DETAILED ACTION
This Action is in response to application/ communications filed on 01/21/2022.
Claims 1-20 are presented for examination. Claims 1, 12 and 17 are independent claims.
Claims 1-20 remain pending in this application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/16/2022 is in compliance with the provisions of 37 CFR 1.97, and is being considered by the examiner.

Drawings
The replacement drawings (Fig.1) were received on 05/02/2022. These drawings are acceptable.

The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 324 (see [0048] line 4 in view of Fig.3B:326). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Objections
Claim 5 is objected to because of the following informalities:  
Claim 5 depends on claim 1, and recites, “providing a portal accessible through a public network to receive data representing the credentials of the first storage node”. There is insufficient antecedent basis for this limitation in the claim.
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 is/are rejected on the ground of statutory double patenting as being unpatentable over claims 1-4, 6-9, and 13-16 of U.S. Patent No. US 11233850 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations in the instant application are anticipated by corresponding claims of U.S. Patent No. US 11233850 B2, as shown below:
Current Application (as of 01/21/2022)
U.S. Patent No. US 11233850 B2
Claim 1: 
A method comprising: 
causing an agent device to set up a replication partnership between a first storage node and a second storage node, 

wherein causing the agent device to set up the replication partnership comprises: 
















configure a proxy server that is associated with the second storage node to establish a secure communication channel for the replication partnership over a public network, wherein configuring the proxy server comprises: 





storing in the proxy server credentials for authenticating the first storage node to use the secure communication channel;
establishing port translations to be used in the secure communication channel in communicating replication data between the first storage node and the second storage node; and

communicating replication partnership information to the second storage node.
Claim 1: 
A method comprising: 
causing an agent device, other than a first storage node and other than a second storage node, to set up a replication partnership between the first storage node and the second storage node, wherein causing the agent device to set up the replication partnership comprises: 
providing a portal associated with the agent device and accessible through a public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage node, wherein the cryptographic credential corresponds to a secure communication channel and is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server in association with the replication partnership; 
causing the agent device to communicate over the public network with the proxy server to configure the proxy server to establish the secure communication channel for the replication partnership over the public network, wherein the proxy server is associated with the second storage node, the proxy server is separate from the second storage node, and configuring the proxy server comprises: 
causing the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node; 
storing the cryptographic credential in the proxy server; and 

the agent device requesting port translations to be used by the proxy server in the secure communication channel in communicating replication data between the first storage node and the second storage node; and 
communicating replication partnership information to the second storage node.
Claim 2:
The method of claim 1, wherein the proxy server and the second storage node comprise part of a private network; 
the private network comprises a plurality of storage nodes, including the second storage node; and 
configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.
Claim 2:
The method of claim 1, wherein the proxy server and the second storage node comprise part of a private network; 
the private network comprises a plurality of storage nodes, including the second storage node; and 
configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.
Claim 3:
The method of claim 1, wherein establishing the port translations comprises configuring local tunnel and reverse tunnel port translations associated with a public Internet Protocol (IP) address of the proxy server.
Claim 3:
The method of claim 1, wherein the agent device requesting the port translations comprises the agent device requesting local tunnel and reverse tunnel port translations associated with a public Internet Protocol (IP) address of the proxy server.
Claim 4:
The method of claim 1, wherein configuring the proxy server comprises configuring the proxy server to communicate with a tunnel endpoint associated with the first storage node.
Claim 4:
The method of claim 1, wherein configuring the proxy server comprises configuring the proxy server to communicate with a tunnel endpoint associated with the first storage node.
Claim 5:
The method of claim 1, further comprising:
 providing a portal accessible through a public network to receive data representing the credentials of the first storage node.
Claim 1:
…providing a portal associated with the agent device and accessible through a public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage node, …
Claim 6:
The method of claim 5, further comprising:
using the portal to receive input identifying a geographic region for a replication partner for the first storage node;






selecting the second storage node based on the identified geographic region; and
communicating an identifier to the proxy server, wherein the identifier identifies the second storage node.
Claim 1:

