DETAILED ACTION
This Action is in response to application/ communications filed on 02/04/2021.
Claims 1-20 are presented for examination. Claims 1, 7 and 14 are independent claims. 
Claims 1-20 remain pending in this application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDSs) submitted on 02/04/2021, 07/02/2021, 08/25/2021, 10/25/2021, 12/17/2021, and on 04/20/2022 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDSs are being considered by the examiner.

Claim Objections
Claim(s) 7-8, 11, 14-15 and 20 is/are objected to because of the following informalities:  
Claim 7 recites the limitations "a network" in line 8. The claim then recites “the public network” in line 13. There is insufficient antecedent basis for this limitation in the claim. For examination purpose, examiner interprets  "a network" in line 8 to be "a public network". Support from such interpretation is found in claim 1, and claim 20.
Claim 7 recites the limitations "the network" in last line. There is insufficient antecedent basis for this limitation in the claim.
Claim 8 and 11, each depends upon claim 7, and recites the limitations as recited "the network" in last line. There is insufficient antecedent basis for this limitation in the claim.
Claims 14-15 and 20 recite similar limitations as recited in claims 7-8 and 11. Therefore, the claims objection, as set forth above, also applies to the claims.
Appropriate correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 is/are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5, 8-9 and 12 of U.S. Patent #. US 10938884 B1. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations in the instant application are obvious variation of the method claims of the U.S. Patent #. US 10938884 B1, as shown below:
Current Application (Claims as of 02/04/2021)
U.S. Patent #. US 10938884 B1
Claim 1: 
A computer-implemented method comprising: 
receiving, by a virtual private cloud network (VPC), a request for content from a first system via a public network; 



determining, by the VPC, that the requested content is not stored in a cache data store; 
encapsulating the request for the content in a first header that points to an identifier associated with one or more virtual computing devices arranged within a virtualized local area network, wherein the one or more virtual computing devices hide an address of an origin server from devices in communication with the public network; 



transmitting, by the VPC, the encapsulated request for the content to the one or more virtual computing devices via a private route established between the VPC and the one or more virtual computing devices over a private network; 
receiving, by the VPC via the private route, an encapsulated packet from the one or more virtual computing devices, wherein the encapsulated packet comprises a second header that points to an identifier of the VPC; 
decapsulating, by the VPC, the encapsulated packet to extract the content; and 
transmitting, by the VPC, the content to the first system via the public network.
Claim 1: 
A computer-implemented method of retrieving a file, the method comprising: 
receiving, by a managed virtual private cloud network (VPC) that includes one or more first virtual computing devices arranged within a first virtualized local area network, a request for the file from a content delivery network (CDN) via a public network; 
determining, by the managed VPC, that the requested file is not stored in a cache data store; 
encapsulating the request for the file in a first header that points to a VPC identifier of a second VPC, wherein the second VPC includes one or more second virtual computing devices arranged within a second virtualized local area network, the second virtualized local area network generated by a substrate network hosting the second VPC, wherein a third virtual computing device in the one or more second virtual computing devices implements an origin server that is not accessible to devices external to the private network; 
transmitting, by the managed VPC, the encapsulated request for the file to the second VPC via a private route established between the managed VPC and the second VPC over the private network; 

receiving, by the managed VPC via the private route, an encapsulated packet from the second VPC, wherein the encapsulated packet comprises a second header that points to a VPC identifier of the managed VPC; 
decapsulating, by the managed VPC, the encapsulated packet to extract the file; and 
transmitting, by the managed VPC, the file to the CDN via the public network.
Claim 2: 
The computer-implemented method of Claim 1, wherein receiving the request for the content further comprises receiving the request for the content from the first system via an encrypted connection through the public network.
Claim 2: 
The computer-implemented method of claim 1, wherein receiving the request for the file from the CDN via the public network further comprises receiving the request for the file from the CDN via an encrypted connection through the public network.
Claim 3: 
The computer-implemented method of Claim 2, further comprising exchanging signed digital certificates with the first system to establish the encrypted connection.
Claim 3: 
The computer-implemented method of claim 2, further comprising exchanging signed digital certificates with the CDN to establish the encrypted connection.
Claim 4: 
The computer-implemented method of Claim 1, wherein the VPC is paired with the one or more virtual computing devices using the identifier of the VPC and the identifier associated with the one or more virtual computing devices.
Claim 8: 
The system of claim 5, wherein the first VPC is paired with the second VPC using the VPC identifier of the first VPC and the VPC identifier of the second VPC.
Claim 5: 
The computer-implemented method of Claim 1, wherein the VPC and the one or more virtual computing devices are located in a same geographic location.
Claim 4: 
The computer-implemented method of claim 1, wherein the managed VPC and the second VPC are located in a same geographic location.
Claim 6: 
The computer-implemented method of Claim 1, further comprising: 





