DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the arguments/remarks filed on 07/11/2022. Claims 1 – 20 are presented in the application and have been examined below, of which claims 1, 13, and 20 are presented in independent form.  Claims 5, 9, and 10 have being amended. Claims 1 – 20 are pending for consideration.


Response to Arguments
In view of the Applicant’s arguments in the Arguments/Remarks filed on 07/11/2022 (hereafter Remarks) are fully considered but they are moot in view of new ground of rejection.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 4, 9 – 11, 13 – 17, and 20 are rejected under 35 USC 103 as being unpatentable over Gedam et al. (US 2013/0275582) (hereafter Gedam) and in view of Cruz Olivera Queiros et al. (US 10379894) (hereafter Cruz).


Regarding claim 1 Gedam teaches: A computer-implemented method, comprising: identifying a node within a clustered system (Examiner note: node (i.e. computing device) identification is met by operation of the cluster managing system) (Gedam, in Para. [0052] discloses “the master node provides the functionality required to identify and provide address information associated with a server 106' hosting a requested application.” Gedam, in Para. [0162] discloses “the management component 404a identifies a computing device 100b on which to execute a requested virtual machine 406d and instructs the hypervisor 401b on the identified computing device 100b to execute the identified virtual machine” Gedam, in Para. [0229] discloses “Individual computing devices or appliances may be referred to as nodes of the cluster.” Gedam, in Para. [0236] discloses “the interface master may comprise a router performing equal-cost multi-path (ECMP) routing with next hops configured with appliances or nodes of the cluster” Gedam, in Para. [0240] discloses “an external ECMP router may identify the change in nodes”);  
Gedam fails to explicitly teach: comparing processes, services, and applications currently running on the node to predetermined processes, services, and applications that are associated with predetermined roles within the clustered system
assigning one of the predetermined roles to the node in response to determining that the processes, services, and applications currently running on the node match a predetermined number of predetermined processes, services, and applications linked to the one of the predetermined roles 
and setting one or more firewall parameters for the node within the clustered system, based on the predetermined role assigned to the node
Cruz from the analogous technical field teaches: comparing processes, services, and applications currently running on the node to predetermined processes, services, and applications that are associated with predetermined roles within the clustered system (Examiner note: the predetermined processes, services, and applications are met by creation a manifest corresponding to appropriate machine image which is used by virtual machine) (Cruz, in col.2, ll.41-43 discloses “Virtual machines typically are launched using an underlying machine image which comprises a binary that represents the guest operating system, drivers, applications, etc.” Cruz, in col.4, ll.7-11 discloses “The virtual machine validation agent then may compare its computed integrity metric(s) to the corresponding integrity metric(s) contained in the manifest.”)
assigning one of the predetermined roles to the node in response to determining that the processes, services, and applications currently running on the node match a predetermined number of predetermined processes, services, and applications linked to the one of the predetermined roles (Examiner note: assigning the predeterminer role to a node is met by permission to launch via VM the relevant processes defined, i.e. predetermined, in manifest on a host computer, i.e. computing network comprising individual nodes) (Cruz, in col.4, ll.12-14 discloses “If all integrity metrics within the manifest are successfully validated, then the instance may be permitted to launch on the host computer.” Cruz, in col.14, ll.31-36 discloses “in a distributed computing system such as one that collectively implements the provider network 100, each of the computing devices 502 may implement the same ISA, or individual computing nodes and/or replica groups of nodes may implement different ISAs.” Cruz, in col.15, ll.1-5 discloses “virtual machine validation agents 114 and other components described herein may be implemented as a separate computing device 502 executing software to provide the computing node with the functionality described herein.”)
and setting one or more firewall parameters for the node within the clustered system, based on the predetermined role assigned to the node (Examiner note: as noted above, assigning the predetermined role to a node is met by a relevant action of the VM in computer system) (Cruz, in col.2, ll.28-31 discloses “The user might opt to install a security patch for the operating system or modify a configuration setting such as a firewall rule.” Cruz, in col.6, ll.14-17 discloses “The customer then may modify the virtual machine such as adding or changing a firewall rule, downloading and applying a security patch for the operating system, etc.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify computing cluster system of Gedam, in view of the teaching of Cruz which discloses further modifications of a computing system for additional functions like comparative analysis of integrity metrics, i.e. predefined processes, via using virtual machines comprising manifests in order to improve a system functionality and security (Cruz, col.2, ll.28-31, col.4, ll.12-14, col.6, ll.14-17, col.14, ll.31-36, col.15, ll.1-5).