… providing a portal associated with the agent device and accessible through a public network to receive data to … identify a criterion for selecting the second storage node …
Claim 5:
The method of claim 1, wherein the criterion comprises a geographic region for a replication partner for the first storage node, the method further comprising: 
selecting the second storage node based on an identified geographic region; and 
causing the agent device to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.
Claim 7:
The method of claim 6, further comprising:
further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.
Claim 6:
The method of claim 5, further comprising: 
further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.
Claim 8:
The method of claim 1, wherein configuring the proxy server further comprises configuring the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.
Claim 7:
The method of claim 1, wherein configuring the proxy server further comprises causing the agent device to configure the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.
Claim 9:
The method of claim 1, wherein configuring the proxy server further comprises:
communicating a key associated with the first storage node to the proxy server.
Claim 8:
The method of claim 1, wherein configuring the proxy server further comprises: causing the agent device to communicate a Secure SHell (SSH) key associated with the first storage node to the proxy server.
Claim 10:
The method of claim 1, wherein configuring the proxy server further comprises communicating data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node.
Claim 1:
…
causing the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node; …

Claim 11:
The method of claim 1, wherein configuring the proxy server further comprises communicating data representing an identification of the first storage node.
Claim 9:
The method of claim 1, wherein configuring the proxy server further comprises causing the agent device to communicate data representing an identification of the first storage node.
Claim 15:
The apparatus of claim 12, wherein the instructions, when executed by the at least one processor, cause the at least one processor to configure the proxy server to set up a network tunnel.
Claim 13:
The apparatus of claim 10, wherein the instructions, when executed by the at least one processor, cause the at least one processor to configure the proxy server to set up a network tunnel.
Claim 16:
The apparatus of claim 15, wherein the network tunnel comprises a Secure Shell (SSH) tunnel.
Claim 14:
The apparatus of claim 13, wherein the network tunnel comprises a Secure SHell (SSH) tunnel, the cryptographic credential comprises an SSH key, and the proxy server comprises an SSH proxy server.
Claim 17:
A non-transitory storage medium storing instructions that, when executed by a machine, cause the machine to:





provide an interface to receive input representing a credential associated with a first storage node and input representing criteria to select a replication partner storage node for the first storage node;









access a proxy server for the replication partner storage node;






communicate data representing the credential to the proxy server; and

communicate with the proxy server to set up port forwarding for a future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Claim 15:
A non-transitory storage medium storing instructions that, when executed by a machine, cause the machine to: 
provide, via a public network, access to an agent device, other than a first storage node and other than a second storage node, to setup a replication partnership between the first storage node and the second storage node; 
provide a portal associated with the agent device and accessible through the public network to receive data to request the replication partnership, identify the first storage node, identify a criterion for selecting the second storage node and provide a cryptographic credential associated with the first storage node, wherein the cryptographic credential corresponds to a secure communication channel and is to be used by a proxy server to authenticate the first storage node in response to the first storage node initiating the secure communication channel with the proxy server in association with the replication partnership; 
cause the agent device to communicate over the public network to access the proxy server; 
cause the agent device to communicate data to the proxy server representing a replication partnership identification associated with the first storage node and a replication partnership credential associated with the first storage node, 
cause the agent device to communicate over the public network data representing the cryptographic credential to the proxy server; and 
communicate with the proxy server over the public network to set up port forwarding for a secure network tunnel to communicate replication data between the first storage node and the second storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Claim 18:
The non-transitory storage medium of claim 17, wherein the instructions, when executed by the machine, cause the machine to:
provide access to the interface via a public network.
Claim 15:
provide, via a public network, access to an agent device,…
provide a portal associated with the agent device and accessible through the public network
Claim 19:
The non-transitory storage medium of claim 17, wherein the instructions, when executed by the machine, cause the machine to communicate with the proxy server to reserve a public network port of the proxy server and map the public network port to a private network port of the replication partner storage node.
Claim 16:
The non-transitory storage medium of claim 15, wherein the instructions, when executed by the machine, further cause the machine to communicate with the proxy server to reserve a public network port of the proxy server and map the public network port to a private network port of the second storage node.
Claim 20:
The non-transitory storage medium of claim 17, wherein the instructions, when executed by the machine, cause the machine to select the replication partner based on a selection criteria.
Claim 15:
…
identify a criterion for selecting the second storage node…



Regarding claims 12-14, although the claim at issue is not identical, they are obvious variants of each other, and are not patentably distinct from each other because all of the limitations of the apparatus claims (Claims 12-14) in the instant application are met with respect to corresponding method claims of U.S. Patent No. US 11233850 B2 (Claims 1, 5-6 respectively). In addition, U.S. Patent No. US 11233850 B2 discloses corresponding apparatus claims (Claim 10-12).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence in the application indicating obviousness or nonobviousness.

Claim(s) 1, 4, and 9-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1).