receiving a request for second content from the first system; 
determining that the requested second content is stored in a cache data store; 
retrieving the second content from the cache data store; and 
transmitting the second content to the first system.
Claim 9: 
The system of claim 5, further comprising a cache data store, wherein the one or more first computing devices are further configured with specific computer-executable instructions to cause one first virtual computing device in the one or more first virtual computing devices to: 
receive a request for a second file from the CDN via the network; 
determine that the requested second file is stored in the cache data store; 
retrieve the second file from the cache data store; and 
transmit the file to the CDN via the network.


Regarding claims 7 and 14, although the claims at issue are not identical, they are obvious variants of each other, and are not patentably distinct from each other because all of the limitations of the system claim (Claim 7) and corresponding non-transitory, computer-readable storage media claim (Claim 14) in the instant application are met with respect to method claim (claims 1) of U.S. Patent #. US 10938884 B1. In addition, U.S. Patent #. US 10938884 B1 discloses corresponding system claim (claim 5) and non-transitory, computer-readable storage media claim (Claim 12).

As for Claim 8-13 and 15-20, the claims do not teach or further define over the limitations in claim 1-6. Therefore, claims 8-13 and 15-20 are rejected for the same reasons as set forth in claims 1-6.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 4, 10 and 17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 4, 10 and 17, depend upon independent claims 1, 7 and 14 respectively, and recite, “wherein the VPC is paired with the one or more virtual computing devices using the identifier of the VPC and the identifier associated with the one or more virtual computing devices”.
Upon review of the application, examiner finds that the best support for the claimed limitation exist in specification paragraphs [0014], [0027], and [0048]. However, these paragraphs disclose that a VPC identifier of the managed VPC and a VPC identifier of the third party VPC are used to pair the two VPCs. Therefore, while the claim recites “identifier associated with the one or more virtual computing devices”, the disclosure teaches “identifier of the VPC” that are being used to pair the VPCs.
The rest of the disclosure as filed, including the claims and figures do not describe the limitation “wherein the VPC is paired with the one or more virtual computing devices using the identifier of the VPC and the identifier associated with the one or more virtual computing devices” in sufficient details. Therefore, claims 4, 10 and 17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.
For examination purpose, “the VPC identifier of the VPC” (as supported by specification paragraphs [0014], [0027], and [0048]) is interpreted to be the claimed “the identifier associated with the one or more virtual computing devices”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 1, 5-7, 11-14 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Garza et al. (hereinafter, Garza, US 10630771 B1) in view of Suryanarayanan et al. (hereinafter, Suryanarayanan, US 20150339136 A1).