Regarding claim 2 Gedam, as modified by Cruz, teaches: The computer-implemented method of Claim 1, wherein the node is identified in response to an addition of the node to the clustered system (Examiner note: as noted above, node identification (comprising its role or functionality) is met by managing system including the ECMP router and application of the SNMP protocol with relevant threshold assignment) (Gedam, in Para. [0240] discloses “an external ECMP router may identify the change in nodes” Gedam, in Para. [0275] discloses “the threshold T is distributed across cores in multi-core system and/or across nodes in a clustered system based on number of cores or nodes”).

Regarding claim 3 Gedam, as modified by Cruz, teaches: The computer-implemented method of Claim 1, wherein the node is identified in response to a failure of another node within the clustered system (Gedam, in Para. [0240] discloses “when a node leaves the cluster (such as on failure, reset, or similar cases), an external ECMP router may identify the change in nodes”).

Regarding claim 4 Gedam, as modified by Cruz, teaches: The computer-implemented method of Claim 1, wherein the node is identified in response to an initial deployment of the clustered system (Gedam, in Para. [0162] discloses “the management component 404a identifies a computing device 100b on which to execute a requested virtual machine 406d and instructs the hypervisor 401b on the identified computing device 100b to execute the identified virtual machine” Gedam, in Para. [0237] discloses “appliance cluster 600 may be deployed as a non-intermediary node on a network with clients 102 and servers 106.”).

Regarding claim 9 Gedam, as modified by Cruz, teaches: The computer-implemented method of Claim 1, comprising dynamically turning a firewall port on for TUC1P427/P201703251US01- 3 -the node in response to another process and/or another service starting within the node; and dynamically turning a firewall port off for the node in response to the another process and/or the another service stopping within the node (Examiner note: dynamically turning on/off firewall execution is met by dynamically installation and execution the application firewall) (Gedam, in Para. [0142] discloses “The streaming client 306 dynamically installs the application, or portion thereof, and executes the application.” Gedam, in Para. [0094] discloses “the hardware layer 206 includes a processing unit 262 for executing software programs and services, a memory 264 for storing software and data, network ports 266 for transmitting and receiving data over a network” Gedam, in Para. [0125] discloses “The application firewall 290 may inspect or analyze any network communication in accordance with the rules or polices of the engine 236”
Gedam, in Para. [0063] discloses “In response to the request, the application delivery system 190 and/or server 106 may deliver the application and data file to the client 102”)

Regarding claim 10 Gedam, as modified by Cruz, teaches: The computer-implemented method of Claim 1, comprising detecting that one of the processes and/or services running on the node has stopped; and turning off a firewall port that is associated with the stopped process and/or service for the node in response to the detection (Examiner note: turning on/off the firewall associated with a specified process is met by the operation of the appliance 200 controlling the firewall functionality) (Gedam, in Para. [0059] discloses “the appliance 200 provides application firewall security, control and management of the connection and communications between a client 102 and a server 106.” Gedam, in Para. [0124] discloses “the appliance 200 provides application firewall functionality 290 for communications between the client 102 and server 106. In one embodiment, the policy engine 236 provides rules for detecting and blocking illegitimate requests.”)