Regarding claim 1, Deshmukh discloses a method comprising:
causing an agent device (Fig.1:116; Fig.4C:402; also see [0025] lines 15-16; node 116 comprise a primary/ local/ first storage controller) to set up a replication partnership (Fig.4C:426; also see Fig.3:302-304) between a first storage node (Fig.1:128; Fig.4C:408) and a second storage node (Fig.1:130; also see [0022] lines 7-10; also see [0037]; establishing a replication relationship between the first storage controller (node 116) and the second storage controller (node 118)…secure data replication may be implemented for and/or between any type of computing environment, and may be transferrable between physical devices (e.g., node 116, node 118… a storage device); also see [0054]-[0059]; A first storage controller may host first storage within which storage resources may be stored … a second storage controller may desire to establish a replication relationship with the first storage controller… Accordingly, an access policy for the storage resource may be established for facilitating secure data replication… In this way, the first storage controller may establish an access policy for providing the second storage controller with access to storage resources. The second storage controller may establish a corresponding access policy… In this way, the second storage controller may utilize the parameters for constructing data replication requests to send to the first storage controller for accessing the storage resources… and a replication relationship may be established between the first storage controller and the second storage controller for replicating data from the first storage to second storage hosted by the second storage controller; examiner articulates that establishing a replication relationship between the first storage controller (node 116) and the second storage controller (node 118) based on data replication requests sent from the second storage controller implies that the data replication requests sent from the second storage controller causes the first storage controller (node 116) to establish a replication relationship), wherein causing the agent device to setup the replication partnership (see [0037] and [0054]-[0059]) comprises: 
configuring a proxy server (Fig.1:118 and Fig.4C:404; also see [0025]; node 118 may comprise a secondary or remote storage controller; also see [0003] lines 1-3; the storage controllers within a storage cluster are configured; also see [0028] and [0038]; node 118 may be configured to operate as a storage server to provide access to files and/or other data stored on the data storage device) that is associated with the second storage node (Fig.1:130) to establish a secure communication channel for the replication partnership (Fig.4C:426; also see [0037; also see [0055]-[0059]; an access policy (e.g., authentication, authorization, and access control) for the storage resource may be established for facilitating secure data replication… second storage controller may establish a corresponding access policy comprising parameters associated with the authentication mechanism (e.g., a password), the authorization mechanism, and/or the access control mechanism (e.g., a decryption key)… the access policy may be attached to the replication relationship; also see [0028] lines 9-11; node 118 is capable of sending, receiving, and/or forwarding information over a network communications channel; also see [0068]; the first storage controller may provide encrypted data of the first storage resource to the second storage controller based upon the access control mechanism; examiner articulates that attaching the access policy (e.g., authentication, authorization, and access control) from the second storage controller to facilitate secure (encrypted) data replication over a network communications channel encompasses the second storage controller establishing a secure communication channel for the replication) over a public network (Fig.4C:414; also see [0054] lines 21-23; The first storage controller 116 and the second storage controller 118 may be connected over a public network), wherein configuring the proxy server (see [0028] and [0038]) comprises: 
storing in the proxy server (Fig.1:118; Fig.4C:404; also see [0025] lines 16-17; node 118 may comprise a secondary or remote storage controller) credentials (Fig.4C:425) for authenticating the first storage node (Fig.1:128; Fig.4C:408) to use the secure communication channel (see [0064]-[0065]; authentication mechanism (e.g., a password authentication mechanism specifying a password) establish in the second storage controller 404 corresponds to credentials for authenticating the first storage node); and 
communicating replication partnership information to the second storage node (see last 8 lines of [0061]; the access policy may be shared with other storage controllers). 
Although, and as set forth above, Deshmukh discloses configuring the proxy server to establish a secure communication channel in communicating replication data between the first storage node and the second storage node (see [0028], [0038] and [0055]), as well as that data storage devices can have one or more physical ports (see [0051]), Deshmukh does not explicitly disclose wherein configuring the proxy server comprises establishing port translations to be used in the communication channel.
However, Fletcher discloses wherein configuring the proxy server (see Fig.7:704; also see [0082]-[0084]; gateway server generally located at the customer's data center close to the target server has its own CDN-specific IP address used for secure access, and provides the following functions: connection tracking, state synchronization, network address translation) comprises:
 establishing port translations (see Fig.7:6; also see [0051]; At step 6, the packets are received by a server in the gateway region 704, destination NAT translates the virtual IP to the target address and source Network Address Port Translation is applied to the packet before it is sent; also see [0092]) to be used in the secure communication channel in communicating replication data (see [0090]-[0092]; synchronization data corresponds to replication data; also see [0083] and [0210]; Each machine in the gateway region preferably has its own CDN-specific IP address used for secure access… CDN regions support secure content (e.g., via SSL) implying use of the secure communication channel) between the first storage node and the second storage node (see last 8 lines of [0035]; two or more fixed endpoints desire to communicate with each other… the overlay mechanism operates by receiving IP packets at one set of servers, tunneling these packets through a series of CDN servers, and delivering them to a fixed, defined IP address; also see [0006]; the CDN are used in the storage/ caching of content, implying that the CDN servers comprise storage nodes).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fletcher with Deshmukh to establish port translations to be used in the secure communication channel in communicating replication data between the first storage node and the second storage node.
One of ordinary skill in the art would have been motivated to ensure improved application performance and reliability (Fletcher: [0014]).