Regarding claim 1, Garza discloses a computer-implemented method comprising: 
receiving (see Fig.3: step 2; also see Fig.6:612), by a cloud network (see Fig.3:304; also see network shown in Fig.4; also see Fig.6:604; also see Col.7: lines 18-33 in view of Col.2: lines 42-54; Network storage 304 represents a given site that is part of a distributed network storage subsystem (referred to herein as "NetStorage" or cloud storage); also see Col.9: line 45; cloud storage 304), a request for content from a first system (see Col.9: lines 13-28; the CDN server 302 generates a forward request to the network storage 304 for an HTML document named `index.html`… The network storage receives this forward request; also see Col.10: lines 62-66; CDN server 602 generates a forward request for the object (HTTP GET request for 'index.html') to a selected network storage site 604) via a public network (see Fig.3:304; also see Fig.4:410 in view of Col.3: lines 46-57; also see Col.7: lines 31-33 and Col.8: lines 4-11; Internet corresponds to a public network);
determining, by the cloud (see Fig.3:304; also see Fig.6:604), that the requested content  is not stored in a cache data store (see Col.9: lines 13-28 in view of Fig.3: step 3; The network storage receives this forward request, but the object is not present, so it sends a `not found` HTTP 404 message; also see Col.10: line 65 – Col.11: line 1; the network storage site 604 returns an HTTP 404 code as the object is not yet stored there);
transmitting, by the cloud (see Fig.3:304; also see Fig.6:604), the request for the content to an origin server (see Col.10: lines 12-14 in view of Fig.3: step 8; the fetching service at the network storage 304 requests the object from the origin server 306; also see Col.11: lines 14-16 in view of Fig.6:624; network storage requests and receives the object form the origin);
receiving, by the cloud (see Fig.3:304; also see Fig.6:604), a packet from the origin server (see Col.11: lines 14-16 in view of Fig.6:624; network storage requests and receives the object (HTTP GET request for 'index.html') form the origin; also see Col.13: lines 1-21; The origin server returns the HTML object to network storage); and
transmitting, by the cloud (see Fig.3:304; also see Fig.6:604), the content to the first system (network storage 304 stores the object … before serving it in response to (later) requests) via the public network (see Fig.4:410 in view of Col.3: lines 46-57; also see Col.7: lines 31-33 and Col.8: lines 4-11; Internet corresponds to a public network).
Although, and as set forth above, Garza discloses a cloud network (datacenter) receiving a request for content from a first system (see Fig.3: step 2; also see Fig.6:612), the cloud network is not explicitly disclosed as a virtual private cloud network (VPC). In addition, although Garza discloses transmitting a request for the file to an origin server (see Col.10: lines 12-14 in view of Fig.3), and receiving a packet from the origin server (see Col.11: lines 14-16 in view of Fig.6:624), Garza does not explicitly disclose encapsulating the request for the content in a first header that points to an identifier associated with one or more virtual computing devices arranged within a virtualized local area network, wherein the one or more virtual computing devices hide an address of an origin server from devices in communication with the public network; transmitting, by the VPC, the encapsulated request for the content to the one or more virtual computing devices via a private route established between the VPC and the one or more virtual computing devices over a private network; receiving, by the VPC via the private route, an encapsulated packet from the one or more virtual computing devices, wherein the encapsulated packet comprises a second header that points to an identifier of the VPC; and decapsulating, by the VPC, the encapsulated packet to extract the content.
Suryanarayanan discloses that such datacenters can implement VPCs (see [0088]-[0089] and [0094]; in view of Fig.7A and 7B; each data center hosts one or more workspace instances and one or more computing nodes within data center… one or more workspace instances (including any and all virtual computing and/or storage resources that implement the workspace instances) may operate within a customer VPC in the respective data center; peer VPC is communicably coupled to workspace services VPC through peering connection; also see [0054] and [0056] in view of Fig.4). Suryanarayanan further discloses:
 encapsulating (see [0051]; use Internet Protocol (IP) tunneling technology to encapsulate and route client data packets over a network substrate) the request for the content (see Fig.7B:730; also see [0019]; in response to a client request …, the service may configure a virtual computing resource instance.... This virtual computing resource instance may be one of multiple virtual resource instances that operate (or participate) within a virtual private cloud of the client; also see [0081]; VPCs may carry the network traffic other than the interactive video stream of a virtual desktop session (e.g., network traffic for operations such as joining a domain or allowing the end user to browse an Internet site); examiner interprets that request from client or end user to browse an Internet site (webpage/ HTTP content) corresponds to request for the content (such as one disclosed by Garza) in a first header that points to an identifier associated with one or more virtual computing devices (see Fig.4:424A1-4 and/or 424B1-4; also see Fig.5:524) arranged within a virtualized local area network (see [0051]-[0052]; encapsulate and route client data packets over a network substrate between client resource instances on different hosts within the provider network; encapsulated packets (that is, client packets that have been tagged with overlay network metadata including but not limited to overlay network address information for routing over the overlay network) may be passed through the network substrate via tunnels or overlay network routes; the provider network may include a physical network substrate that includes networking devices such as routers, switches, NATs, and so on, as well as the physical connections among the devices… the IP tunneling technology may provide a virtual network topology overlaid on the physical network substrate; also see [0054]-[0056] in view of Fig.4:400; encapsulated packets may be passed through network substrate 410 using tunnels. The IP tunneling technology may provide a mapping and encapsulating system for creating an overlay network on a network (e.g., a local network in data center 400 of FIG. 4) and may provide a separate namespace for the overlay layer (the public IP addresses) and the network substrate 410 layer (the private IP addresses); instead of encapsulating packets in overlay network packets, an overlay network address (public IP address) may be embedded in a substrate address (private IP address) of a packet before sending; Each VM 424 may be provided with one or more private IP addresses; A mapping service 430 may be aware of all network IP prefixes and the IP addresses of routers or other devices serving IP addresses on the local network; also see [0059] and [0061]; a service provider that provides data center 400 may also provide additional data center(s) 460 that include hardware virtualization technology similar to data center 400 and that may also be connected to intermediate network 440. Packets may be forwarded from data center 400 to other data centers 460, for example from a VM 424 on a host 420 in data center 400 to another VM on another host in another, similar data center 