Regarding claim 11 Gedam fails to explicitly teach: The computer-implemented method of Claim 1, wherein the predetermined role assigned to the node is compared to a table to find a matching predetermined role, and predetermined firewall parameters associated with the matching predetermined role are set for the node.
Cruz from the analogous technical field teaches: The computer-implemented method of Claim 1, wherein the predetermined role assigned to the node (Examiner note: assigning the predeterminer role to a node is met by permission to launch via VM the relevant processes defined, i.e. predetermined, in manifest on a host computer, i.e. computing network comprising individual nodes) (Cruz, in col.4, ll.12-14 discloses “If all integrity metrics within the manifest are successfully validated, then the instance may be permitted to launch on the host computer.” Cruz, in col.14, ll.31-36 discloses “in a distributed computing system such as one that collectively implements the provider network 100, each of the computing devices 502 may implement the same ISA, or individual computing nodes and/or replica groups of nodes may implement different ISAs.” Cruz, in col.15, ll.1-5 discloses “virtual machine validation agents 114 and other components described herein may be implemented as a separate computing device 502 executing software to provide the computing node with the functionality described herein.”)
 is compared to a table to find a matching predetermined role, and predetermined firewall parameters associated with the matching predetermined role are set for the node (Examiner note: the predetermined processes, services, and applications are met by creation a manifest corresponding to appropriate machine image which is used by virtual machine) (Cruz, in col.2, ll.41-43 discloses “Virtual machines typically are launched using an underlying machine image which comprises a binary that represents the guest operating system, drivers, applications, etc.” Cruz, in col.4, ll.7-11 discloses “The virtual machine validation agent then may compare its computed integrity metric(s) to the corresponding integrity metric(s) contained in the manifest.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify computing cluster system of Gedam, in view of the teaching of Cruz which discloses further modifications of a computing system for additional functions like comparative analysis of integrity metrics, i.e. predefined processes, via using virtual machines comprising manifests in order to improve a system functionality and security (Cruz, col.2, ll.28-31, col.4, ll.12-14, col.14, ll.31-36, col.15, ll.1-5).

Regarding claim 13, claim 13 discloses a product that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 13 and rejected for the same reasons.

Regarding claim 14 Gedam, as modified by Cruz, teaches: The computer program product of Claim 13, wherein the node is identified in response to an addition of the node to the clustered system (Examiner note: as noted above, node identification (comprising its role or functionality) is met by managing system including the ECMP router and application of the SNMP protocol with relevant threshold assignment) (Gedam, in Para. [0240] discloses “an external ECMP router may identify the change in nodes” Gedam, in Para. [0275] discloses “the threshold T is distributed across cores in multi-core system and/or across nodes in a clustered system based on number of cores or nodes”).

Regarding claim 15 Gedam, as modified by Cruz, teaches: The computer program product of Claim 13, wherein the node is identified in response to a failure of another node within the clustered system (Gedam, in Para. [0240] discloses “when a node leaves the cluster (such as on failure, reset, or similar cases), an external ECMP router may identify the change in nodes”).

Regarding claim 16 Gedam, as modified by Cruz, teaches: The computer program product of Claim 13, wherein the node is identified in response to an initial deployment of the clustered system (Gedam, in Para. [0162] discloses “the management component 404a identifies a computing device 100b on which to execute a requested virtual machine 406d and instructs the hypervisor 401b on the identified computing device 100b to execute the identified virtual machine” Gedam, in Para. [0237] discloses “appliance cluster 600 may be deployed as a non-intermediary node on a network with clients 102 and servers 106.”).

Regarding claim 17 Gedam, as modified by Cruz, teaches: The computer-implemented method of Claim 1, wherein: a graphical user interface (GUI) role is assigned to the node in response to determining that the processes, services, and applications currently running on the node include one or more graphical user interface (GUI) processes (Examiner note: assigning GUI to the node is met by GUI running in user or kernel space) (Gedam, in Para. [0110] discloses “The GUI 210 or CLI 212 can comprise code running in user space 202 or kernel space 204. The GUI 210 may be any type and form of graphical user interface and may be presented via text, graphical or otherwise, by any type of program or application, such as a browser.”)
[that match a predetermined number of predetermined processes, services, and applications] 
linked to the GUI role within a table (Gedam, in Para. [0110] further discloses “The shell services 214 comprises the programs, services, tasks, processes or executable instructions to support interaction with the appliance 200 or operating system by a user via the GUI 210 and/or CLI 212.”),
a storage role is assigned to the node in response to determining that the processes, services, and applications currently running on the node include one or more storage processes (Examiner note: assigning a storage role to the node is met by the storage function in the network by a server) (Gedam, in Para. [0230] discloses “the cluster may operate as an application server, network storage server, backup service, or any other type of computing device without limitation.”); 
[that match a predetermined number of predetermined processes, services, and applications] 
linked to the storage role within the table, and an application server role is assigned to the node in response to determining that the processes, services, and applications currently running on the node include one or more application server processes (Gedam, in Para. [0230] discloses “Servers 106 may be referred to as a file server, application server, web server, proxy server, or gateway server. In some embodiments, a server 106 may have the capacity to function as either an application server or as a master application server.”)
[that match a predetermined number of predetermined processes, services, and applications] 
linked to the application server role within the table (Gedam, in Para. [0230] discloses “Although referred to as an appliance cluster, in many embodiments, the cluster may operate as an application server, network storage server, backup service, or any other type of computing device without limitation”).
Gedam fails to explicitly teach: that match a predetermined number of predetermined processes, services, and applications
Cruz from the analogous technical field teaches: that match a predetermined number of predetermined processes, services, and applications (Cruz, in col.11, ll.11-14 discloses “The machine image is successfully validated if all of the newly computed integrity metrics match the integrity metrics from the manifest.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify computing cluster system of Gedam, in view of the teaching of Cruz which discloses comparative analysis of integrity metrics, i.e. predefined processes, via using virtual machines comprising manifests in order to improve a system functionality and security (Cruz, col.11, ll.11-14).