Regarding claim 4, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server comprises configuring the proxy server to communicate with a tunnel endpoint associated with the first storage node (see [0051]; data storage devices 234 can have one or more physical ports, wherein each physical port can be assigned a target address on the data storage device that can be used to identify one or more LUNs … when the node connects to a volume, a connection between the node and the one or more logical unit numbers (LUNs) underlying the volume is created; examiner articulates that a target address on the data storage device that can be used to identify logical unit numbers (LUNs) corresponds to a tunnel endpoint associated with the first storage node).

Regarding claim 9, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server further comprises: communicating a key associated with the first storage node to the proxy server (see last 8 lines of [0061]; the access policy may be shared with other storage controllers; also see [0023]; access policy may define an authentication mechanism to authenticate (e.g., password authentication, public/private key authentication) storage controllers; also see [0064]-[0065]).

Regarding claim 10, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server further comprises communicating data to the proxy server representing a replication partnership identification associated with the first storage node (see [0064]-[0067] in view of Fig.4E; a first access policy is established in the first storage controller…first storage controller 402 may attach the first access policy 418 to the replication relationship established between the first storage controller and the second storage controller; similarly, a second access policy is established in the first storage controller… The first storage controller 402 may attach the second access policy 430 to the second replication relationship established between the first storage controller and the third storage controller; examiner interprets that since the second storage controller is aware of replication relationship 426 established between the first storage controller and the second storage controller, it would be obvious that a unique replication partnership identification is communicated to the second storage controller) and a replication partnership credential associated with the first storage node (see last 8 lines of [0061]; the access policy may be shared with other storage controllers; also see [0023]; access policy may define an authentication mechanism to authenticate (e.g., password authentication, public/private key authentication) storage controllers; also see [0064]-[0065]).

Regarding claim 11, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh further discloses wherein configuring the proxy server further comprises communicating data representing an identification of the first storage node (see last 8 lines of [0061]; the access policy may be shared with other storage controllers; also see [0023] and [0064]-[0065]; access policy may define an authentication mechanism for the storage controller to authenticate other storage controller (e.g., password authentication, public/private key authentication, certificate authentication, or other authentication used to determine that a data replication request originated from the other storage controller is not being spoofed; examiner interprets that the authentication data/ information shared with other storage controllers that authenticates first storage controller is data representing an identification of the first storage node).

As for Claim 12, the claims list all the same elements of claim 1, but in an apparatus form (see Deshmukh: Fig.2:202 and Fig.5:500) comprising at least one processor (see Deshmukh: Fig.2:204); and a memory (see Deshmukh: Fig.2:206 and Fig.5:508) that stores instructions (see Deshmukh: Fig.5:504; also see [0073]) to carry out the steps of claim 1, rather than the method form. Therefore, the supporting rationale of the rejection to claim 1 applies equally as well to claim 12.  

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Peterson et al. (hereinafter, Peterson, US 20130219469 A1).
Regarding claim 2, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh (modified by Fletcher) does not explicitly disclose wherein the proxy server and the second storage node comprise part of a private network; the private network comprises a plurality of storage nodes, including the second storage node; and configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.
Peterson discloses wherein the proxy server (Fig.1:120) and the second storage node (Fig.1:135; also see Fig.6:620-640 and [0010]) comprise part of a private network (Fig.1:125; also see [0015]); 
the private network (Fig.1:125) comprises a plurality of storage nodes (Fig.1:130-140), including the second storage node (Fig.1:135; also see Fig.6:620-640 and [0010]); and
configuring the proxy server further comprises selecting the second storage node (Fig.1:135) from among the plurality of storage nodes (see Fig.1:130-140; also see [0014]-[0015]; also see [0023]; VPN gateway server 120 may receive and process VPN connection requests from client device 110. Computing devices 130, 135 and 140 may be accessible to client device 100 through a secure VPN connection established via VPN gateway server 120… registered users may be allowed to access computing devices 130 and 135; examiner interprets that “gateway server allowing access to device 135 for registered users” indicate selection of device 135 from among the available devices by the gateway server). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Peterson with Deshmukh and Fletcher so that proxy server and the second storage node comprise part of a private network; the private network comprises a plurality of storage nodes, including the second storage node and configuring the proxy server further comprises selecting the second storage node from among the plurality of storage nodes.
One of ordinary skill in the art would have been motivated so that the computing/ storage devices may be accessible through a secure VPN connection established via VPN gateway server (Peterson: [0015]).

Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Perry (US 20030154306 A1).
Regarding claim 3, Deshmukh (modified by Fletcher) discloses the method of claim 1, including the proxy server establishing port translations to tunnel IP packets (see Fletcher: Fig.7:6; also see [0035] and [0051]), as set forth above. Deshmukh (modified by Fletcher) does not explicitly disclose wherein establishing the port translations comprises configuring local tunnel and reverse tunnel port translations associated with a public Internet Protocol (IP) address of the proxy server.
Perry discloses wherein establishing the port translations comprises configuring local tunnel and reverse tunnel port translations associated with a public Internet Protocol (IP) address of the proxy server (see [0024]; proxy interface is configured with only (1) public IP address, and acts as a translator to hosts on the public network or Internet who can access private hosts through the proxy interface. Inbound connections to a host name are resolved and then mapped to this single public IP address and a unique TCP or UDP port number is selected by the proxy device to map the inbound connection to the host private address; also see [0048]-[0051]; client sends a connection request over the LAN Ethernet addressed to the LAN port on the dual-homed RPAT device gateway (acting as a connection proxy) … The client requests a connection to a passive host. The passive host is connected to a different RPAT device (acting as a reverse proxy); also see [0067]-[0068]; port address translation used by the proxy device implements tunneling on network; also see Abstract; proxy device uses regular and reverse mapping).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Perry with Deshmukh and Fletcher so that establishing the port translations comprises configuring local tunnel and reverse tunnel port translations associated with a public Internet Protocol (IP) address of the proxy server.
One of ordinary skill in the art would have been motivated to enable IP hosts on a private network to be accessed from a public network (or the Internet) without requiring an administrator to assign a globally unique IP address to each system (Perry: [0024]).

Claim(s) 5 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1).

Regarding claim 5, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh (modified by Fletcher) does not explicitly disclose providing a portal accessible through a public network to receive data representing the credentials of the first storage node.
Fraser discloses providing a portal accessible through a public network to receive data representing the credentials of the first storage node (see [0026]-[0031]; input device 5 on client terminal 1 is used by the user to input authentication data… The authentication data is then communicated from the client terminal 1 via the Internet to either the security server 3 or the target server 2 to enable the identity of the user to be verified… where a user has entered valid authentication data via the client terminal 1 which has been successfully matched to the user's stored identity and authentication data, the user is then granted access to data 10 stored on the target server 2).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fraser with Deshmukh and Fletcher to provide a portal accessible through a public network to receive data representing the credentials of the first storage node.
One of ordinary skill in the art would have been motivated to verify identity data for existing customers or users (Fraser: [0031] lines 1-5).

As for Claim 13, the claim does not teach or further define over the limitations in claim 5. Therefore, claim 13 is rejected for the same reasons as set forth in claim 5.

Claim(s) 6 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in view of Herne (US 20090177856 A1) and in further view of Bachu et al. (hereinafter, Bachu, US 8135861 B1).