460, and vice versa), wherein the one or more virtual computing devices (see Fig.4:424A1-A4 and/or 424B1-B4; also see Fig.5:524) hide an address of an origin server (see Fig.2:216 and Fig.4:416; also see [0034]; data is accessed from and stored to a virtual data store 216 provided by the provider network 200… virtualized data store gateway upload new or modified data from a local cache so that the primary store of data is maintained at the virtualized data store 216… virtualized data store gateway at the client network 250 may locally cache at least some data, for example frequently accessed or critical data… a user, via a virtual computing system 292 and/or on another client device 290, may access one or more storage volumes 218 of virtual data store 216; also see [0056] lines 7-9; virtual machines (VMs) 424 on the hosts implement a virtual desktop instance for the use of a client; also see [0081]; VPCs may carry the network traffic allowing the end user to browse an Internet site; examiner interprets that virtualized data store 216 that is maintained as a primary store of data and that serves content data to local cache as well as to a user and/or client device corresponds to a virtual origin server) from devices (see Fig.3:306) in communication with the public network (see Fig.3:304; also see [0025]-[0027] in view of [0022]; Private IP addresses 116 associated with the resource instances 112 (i.e. as virtual machines (VMs) on the hosts) are the internal network addresses of the resource instances 112 on the provider network 100; The provider network 100 may also allow the client to remap a public IP address 114, previously mapped to one virtualized computing resource instance 112 allocated to the client, to another virtualized computing resource instance 112 that is also allocated to the client; traffic to a destination public IP address 114 published by the client network 150A; the traffic is routed to the service provider data center, and at the data center is routed, via a network substrate, to the private IP address 116 of the virtualized computing resource instance; Private IP addresses are only routable within the provider network. Network traffic originating outside the provider network is not directly routed to private IP addresses; also see [0042]; data center computers 310 may be associated private network addresses, such as IP addresses, within the service provider computer network 305 such that they may not be directly accessible by the client computing devices 306); 
transmitting, by the VPC (see [0081]; VPCs may carry the network traffic allowing the end user to browse an Internet site… e.g., over a virtual private network), the encapsulated request for the content (see [0051]; use Internet Protocol (IP) tunneling technology to encapsulate and route client data packets over a network substrate; also see [0055] lines 14-15; a packet may be encapsulated in an overlay network packet format before sending) to the one or more virtual computing devices (see Fig.4:424A1-A4 and/or 424B1-B4; also see Fig.5:524; also see [0059]; a service provider that provides data center 400 may also provide additional data center(s) 460 that include hardware virtualization technology similar to data center 400 and that may also be connected to intermediate network 440. Packets may be forwarded from data center 400 to other data centers 460, for example from a VM 424 on a host 420 in data center 400 to another VM on another host in another, similar data center 460, and vice versa;) via a private route (see Fig.4:434A; also see Fig.5:542) established between the VPC and the one or more virtual computing devices over a private network (see [0061]; shared network may also be viewed as a private network; a shared network may serve as an intermediate network between a provider network and a client network, or between a provider network and other network entities (e.g., external resources, computing systems, data centers; also see [0055] in view of Fig.4:434A and [0064]-[0065] in view of Fig.5:542; overlay network tunnel 434A from a virtual machine (VM) 424A on host 420A to a device on … a data center 460; provider network that provides private networks on the provider network… A private communications channel 542 may, for example, be a tunnel implemented according to a network tunneling technology over a shared (private) network; also see [0018]; multiple gateway components, each of which is hosted on a respective computing node at a POP location in a one of the availability zones, may interoperate with each other within a virtual private cloud, and may communicate with each other over a virtual private network); 
receiving, by the VPC via the private route (see Fig.4:434A; also see Fig.5:542), an encapsulated packet from the one or more virtual computing devices (see [0051] lines 1-5; a service provider network use Internet Protocol (IP) tunneling technology to encapsulate and route client data packets over a network substrate between client resource instances on different hosts within the provider network; also see [0055] lines 1-15; a packet encapsulated in an overlay network packet format is received via overlay network tunnel 434A from a virtual machine (VM) 424A on host 420A to a device on data center 460; also see [0059]), wherein the encapsulated packet comprises a second header that points to an identifier of the VPC (see [0051]; encapsulated packets are tagged with overlay network metadata including but not limited to overlay network address information for routing over the overlay network… encapsulated packets in the overlay network layer may be checked against a mapping directory to determine what their tunnel substrate target (private IP address) should be…so that when a client resource instance provides an IP address to which packets are to be sent, a mapping service can determine where the IP overlay addresses are); and
decapsulating, by the VPC, the encapsulated packet to extract the content (see [0055] lines 14-15; a packet may be encapsulated in an overlay network packet format before sending, and the overlay network packet may be stripped after receiving; encapsulation is stripped from the received packet; also see [0081]; VPCs may carry the network traffic allowing the end user to browse an Internet site; extracting the file is implied since encapsulated packets/ network traffic between VPCs are decapsulated after receiving, and the network traffic allows the end user to browse an Internet site).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Suryanarayanan with Garza to encapsulate the request for the content in a first header that points to an identifier associated with one or more virtual computing devices arranged within a virtualized local area network, wherein the one or more virtual computing devices hide an address of an origin server from devices in communication with the public network; transmit, by the VPC, the encapsulated request for the content to the one or more virtual computing devices via a private route established between the VPC and the one or more virtual computing devices over a private network; receive, by the VPC via the private route, an encapsulated packet from the one or more virtual computing devices, wherein the encapsulated packet comprises a second header that points to an identifier of the VPC; and to decapsulate, by the VPC, the encapsulated packet to extract the content.
One of ordinary skill in the art would have been motivated to be able to communicate from the workspace instance to the gateway component over a secure, reliable, low latency communication channel that spans the two VPCs (Suryanarayanan: see last 6 lines of [0103]).