Regarding claim 20, claim 20 discloses a system that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 20 and rejected for the same reasons.

Claim 5 is rejected under 35 USC 103 as being unpatentable over Gedam et al. (US 2013/0275582) (hereafter Gedam), in view of Cruz Olivera Queiros et al. (US 10379894) (hereafter Cruz), and in view of Fang (US 2019/0190771 A1) (hereafter Fang).

Regarding claim 5 Gedam teaches: The computer-implemented method of Claim 1, 
[wherein the one of the predetermined roles of the node] 
[is assigned in response to an initial deployment of the clustered system,] 
and comprising: TUC1P427/P201703251US01- 2 -identifying a change to the processes, services, and applications currently running on the node, the change occurring in response to a failure of another node within the clustered system (Gedam, in Para. [0240] discloses “when a node leaves the cluster (such as on failure, reset, or similar cases), an external ECMP router may identify the change in nodes, and may rehash all flows to redistribute traffic.”), where the node is a backup node for the other node (Examiner note: making a node as a backup for the other node is a part of the backup service) (Gedam, in Para. [0230] discloses “the cluster may operate as an application server, network storage server, backup service, or any other type of computing device without limitation.”);
Gedam fails to explicitly teach: wherein the one of the predetermined roles of the node
comparing the changed processes, services, and applications currently running on the node to the predetermined processes, services, and applications that are associated with the predetermined roles within the clustered system 
to determine a second predetermined role of the node; and updating the one or more firewall parameters for the node within the clustered system, based on the second predetermined role of the node.
Cruz from the analogous technical field teaches: wherein the one of the predetermined roles of the node
comparing the changed processes, services, and applications currently running on the node to the predetermined processes, services, and applications that are associated with the predetermined roles within the clustered system (Examiner note: the predetermined processes, services, and applications are met by creation a manifest corresponding to appropriate machine image which is used by virtual machine) (Cruz, in col.2, ll.41-43 discloses “Virtual machines typically are launched using an underlying machine image which comprises a binary that represents the guest operating system, drivers, applications, etc.” Cruz, in col.4, ll.7-11 discloses “The virtual machine validation agent then may compare its computed integrity metric(s) to the corresponding integrity metric(s) contained in the manifest.”)
to determine a second predetermined role of the node; and updating the one or more firewall parameters for the node within the clustered system, based on the second predetermined role of the node (Examiner note: as noted above, determination the predetermined role to a node including second and/or any additional role is met by a relevant action of the VM in computer system; update of the firewall parameters  is met by appropriate firewall configuration setting) (Cruz, in col.2, ll.28-31 discloses “The user might opt to install a security patch for the operating system or modify a configuration setting such as a firewall rule.” Cruz, in col.6, ll.14-17 discloses “The customer then may modify the virtual machine such as adding or changing a firewall rule, downloading and applying a security patch for the operating system, etc.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify computing cluster system of Gedam, in view of the teaching of Cruz which discloses further modifications of a computing system for additional functions like analysis of integrity metrics, i.e. predefined processes, including updates, via using virtual machines comprising manifests in order to improve a system functionality and security (Cruz, col.2, ll.28-31, col.6, ll.14-17).
Gedam, as modified by Cruza, fails to explicitly teach: is assigned in response to an initial deployment of the clustered system
Fang from the analogous technical field teaches: is assigned in response to an initial deployment of the clustered system
(Examiner note: in response to a deployment of the cluster system is met by the controller node 10 functions comprising the cloud service management of cloud platform, i.e. operation assignments etc.) (Fang in Para. [0007] discloses “The cloud service management method comprises steps: providing a controller node having a cloud service template parser and a management application” Fang in Para. [0011] discloses “A cloud platform 1 can execute a cloud service management method according to one embodiment of the present invention to manage an Internet-based cloud computing service. In general, the cloud platform 1 contains a plurality of nodes respectively having different functions. The nodes may be but is not limited to be a controller node 10, a compute node 12 and a storage node (not shown in the drawing).”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gedam, as modified by Cruz, in view of the teaching of Fang which discloses deployment operation management in a cluster system in order to improve efficiency of the node service management in a system (Feng, [0007, 0011]).