Regarding claim 6, Deshmukh (modified by Fletcher and Fraser) discloses the method of claim 5, as set forth above. Deshmukh (modified by Fletcher and Fraser) does not explicitly disclose using the portal to receive input identifying a geographic region for a replication partner for the first storage node; selecting the second storage node based on the identified geographic region; and communicating an identifier to the proxy server, wherein the identifier identifies the second storage node.
Kim discloses using the portal to receive input identifying a geographic region for a replication partner for the first storage node (see Fig.12:400; also see [0052]-[0057]; selection of a position / location of, or a selection between the private cloud server or the public cloud server where a service is to be executed, selection of a number of pieces of duplicate data in the private cloud server and/or the public cloud server are received from the client 4000; also see [0143]-[0146]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kim with Deshmukh, Fletcher and Fraser to use the portal to receive input identifying a geographic region for a replication partner for the first storage node.
One of ordinary skill in the art would have been motivated to distribute data in a hybrid cloud environment (Kim: Abstract).
Deshmukh (modified by Fletcher, Fraser and Kim) does not explicitly disclose selecting the second storage node based on the identified geographic region; and communicating an identifier to the proxy server, wherein the identifier identifies the second storage node.
Herne disclose selecting the second storage node based on the identified geographic region (see [0050]; backup process 308 may identify the location of storage system 314 as a target for backup data 322… a user may input an address or name for storage system 314).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Herne with Deshmukh, Fletcher, Fraser and Kim to select the second storage node based on the identified geographic region.
One of ordinary skill in the art would have been motivated so that the data is backed up to a storage device located on another data processing system (Herne: [0040]).
Deshmukh (modified by Fletcher, Fraser, Kim and Herne) does not explicitly communicating an identifier to the proxy server, wherein the identifier identifies the second storage node.
Bachu disclose communicating an identifier to the proxy server, wherein the identifier identifies the second storage node (see Col.4: lines 5-9; proxy receives data through the selected port IP address and writes the data to a requested location, such as a specific storage node or device; examiner interprets that the location of a specific storage node or device to where data is written corresponds to the identifier that identifies the second storage node; examiner also interprets that write location is requested to the proxy implies that the location is communicated to the proxy server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Bachu with Deshmukh, Fletcher, Fraser, Kim and Herne to communicate an identifier to the proxy server, wherein the identifier identifies the second storage node.
One of ordinary skill in the art would have been motivated so that backup data can be sent to backup server (Bachu: Col.2: lines 30-33).

As for Claim 14, the claim does not teach or further define over the limitations in claim 6. Therefore, claim 14 is rejected for the same reasons as set forth in claim 6.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in view of Herne (US 20090177856 A1) and in further view of Bachu et al. (hereinafter, Bachu, US 8135861 B1) and in further view of Noble et al. (hereinafter, Noble, US 7028153 B1).
Regarding claim 7, Deshmukh (modified by Fletcher, Fraser, Kim, Herne and Bachu) discloses the method of claim 1, as set forth above. Deshmukh (modified by Fletcher, Fraser, Kim, Herne and Bachu) does not disclose further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.
Noble discloses further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership (Col.5: lines 1-19 in view of Fig.3B; the backup server 303 is the parent computer system of the stored data on the mirror 313; the user may instruct the backup software (on the backup server) to identify a computer system other than the backup server as the parent computer system of the backed-up files. The backup software may receive the name of this second computer system as input… For example, the application server 301 may be specified as the device name alias for a particular backup task; examiner articulates that back-up relation indicating the parent computer system of the stored data on a mirror corresponds to storage tier associated with the replication partnership; examiner also articulates that application server 301 is selected as the parent computer system for a particular backup task based on a user input).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Noble with Fletcher, Fraser, Kim, Herne and Bachu to further basing selection of the second storage node on input identifying a storage tier associated with the replication partnership.
One of ordinary skill in the art would have been motivated for backing up data using a backup server based on user instruction/input (Noble: Col.1: lines 53-62).

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Clare et al. (hereinafter, Clare, US 20170060695 A1).
Regarding claim 8, Deshmukh (modified by Fletcher) discloses the method of claim 1, as set forth above. Deshmukh (modified by Fletcher) does not explicitly disclose wherein configuring the proxy server further comprises configuring the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.
Clare discloses configuring the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target (see [0020] and [0024]; the intermediary server may determine which target servers to use as source servers…For example, a target database, after having an incremental applied to it, may be used as a source database for another target database; also see [0016]-[0017]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Clare with Deshmukh and Fletcher to configure the proxy server to select one of the first storage node and the second storage node to be a replication source or a replication target.
One of ordinary skill in the art would have been motivated to conduct one or more of the processes for data replication (Clare: [0021]).

Claim(s) 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1) and in view of Takala et al. (hereinafter, Takala, US 20050144474 A1).

Regarding claim 15, Deshmukh (modified by Fletcher) discloses the apparatus of claim 12, as set forth above. Deshmukh (modified by Fletcher) does not explicitly disclose wherein the instructions, when executed by the at least one processor, cause the at least one processor to configure the proxy server to set up a network tunnel.
Takala discloses configure the proxy server to set up a network tunnel (see [0021]-[0029] and Fig.1; also see [0052]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Takala with Deshmukh and Fletcher to cause the at least one processor to configure the proxy server to set up a network tunnel.
One of ordinary skill in the art would have been motivated to establish a secure communication channel between end nodes (Takala: [0021]).