Regarding claim 5, Garza (modified by Suryanarayanan) discloses the computer-implemented method of claim 1, as set forth above. In addition, Suryanarayanan further discloses wherein the VPC and the one or more virtual computing devices are located in a same geographic location (see last 2 lines of [0023] in view of Fig.7B; Fig.7B shows the VPC 730 and VPC 760 are co-located within single availability zone or region 720; in a different interpretation, VPC 730 is primarily implemented within availability zone 710, while VPC 760 is implemented within availability zone 720; last 2 lines of [0023] explicitly recite that multiple availability zones may reside in the same geographic location).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Suryanarayanan with Garza to have a computer-implemented method wherein the VPC and the one or more virtual computing devices are located in a same geographic location.
One of ordinary skill in the art would have been motivated so that the video stream may be communicated from the workspace instance to the gateway component over a secure, reliable, low latency communication channel that spans the two VPCs (Suryanarayanan: see last 6 lines of [0103]).

Regarding claim 6, Garza (modified by Suryanarayanan) discloses the computer-implemented method of claim 1, as set forth above. In addition, Garza further discloses 
receive a request for a second content from the first system (see Col.10: lines 23-37; also see Col.11: lines 29-32);
determine that the requested second content is stored in the cache data store (see Col.10: lines 37-38; also see Col.11: lines 32-33);
retrieve the second content from the cache data store (see Col.10: lines 37-43; also see Col.11: lines 32-33; retrieval of file from the data store is implied, as the object stored in the storage is returned to the requesting server); and
transmit the second content to the first system (see Col.10: lines 43; also see Col.11: lines 32-33).