Claims 6, 7, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gedam et al. (US 2013/0275582 A1) (hereafter Gedam), in view of Cruz Olivera Queiros et al. (US 10379894) (hereafter Cruz), and in view of Odom et al. (US 2018/024422) (hereafter Odom).

Regarding claim 6 Gedam teaches: The computer-implemented method of Claim 1, wherein the firewall parameters include (Examiner note: as noted above rules/policy engine 236 is responsible for configuration (i.e. setting parameters) of the firewall) (Gedam, in Para. [0104] discloses “the policy engine 236 provides a configuration mechanism to allow a user to identify, specify, define or configure a caching policy.” Gedam, in Para. [0124] discloses “the rules/policy engine 236 comprises one or more application firewall or security control policies for providing protections against various classes and types of web or Internet”): an opening and closing of one or more predetermined ports within the clustered system, where the predetermined ports that are opened include ports determined to be necessary for the processes, services, and applications associated with the role, and the ports that are closed include ports determined to be not necessary for the processes, services (Gedam, in Para. [0094] discloses “the hardware layer 206 includes a processing unit 262 for executing software programs and services, a memory 264 for storing software and data, network ports 266 for transmitting and receiving data over a network, and an encryption processor 260 for performing functions related to Secure Sockets Layer processing of data transmitted and received over the network.”), and applications associated with the role, and one or more limitations imposed by the firewall (Examiner note: control over roles (i.e. functionality) of application and firewall caused limitations is met by the operations of the appliance 200) (Gedam, in Para. [0113] discloses “the appliance 200 provides one or more of the following services, functionality or operations: SSL VPN connectivity 280, switching/ load balancing 284, Domain Name Service resolution 286, acceleration 288 and an application firewall 290 for communications between one or more clients 102 and one or more servers 106”) 
Gedam, as modified by Cruz, fails to explicitly teach: the limitations including allowing only read access through one or more predetermined ports within the clustered system, and allowing access through one or more additional predetermined ports to only a predetermined set of internet addresses listed in a table 
Odom from the analogous technical field teaches: the limitations including allowing only read access (Odom, in Para. [0068] discloses “the data storage 102 may communicate directly or indirectly with a server 301 that delivers data to the data storage 102 such as through a file transfer or other communication protocol. Alternatively, the data storage 102 storing the data is readable only”) through one or more predetermined ports within the clustered system, and allowing access through one or more additional predetermined ports to only a predetermined set of internet addresses listed in a table (Odom, in Para. [0177] discloses “the custodian servers 2308 connect to the data server 2310 on a predetermined event at a predetermined port address. For example, in an optional embodiment, the custodian servers 2308 may store a predetermined port address for the data server 2310 and connect to the data server upon a predetermined event”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gedam, as modified by Cruz, in view of the teaching of Odom which discloses configuration of communication between server and storage through the predetermined ports including the ‘read-only’ option in order to improve communication management with server within the network (Odom, [0068, 0177]).