Regarding claim 16, Deshmukh (modified by Fletcher and Takala) discloses the apparatus of claim 15, as set forth above. Takala further discloses wherein the network tunnel comprises a Secure Shell (SSH) tunnel (see [0021]-[0029] and Fig.1; also see [0052]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Takala with Deshmukh and Fletcher so that the network tunnel comprises a SSH tunnel.
One of ordinary skill in the art would have been motivated to establish a secure communication channel between end nodes (Takala: [0021]).

Claim(s) 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in further view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1).

Regarding claim 17, Deshmukh discloses a non-transitory storage medium (Fig.5:508; also see [0073]) storing instructions (Fig.5:504) that, when executed by a machine (see Fig.1:116; Fig.2:202 and Fig.5:500), cause the machine to: 
access a proxy server (Fig.1:118 and Fig.4C:404; also see [0025] lines 16-17; node 118 may comprise a secondary or remote storage controller) for the replication partner storage node (Fig.1:130; also see [0028] and [0038]; node 118 may be configured to operate as a storage server to provide access to files and/or other data stored on the data storage device); and
communicate data representing the credential (see Fig.4C:420) to the proxy server (Fig.4C:404; also see [0054]-[0059]; A first storage controller may host first storage within which storage resources may be stored … a second storage controller may desire to establish a replication relationship with the first storage controller… Accordingly, an access policy (e.g., authentication, authorization, and access control) for the storage resource may be established for facilitating secure data replication… In this way, the first storage controller may establish an access policy for providing the second storage controller with access to storage resources. The second storage controller may establish a corresponding access policy; also see last 8 lines of [0061]; the access policy may be shared with other storage controllers; see [0064]-[0065]; authentication mechanism (e.g., a password authentication mechanism specifying a password) included within the first access policy that is shared with node 118 corresponds to credentials communicated to the proxy server).
Deshmukh does not explicitly disclose provide an interface to receive input representing a credential associated with a first storage node and input representing criteria to select a replication partner storage node for the first storage node; communicate with the proxy server to set up port forwarding for a future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Fraser discloses provide an interface to receive input representing a credential associated with a first storage node (see [0026]-[0031]; input device 5 on client terminal 1 is used by the user to input authentication data… The authentication data is then communicated from the client terminal 1 via the Internet to either the security server 3 or the target server 2 to enable the identity of the user to be verified… where a user has entered valid authentication data via the client terminal 1 which has been successfully matched to the user's stored identity and authentication data, the user is then granted access to data 10 stored on the target server 2).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fraser with Deshmukh to provide an interface to receive input representing a credential associated with a first storage node.
One of ordinary skill in the art would have been motivated to verify identity data for existing customers or users (Fraser: [0031] lines 1-5).
Deshmukh (modified by Fraser) does not explicitly disclose provide an interface to receive input representing criteria to select a replication partner storage node for the first storage node; communicate with the proxy server to set up port forwarding for a future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Kim discloses provide an interface to receive input representing criteria to select a replication partner storage node for the first storage node (see Fig.12:400; also see [0052]-[0057]; selection of a position / location of, or a selection between the private cloud server or the public cloud server where a service is to be executed, selection of a number of pieces of duplicate data in the private cloud server and/or the public cloud server are received from the client 4000; also see [0143]-[0146]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kim with Deshmukh and Fraser to provide an interface to receive input representing a credential associated with a first storage node and input representing criteria to select a replication partner storage node for the first storage node.
One of ordinary skill in the art would have been motivated to be able to distribute data in a hybrid cloud environment (Kim: Abstract).
 Deshmukh (modified by Fraser and Kim) does not explicitly disclose communicate with the proxy server to set up port forwarding for a future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
Mortensen discloses communicate with the proxy server (Fig.2:204) to set up port forwarding for a future secure network tunnel to communicate replication data between the first storage node (Fig.2:206) and the replication partner storage node (see Fig.2:201; also see [0039]; BackupAggregator 204 may start a port forwarding or TCP/IP connection tunneling 221 with the storage server 206 to transfer a replication file), wherein the proxy server (Fig.2:204) forms an endpoint of the secure network tunnel and the first storage node (Fig.2:206) forms another endpoint of the secure network tunnel (see [0039] in view of Fig.2:221).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Mortensen with Deshmukh, Fraser and Kim to communicate with the proxy server to set up port forwarding for a future secure network tunnel to communicate replication data between the first storage node and the replication partner storage node, wherein the proxy server forms an endpoint of the secure network tunnel and the first storage node forms another endpoint of the secure network tunnel.
One of ordinary skill in the art would have been motivated to synchronize storage nodes in a replication network (Mortensen: [0016]).