As for Claim(s) 7 and 14, the claims list all the same elements of claim 1, but in a system (see Garza: Fig.3) comprising: a first computing device (see Garza: Fig.3:302), and one or more second computing devices that implement a cloud /datacenter network (see Fig.3:304; also see network shown in Fig.4; also see Fig.6:604; also see Col.7: lines 18-33 in view of Col.2: lines 42-54; also see servers 402a-n and 406a-n arranged in network shown in Fig.4; also see Col.7: line 42 – Col.8: line 11); and a non-transitory, computer-readable storage media comprising computer-executable instructions executed by a computer that implements a first cloud network (see Garza: Col.6: lines 6-8 and Col.15: lines 20-29) form to carry out the steps of claim 1, rather than the method form. In addition, Suryanarayanan teaches that each datacenter/ cloud network could be virtual private clouds (VPC) network (see [0088]-[0089]; in view of Fig.7A and 7B. Therefore, the supporting rationale of the rejection to claim 1 applies equally as well to claims 7 and 14.  

As for Claims 11 and 18, the claims do not teach or further define over the limitations in claim 6. Therefore, claims 11 and 18 are rejected for the same reasons as set forth in claim 6.

As for Claims 12 and 19, the claims do not teach or further define over the limitations in claim 5. Therefore, claims 12 and 19 are rejected for the same reasons as set forth in claim 5.

As for Claims 13 and 20, the claims depend on claims 7 and 14 respectively, but do not teach or further define over the limitations in claims 1. As set forth above, Garza already discloses wherein the network is a publicly accessible network (see Fig.4:410 in view of Col.3: lines 46-57; also see Col.7: lines 31-33 and Col.8: lines 4-11; Internet corresponds to a publicly accessible network). Therefore, claims 13 and 20 are rejected for the same reasons as set forth in claims 1, 7 and 14.

Claim(s) 2-3, 8-9 and 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Garza et al. (hereinafter, Garza, US 10630771 B1) in view of Suryanarayanan et al. (hereinafter, Suryanarayanan, US 20150339136 A1) in view of Gill et al. (hereinafter, Gill, US 20170170973 A1).

Regarding claim 2, Garza (modified Suryanarayanan) discloses the computer-implemented method of claim 1, as set forth above, including a VPC receiving a request for content from a first system via a public network (see Fig.3: step 2; also see Fig.6:612). Garza (modified Suryanarayanan) does not explicitly disclose wherein the connection through the public network is encrypted.
Gill discloses wherein receiving the request for the content further comprises receiving the request for the content from the first system via an encrypted connection through the public network (see [0039]; the CDN may provide secure content delivery among a client browser, edge server and customer origin server by enforcing SSL-based links between the client and the edge server process, on the one hand, and between the edge server process and an origin server process, on the other hand; also see [0022]-[0023]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Gill with Garza and Suryanarayanan to receive the request for the content from the first system via an encrypted connection through the public network.
One of ordinary skill in the art would have been motivated to enable an SSL-protected web page and/or components thereof to be delivered via the edge server (Gill: last 2 lines of [0039]).