Regarding claim 7 Gedam, as modified by Cruz, fails to explicitly  teach: The computer-implemented method of Claim 1, wherein the firewall parameters for the node include: an opening of ports determined to be necessary for the processes, services, and applications linked to the one of the predetermined roles, a closing of ports determined to be not necessary for the processes, services, and applications linked to the one of the predetermined roles, and a limiting of data access via one or more predetermined ports within the clustered system 
Odom from the analogous technical field teaches: Regarding claim 7 Gedam, as modified by Cruz, fails to explicitly teach: The computer-implemented method of Claim 1, wherein the firewall parameters for the node include: an opening of ports determined to be necessary for the processes, services, and applications linked to the one of the predetermined roles, a closing of ports determined to be not necessary for the processes, services (Examiner note: operation of ports according the firewall parameters is met by the operation of ports through servers followed firewall instructions/configurations) (Odom, in Para. [0214] discloses “Depending on the application type, either the application server 2504 or authentication server 2506 will send instructions to the outside and inward facing firewalls to allow this connection with the unique identification key sent to device to transmit in private.” Odom, in Para. [0215] discloses “These keys allow both firewalls of each server to regulate pathways connection to one another after verification.”), and applications linked to the one of the predetermined roles, and a limiting of data access via one or more predetermined ports within the clustered system (Odom, in Para. [0177] discloses “the custodian servers 2308 connect to the data server 2310 on a predetermined event at a predetermined port address. For example, in an optional embodiment, the custodian servers 2308 may store a predetermined port address for the data server 2310 and connect to the data server upon a predetermined event”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gedam, as modified by Cruz, in view of the teaching of Odom which discloses configuration of communication between server and storage through the predetermined ports including the ‘read-only’ option in order to improve communication management with server within the network (Odom, [0177, 0214, 0215]).

Regarding claim 18 Gedam, as modified by Cruz and Odom, teaches: The computer-implemented method of Claim 1, wherein the firewall parameters include: an opening and closing of one or more predetermined ports within the clustered system, 
(Gedam, in Para. [0066] discloses “The application delivery system 190 selects one of a predetermined number of methods for executing the enumerated application, for example, responsive to a policy of a policy engine.” Gedam, in Para. [0108] discloses “integrated packet engine 240, also generally referred to as a packet processing engine or packet engine, is responsible for managing the kernel-level processing of packets received and transmitted by appliance 200 via network ports 266.”) where the predetermined ports that are opened include ports determined to be necessary for the processes, services, and applications (Gedam, in Para. [0217] discloses “The rules may identify a core or packet processing engine to receive a network packet, data or data flow. The rules may identify any type and form of tuple information related to a network packet, such as a 4-tuple of source and destination IP address and source and destination ports.”) associated with the predetermined role assigned to the node, (Odom, in Para. [0177] discloses “the custodian servers 2308 connect to the data server 2310 on a predetermined event at a predetermined port address. For example, in an optional embodiment, the custodian servers 2308 may store a predetermined port address for the data server 2310 and connect to the data server upon a predetermined event”) and the ports that are closed include ports determined to be not necessary for the processes, services, and applications associated with the predetermined role assigned to the node, and one or more limitations imposed by the firewall, the limitations including allowing only read access through one or more predetermined ports within the clustered TUC1P427/P201703251US01- 5 -system (Odom, in Para. [0177] discloses “the custodian servers 2308 connect to the data server 2310 on a predetermined event at a predetermined port address. For example, in an optional embodiment, the custodian servers 2308 may store a predetermined port address for the data server 2310 and connect to the data server upon a predetermined event”) and allowing access through one or more additional predetermined ports to only a predetermined set of internet addresses listed in a table; wherein the predetermined role is assigned to the node in response to an initial deployment of the clustered system, and further comprising: identifying a change to the processes, services, and applications currently running on the node in response to a failure of another node within the clustered system, where the node is a backup node for the other node (Examiner note: making a node as a backup for the other node is a part of the backup service) (Gedam, in Para. [0230] discloses “the cluster may operate as an application server, network storage server, backup service, or any other type of computing device without limitation.”); comparing the changed processes, services, and applications currently running on the node to the predetermined processes, services, and applications that are associated with the predetermined roles within the clustered system to determine a second predetermined role of the node; and updating the one or more firewall parameters for the node within the clustered system, based on the second predetermined role of the node. (Examiner note: the predetermined processes, services, and applications are met by creation a manifest corresponding to appropriate machine image which is used by virtual machine) (Cruz, in col.2, ll.41-43 discloses “Virtual machines typically are launched using an underlying machine image which comprises a binary that represents the guest operating system, drivers, applications, etc.” Cruz, in col.4, ll.7-11 discloses “The virtual machine validation agent then may compare its computed integrity metric(s) to the corresponding integrity metric(s) contained in the manifest.”)

