networks); 
wherein some of the nodes executing in a plurality of the node containers are copies of the same virtual machine (0029-virtual machine containers; 0043-replicated; 0058-container for virtual machine); 
wherein a first node of a first client network is instance (0029-virtual machine containers; 0058-container for virtual machine) of a particular virtual machine and is executing on local hardware (0028-physical computer systems, physical hardware) that is part of the first client network; and 
wherein a second node (0043-a replicated virtual machine) of a second client network is also an instance of the particular virtual machine (0043-replicated virtual machine) and is executing on remote hardware (0028-physical computer systems, physical hardware) that is not a part of the first client network or the second client network (0043-migrate vms to different physical servers; 0046-multi-tenant virtual data centers; 0048-VCC nodes are geographically and operationally distinct; 0059-virtual external networks; 0062-one or more physical networks).  
As further concerns claim 15, one or more processors (0031) and computer memory (0031).

As concerns claims 2, 9 and 16, the invention of claims 1, 8 and 15, wherein a third node of the first client network is an instance of the same particular virtual machine (0043-another replicated virtual machine) and is executing on remote hardware that is not a part of the first client network or the second client network (0043-migrate vms to different physical servers; 0046-multi-tenant virtual data centers; 0048-VCC nodes are geographically and operationally distinct; 0059-virtual external networks; 0062-one or more physical networks).  
As concerns claims 3, 10 and 17, the invention of claims 2, 9 and 16, wherein the particular virtual machine is configured to access a security policy of a node container's associated client network (0071) and to apply the 24Attorney Docket No. 38097-0072003 security policy to the i) traffic addressed to the associated client network and originating from sources outside the distributed network (0071-VPN, edge network devices); and ii) traffic addressed to the sources (0069-inter-cloud VPN).  
As concerns claims 4, 11 and 18, the invention of claims 3, 10 and 17, wherein, to access a security policy of a node container's associated client network, the virtual machine is configured to request the security policy from another node executing in the same node container (0071-VPN policies pass the information locally (VCC nodes 1715…)).  
As concerns claims 5, 12 and 19, the invention of claims 2, 9 and 16, wherein a fourth node of the first client network is a physical machine with functionality different than the virtual machine (0038-virtual machine includes an OS designed for a particular architecture to run on hardware of a different architecture).  
As concerns claims 6, 13 and 20, the invention of claims 5, 12 and 19, wherein the fourth node is housed on the remote hardware (0059-virtual machines executing…as well as remote machines).
As concerns claims 7 and 14, the invention of claims 5 and 12, wherein the fourth node is housed on the first client network (0058-virtual machines grouped together; 0059).  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. USPGPub 2018/0123928 disclose monitoring containers for virtualization.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B WALSH whose telephone number is (571)272-7063. The examiner can normally be reached 7:30-3:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher L Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JOHN B WALSH/Primary Examiner, Art Unit 2451