Regarding claim 18, Deshmukh (modified by Fraser, Kim and Mortensen) discloses the non-transitory storage medium of claim 17, as set forth above. Fraser further discloses provide access to the interface via a public network (see [0026]-[0031]; input device 5 on client terminal 1 is used by the user to input authentication data… The authentication data is then communicated from the client terminal 1 via the Internet).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fraser with Deshmukh, Kim and Mortensen to provide access to the interface via a public network.
One of ordinary skill in the art would have been motivated to verify identity data for existing customers or users (Fraser: [0031] lines 1-5).

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in further view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in further view Fletcher et al. (hereinafter, Fletcher, US 20070153782 A1).
Regarding claim 19, Deshmukh (modified by Fraser, Kim and Mortensen) discloses the non-transitory storage medium of claim 17, as set forth above. Deshmukh (modified by Fraser, Kim and Mortensen) does not disclose communicate with the proxy server to reserve a public network port of the proxy server and map the public network port to a private network port of the replication partner storage node.
Fletcher disclose communicate with the proxy server to reserve a public network port of the proxy server (see Fig.7:5-8; also see [0051]; clients desire to send packets to a single IP address… several intermediate servers receive the encapsulated packets and forward them to the gateway region… Destination NAT translates the virtual IP to the target address and source Network Address Port Translation is applied to the packet before it is sent; the single IP address used by several intermediate servers before Network Address Port Translation is applied corresponds to a reserved public network port of the proxy server) and map the public network port to a private network port of the replication partner storage node (see [0029]; client behind a corporate firewall IP is mapped directly to a gateway region while other clients are mapped to public regions; also see [0051]; Destination NAT translates the virtual IP to the target address and source Network Address Port Translation is applied to the packet before it is sent).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Fletcher with Deshmukh, Fraser, Kim and Mortensen to reserve a public network port of the proxy server and map the public network port to a private network port of the replication partner storage node.
One of ordinary skill in the art would have been motivated to ensure improved application performance and reliability (Fletcher: [0014]).

Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deshmukh et al. (hereinafter, Deshmukh, US 20170316075 A1) in view of Fraser et al. (hereinafter, Fraser, US 20120123920 A1) and in further view of Kim (US 20150046600 A1) and in further view Mortensen et al. (hereinafter, Mortensen, US 20150347548 A1) and in further view Clare et al. (hereinafter, Clare, US 20170060695 A1).
Regarding claim 20, Deshmukh (modified by Fraser, Kim and Mortensen) discloses the non-transitory storage medium of claim 17, as set forth above. Deshmukh (modified by Fraser, Kim and Mortensen) does not disclose select the replication partner based on a selection criteria.
Clare discloses select the replication partner based on a selection criteria ([0020]-[0021]; intermediary server may instruct the source or target database to conduct one or more of the processes for data replication when one or more of the monitored resources meet one or more criteria. In some embodiments, the criteria may be predetermined).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Clare with Deshmukh, Fraser, Kim and Mortensen to select the replication partner based on a selection criteria.
One of ordinary skill in the art would have been motivated to conduct one or more of the processes for data replication (Clare: [0021]).

Additional References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Vijayan et al. (US 20160092463 A1) discloses replicating configuration to partner node.
Teodosiu et al. (US 20070150558 A1) teaches file replication based on a peer-group comprising two servers that are direct replication partners.
Abouelwafa et al. (US 20080244174 A1) teaches establishing replication partnership between the selected initiator and target storage devices.
Chavan et al. (US 20190155705 A1) discloses coordinated replication of heterogeneous database stores.
Kumarasamy et al. (US 20130238562 A1) teaches data storage system utilizing proxy device for storage operations.
Muhlestein et al. (US 20160139845 A1) discloses storage level access control for data grouping structures.
BK et al. (US 20120330898 A1) teaches partner mirroring relationships provided with tray loss protection in an N node storage cluster architecture involving proxy.
Agarwal et al. (WO 2017188972 A2) discloses method for synchronization of the membership records of target created peer zones.
Rajakannimariyan et al. (CN 101305367 A) teaches web service-based data replication for heterogeneous storage systems.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANDARVA KHANAL whose telephone number is (571)272-8107. The examiner can normally be reached MON-FRI, 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANDARVA KHANAL/Examiner, Art Unit 2453                                                                                                                                                                                                        

/Hitesh Patel/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        
10/6/22