DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/2/2022 has been entered.
 
Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Bain (US 2020/0012745 A1).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-6, 8-15, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pasternak (US 9,355,004 B2) in view of Bain (US 2020/0012745 A1) and Lewis (US 2020/0036615 A1).

Regarding claim 1, Pasternak discloses: A method comprising: 
receiving access credentials (e.g., Col. 10, Ll. 40-51 concerning credentials) for a monitoring query (e.g., Col. 11, Ll. 40-43 and Col. 12, Ll.  60-64 concerning the terminal window), the monitoring query requesting monitoring of a deployment unit (DU) of a remote cloud service for a customer (e.g., user in Col 1, Ll. 36-40); and 
Refer to at least FIG. 8A and Col. 10, Ll. 40-51 of Pasternak with respect to access credential associated with a monitoring template for host machine hosting virtual machine activities (e.g., Col 3, Ll. 29-33).  
establishing a secure channel for the monitoring of the DU using the received access credentials for the monitoring of the DU, 
Refer to at least Col. 4, Ll. 57-62, FIG. 8B, Col. 10, Ll. 52-65, and Col. 11, Ll. 34-46 of Pasternak with respect to establishing a secure channel for the monitoring template.
wherein the secure channel is established [through the use of a performance monitor];
Refer to at least Col. 11, Ll. 34-46 and Col. 12, Ll. 60-Col. 13, Ll. 7 of Pasternak with respect to the secure channel being established via a performance monitor.
receiving monitoring data for the DU via the established secure channel.
Refer to at least the abstract of Pasternak with respect to obtaining output of monitoring via the secure channel.
	Pasternak does not disclose: dynamically choosing an available port for the monitoring query; deploying an on-demand port forwarding container; that the secure channel is established using the chosen port and through the use of the on-demand port forwarding container; deleting the on-demand port forwarding container in response to completion of the monitoring query. However, Pasternak in view of Bain discloses: dynamically choosing an available port for the monitoring query; deploying an on-demand port forwarding container; that the secure channel is established using the chosen port and through the use of the on-demand port forwarding container;
Refer to at least FIG. 2, [0022], [0045], [0047], and [0056]-[0062] of Bain with respect to a container for dynamically allocating ports for queries on a per-query basis. An encrypted channel is provided via the dynamically allocated ports.
	The teachings of Pasternak and Bain concern remote queries, and are considered to be within the same field of endeavor and combinable as such. For instance, Pasternak concerns SSH per the citations above concerning the secure channel; Bain concerns querying via an external application over an encrypted channel as per the citations above.
	Therefore it would have been obvious to one of ordinary skill before the filing date of Applicant’s invention to modify the teachings of Pasternak to further implement per-query dynamically allocated ports and secure channels via the ports for at least the reasons provided in [0074] of Bain (i.e., increasing security by reducing a likelihood of attacks).
	Pasternak-Bain does not fully disclose: deleting the on-demand port forwarding container in response to completion of the monitoring query. However, Pasternak-Bain in view of Lewis discloses: deleting the on-demand port forwarding container in response to completion of the monitoring query. 
Refer to at least [0068] of Lewis with respect to decommissioning web application firewall (WAF) containers as needed. The WAF container is used in monitoring and securing communications with a user device (e.g., FIG. 3A-C of Lewis). 
	The teachings of Pasternak-Bain comprise a performance monitor module for secure virtual machine monitoring, and discuss a variety of secure channel implementations (e.g., Col. 11, Ll. 38-40). Further, the cited portions of Lewis concern virtual machine monitoring, while at least [0089] of Lewis comprise exemplary secure channels. As such, the teachings are considered to be within the same field of endeavor and combinable as such. 
	Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Pasternak-Bain to decommission the containers after completion of queries for at least the purpose of improving efficiency by reducing usage of computing resources when not needed.

Regarding claim 2, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein: the DU runs a monitoring service, and the port forwarding container is to establish the secure channel to interface with the monitoring service to receive requested monitoring data for the DU.
Refer to at least Col. 3, Ll. 26-Col. 4, Ll. 13 and Col. 12, Ll. 36-40 with respect to monitoring and providing the monitoring data over the secure channel. 
Refer to at least FIG. 3A-C of Lewis with respect to the WAF container securing the channel between the user device and web app.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 3, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the access credentials are received from a remote account manager (paragraph 33 of the specification defines the remote account manager as being a component which provides access credentials) associated with the remote cloud service.
Refer to at least Col. 10, Ll. 29-51 of Pasternak with respect to providing the credentials via the performance monitor and/or any combination of hardware or software.