Regarding claim 3, Garza (modified Suryanarayanan, and Gill) discloses the computer-implemented method of claim 2, as set forth above. Gill further discloses exchanging signed digital certificates with the first system to establish the encrypted connection (see [0022]-[0023] and [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Gill with Garza and Suryanarayanan to exchange signed digital certificates with the first system to establish the encrypted connection.
One of ordinary skill in the art would have been motivated to enable an SSL-protected web page and/or components thereof to be delivered via the edge server (Gill: last 2 lines of [0039]).

As for Claims 8-9 and 15-16, the claims do not teach or further define over the limitations in claims 2-3. Therefore, claims 8-9 and 15-16 are rejected for the same reasons as set forth in claims 2-3.

Claim(s) 4, 10 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Garza et al. (hereinafter, Garza, US 10630771 B1) in view of Suryanarayanan et al. (hereinafter, Suryanarayanan, US 20150339136 A1) in view of Sinn (US 20130061306 A1).

Regarding claim 4, Garza (modified Suryanarayanan) discloses the computer-implemented method of claim 1, as set forth above. Suryanarayanan further discloses wherein the VPC is paired with the one or more virtual computing devices (see [0094] in view of Fig.7B:730 and 760; peer VPC 760 is communicably coupled to workspace services VPC 730 through peering connection 765).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Suryanarayanan with Garza so that the VPC is paired with the one or more virtual computing devices.
One of ordinary skill in the art would have been motivated so that the video stream may be communicated from the workspace instance to the gateway component over a secure, reliable, low latency communication channel that spans the two VPCs (Suryanarayanan: see last 6 lines of [0103]).
Although, and as set forth above, Suryanarayanan discloses the VPC is paired with the one or more virtual computing devices, Garza (modified Suryanarayanan) does not explicitly disclose that such pairing is done using the identifier of the first VPC and the identifier associated with the one or more virtual computing devices.
Sinn discloses wherein the VPC is paired with the one or more virtual computing devices using the identifier of the VPC and the identifier associated with the one or more virtual computing devices (implied from [0042]-[0050]; the cloud administration server 114 stores (session) token, cloud roles, and mappings (hybrid cloud mapping data). For example, the cloud administration server 114 may link the token to a cloud role and to a private cloud identity and to a public cloud identity; also see [0017]; The hybrid cloud identity mapping system includes a public cloud, a private cloud, an internal cloud; also see [0020] line 1-2; the internal cloud is similar to the private cloud).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Sinn with Garza and Suryanarayanan so that the VPC is paired with the one or more virtual computing devices using the identifier of the VPC and the identifier associated with the one or more virtual computing devices.
One of ordinary skill in the art would have been motivated so that later when an enterprise user requests a particular action, the cloud administration server can use the token, cloud role, and mappings to perform the requested action (Sinn: [0051] lines 1-5).

As for Claims 10 and 17, the claims do not teach or further define over the limitations in claim 4. Therefore, claims 10 and 17 are rejected for the same reasons as set forth in claim 4.

Additional References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Spiers et al. (US 20120266231 A1) discloses secure network cloud architecture wherein custom PXE loader in the VM at VPC may send a secure HTTPS request to the cloud DMZ.
Wein et al. (US 20070288588 A1) teaches Content Delivery Network (CDN) content server request handling mechanism.
Chandrashekhar et al. (US 20180063193 A1) discloses distributed network encryption for logical network implemented in public cloud.
Simon et al. (US 20030093691 A1) teaches enabling secure communication in a clustered or distributed architecture.
Barbir et al. (US 20030135468 A1) discloses an improved overlay network involving Virtual Private Content Networks.
Miller et al. (US 20130136138 A1) teaches interfaces to manage direct network peerings.
Sharma et al. (US 20170223029 A1) teaches malware & data leakage protection in CDN.
David et al. (US 20140108474 A1) discloses system for exposing data stored in a cloud computing system to a content delivery network provider.
DENNIS (WO 2015119606 A1) teaches providing multiple secure link architecture.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANDARVA KHANAL whose telephone number is (571)272-8107. The examiner can normally be reached MON-FRI, 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANDARVA KHANAL/Examiner, Art Unit 2453                                                                                                                                                                                                        

/KAMAL B DIVECHA/Supervisory Patent Examiner, Art Unit 2453