Regarding claim 19 Gedam, as modified by Cruz and Odom, teaches: The computer-implemented method of Claim 1, wherein: each of the predetermined roles include a function of the node within the clustered system, within one or more tables, each of the predetermined roles is linked to its predetermined processes, services, and applications (Examiner note: the predetermined role, as defined in Para. [0066] of SPECS, is met by the disclosed broad functionality of Gedam’s thresholds where a threshold is defined as a very general parameter (i.e. value, level, condition) characterizing processes (via predefined values, levels), processors (including single or multiple cores running under predefined conditions), applications etc. running on a node or nodes in a cluster) (Gedam in Para. [0006] discloses “As soon as a per node threshold is reached or exceeded, the member node informs the master node about the given entity as the potential-trap-generating entity.” Gedam in Para. [0254] discloses “The threshold may correspond to a predetermined point or level in a range of possible values for the monitored value. The threshold may correspond to an event or condition of the entity. The threshold 715 may comprise a predetermined value upon which to trigger an SNMP trap. The threshold may comprise a threshold for an entity that is assigned to the multi-core device regardless of the number of cores. The threshold may comprise a threshold of an entity that is assigned to a cluster of device/nodes regardless of the number of nodes in the cluster. The threshold may comprise a single threshold for all instances of the entity that may run in a multi-core or cluster system.” Gedam in Para. [0221] discloses “a predetermined percentage or predetermined amount of each of the memory of each core may be used for the global cache.”) and the comparing includes comparing the processes, services, and applications currently running on the node to the one or more tables to determine a match (Examiner note: the predetermined processes, services, and applications are met by creation a manifest corresponding to appropriate machine image which is used by virtual machine) (Cruz, in col.2, ll.41-43 discloses “Virtual machines typically are launched using an underlying machine image which comprises a binary that represents the guest operating system, drivers, applications, etc.” Cruz, in col.4, ll.7-11 discloses “The virtual machine validation agent then may compare its computed integrity metric(s) to the corresponding integrity metric(s) contained in the manifest.”)

Claims 8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Gedam et al. (US 2013/0275582 A1) (hereafter Gedam), and in view of Cruz Olivera Queiros et al. (US 10379894) (hereafter Cruz), in view of Fang (US 2019/0190771 A1) (hereafter Fang), and in view of Ago et al. (US 2016/0092570 A1) (hereafter Ago).

Regarding claim 8 Gedam, as modified by Cruz and Fang fails to explicitly teach: The computer-implemented method of Claim 1, wherein the determined role is stored as metadata within the node.
Ago from the analogous technical field teaches: The computer-implemented method of Claim 1, wherein the determined role is stored as metadata within the node.
(Examiner note: indexer comprises node characteristics and controls nodes) (Ago, in Para. [0058] discloses “The indexer subsequently associates the determined timestamp with each event at block 204, for example by storing the timestamp as metadata for each event.” Ago, in Para. [0180] discloses “cluster 1600 includes indexers 1604A, 1604B, corresponding data stores 1606A, 1606B, a search head 1608A and a master node 1610A.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gedam, as modified by Cruz and Fang, in view of the teaching of Ago which discloses storage of the data as metadata in order to improve data management in the system (Ago, [0058, 0180]) 

Regarding claim 12 Gedam as modified by Cruz and Fang, fails to explicitly teach: The computer-implemented method of Claim 1, wherein the clustered system includes a cloud computing environment.
Ago from the analogous technical field teaches: The computer-implemented method of Claim 1, wherein the clustered system includes a cloud computing environment (Ago, in Para. [0200] discloses “This can include, in at least some embodiments, communicating the configuration information back to the shared storage location through a firewall associated with a cloud-based cluster.” Ago, in Para. [0217] discloses “For example, the functionality may be implemented in part on the computing device 2002 as well as via the platform 2016 that abstracts the functionality of the cloud 2014. As such, cloud-based clusters such as those described above can be provided by platform 2016.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Gedam, as modified by Cruz and Fang, in view of the teaching of Ago which discloses a cloud-based designed cluster in order to improve the functionality of the network (Ago, [0200, 0217]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, Garcia Morchon et al. (US 2014/0115666), Luckett (8922590).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431        

/TRANG T DOAN/Primary Examiner, Art Unit 2431