Regarding claim 4, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the access credentials are a first set of access credentials, the DU is a first DU, the remote cloud service is a first remote cloud service, the chosen port is a first chosen port, the secure channel is a first secure channel, and the port forwarding container is a first port forwarding container, further comprising: receiving a second set of access credentials for a second monitoring query, the second monitoring query requesting monitoring of a second DU of a second remote cloud service for a second customer; dynamically choosing a second available port for the second monitoring query: deploying a second on-demand port forwarding container; establishing a second secure channel for the monitoring of the second DU using the second chosen port and the second set of access credentials for the monitoring of the second DU, wherein the second secure channel is established through use of the second on-demand port forwarding container,  receiving monitoring data for the second DU via the established second secure channel: and deleting the second on-demand port forwarding container in response to completion of the second monitoring query.
Refer to at least Col. 10, Ll. 65-Col. 11, Ll. 1, Col. 12, Ll. 58-Col. 13, Ll. 8, and Col. 14, Ll. 20-31 of Pasternak with respect to potentially creating a plurality of monitoring templates, each associated with their respective secure channel and respective credentials (e.g., see FIG. 8A concerning the credentials). 
Refer to at least FIG. 3 and Col. 6, Ll. 60-Col. 7, Ll. 2 of Pasternak with respect to creating and executing multiple monitoring templates within the performance monitor.
Refer to at least [0022], [0045], [0047], and [0056]-[0062] of Bain with respect to per-query dynamic port allocation and encryption.
Refer to at least FIG. 3A-C, [0058], [0065], and [0070] of Lewis with respect to launching multiple WAF containers as required per request / per user.
This claim would have been obvious for substantially the same reasons as claim 1 above (i.e., the case of more than 1 query).

Regarding claim 5, Pasternak-Bain-Lewis discloses: The method of claim 4, further comprising: displaying the monitoring data received for the first and second DU from the first and second secure channels.
Refer to at least FIG. 5D of Pasternak with respect to a performance monitor GUI.

Regarding claim 6, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the on-demand port forwarding container dynamically chooses a new available port for each of a plurality of monitoring queries, and uses the respective chosen port in establishing a secure channel for monitoring of a DU for each of the plurality of monitoring queries.
Refer to at least [0022], [0045], [0047], and [0056]-[0062] of Bain with respect to a container for dynamically allocating ports for queries on a per-query basis. An encrypted channel is provided via the dynamically allocated ports.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 8, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the secure channel is to receive monitoring data for the DU without the use of a permanent session.
Refer to at least the abstract and [0068] of Lewis, wherein any unused WAF containers (which provide a bridge / protect from network attacks, and provide monitoring—e.g., FIG. 3A-C and [0070]-[0071] of Lewis) may be decommissioned or deleted. When the WAF containers are decommissioned / deleted, the services provided by the firewall are ended, and the secure connection is over.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 9, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning monitoring machines / nodes).

Regarding claim 10, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the secure channel is established through the use of a command provided to a container-orchestration system that creates a data connection from a remote client to a cloud service.
Refer to at least Col. 3, Ll. 51-Col. 4, Ll. 12 and Col. 12, Ll. 36-40 of Pasternak with respect to requesting to create the secure channel between devices. 

Regarding claim 11, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the monitoring of the DU does not consume additional storage (interpreted in accordance with at least [0033] of the instant specification which recites that “a system to monitor multiple customer deployment units on demand and without consuming any additional storage… achieved by establishing a secure channel between a proposed system and a monitoring service running in a DU.”).
Refer to at least [0065] and [0070]-[0071] of Lewis with respect to launching WAF containers to be used in monitoring and securing communications with a user device (e.g., FIG. 3A-C of Lewis). The WAF containers are decommissioned / deleted as needed. Therefore, does not consume additional storage.
Refer to at least [0015] of Lewis with respect to launching WAF containers on demand. 
This claim would have been obvious for substantially the same reasons as claim 1 above (e.g., increased scalability as per at least [0005] of Lewis).

Regarding independent claim 12, it is substantially similar to elements of independent claim 1 and dependent claim 4 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and the obviousness rationale).

Regarding claim 13, it is substantially similar to claim 5 above, and is therefore likewise rejected.

Regarding independent claim 14, it is substantially similar to independent claim 1 above, and is therefore likewise rejected.

Regarding claim 15, it is substantially similar to claim 2 above, and is therefore likewise rejected.

Regarding claim 18, Pasternak-Bain-Lewis discloses: The method of claim 1, wherein the port forwarding container is deployed by a port forwarding manager.
Refer to at least [0015] of Lewis with respect to the container management system.
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 19, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations and obviousness rationale).

Regarding claim 20, it is rejected for substantially the same reasons as claim 1 above (i.e., the container is on a per-query basis for a given application/user).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432