DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Pulapaka et al. (US 10333985) in view of Metzger at al. (US 11342987) in view of Rietschin et al. (US 11334364).
As per claim 1, Pulapaka teaches the invention substantially as claimed including an information handling system, comprising: 
	a processor subsystem (Column 28, Lines 35-39, The processing system 1004 is representative of functionality to perform one or more operations using hardware. Accordingly, the processing system 1004 is illustrated as including hardware elements 1010 that may be configured as processors, functional blocks, and so forth); and 
	non-transitory computer-readable media communicatively coupled to the processor subsystem and storing instructions, the instructions configured to, when read and executed by the processor subsystem: 
	execute a basic/input output service to create a link aggregation table with details based on wireless and wired network interface modules present within the information handling system (Column 12, Lines 31-38, When host operating system 102 starts up, HVSI subsystem 110 contacts policy manager 112 to obtain a list of trusted network resources for the host operating system, along with any policy objects and corresponding security parameters. HVSI subsystem 110 aggregates these trusted network resources, policy objects, and corresponding security parameters and applies this aggregated policy to host operating system 10); 
	execute a first operating system service on a container instantiated on a hypervisor of the information handling system (Column 1, Lines 40-50, a service control manager configured to distribute and manage services across containers is provided in a host runtime environment. A request to access a service is received at the service control manager from a client stub of a client implemented in a client runtime environment of a first container. The request is validated against a set of security rules and policies, and the client is granted access to the service if the client is permitted to access the service based on the set of security rules and policies. Next, if a service provider of the service is available, connection information is returned to the client) [to instantiate virtual link aggregation tables for the container based on a network bandwidth policy of the container and link aggregation capabilities as set forth in the link aggregation table]; and 
	execute a second operating system service on the hypervisor (Column 5, Lines 19-25, The host operating system 102 also includes a hardware-based virtualized security isolation (HVSI) subsystem 110, a policy manager 112, one or more applications 114, a network filter 116, a container manager 118, and a security subsystem 120. The host operating system 102 also manages one or more containers, illustrated as multiple (n) containers 130(1), . . . , 130(n)) [to instantiate an operating system driver based on operating systems for network instances of link aggregation drivers] and dynamic detection of network driver requirements determined by the first operating system service (Column 6, Lines 6-27, Network filter 116 includes at least one physical network interface card and at least one host virtual network interface card. Network filter 116 additionally includes a filter driver, which is configured to intercept requested network resources as they are transmitted from the network 108 to the host operating system 102. These intercepted network resources are then compared by the HVSI subsystem 110 against one or more policies stored in policy manager 112. In this manner, network filter 116 ensures that the host operating system 102 is prevented from accessing any untrusted network resources. Similarly, network filter 116 ensures that one or more of containers 130(1), . . . , 130(n) are unable to access any trusted network resources. For example, in one or more embodiments network filter 116 is configured to change data associated with individual packets of a trusted network resource to ensure that the trusted network resource is accessed only by the host operating system 102 and is prevented from being accessed by any of the one or more of containers 130(1), . . . , 130(n).).

	Pulapaka fails to specifically teach, execute a first operating system service on a container instantiated on a hypervisor of the information handling system to instantiate virtual link aggregation tables for the container based on a network bandwidth policy of the container and link aggregation capabilities as set forth in the link aggregation table.
	However, Metzger teaches, execute a first operating system service on a container instantiated on a hypervisor of the information handling system (Column 25, Lines 12-17, Sharing of resources among child nodes might occur in certain cases, such as when a hypervisor system of the child node can manage sharing of memory, processor, storage, and communication resources among many virtual nodes. Sharing of object node resources among virtual nodes can also be managed in a similar fashion; and Column 27, Lines 45-47, hen virtualized execution platforms like hypervisors are employed, then applications can be initiated using virtual nodes) to instantiate virtual link aggregation tables for the container (Metzger, Column 27, Lines 51 – Column 28, line 37, a child node receives deployment instructions for applications or data. These instructions might include indications and policies on what resources are required for execution of the application, such as processing, storage, or communication resources along with applicable bandwidths, latencies, or other parameters) based on a network bandwidth policy of the container and link aggregation capabilities as set forth in the link aggregation table (Column 5, Line 55-Column 6, Line 18, requirements for applications deployed to child nodes or executed by child nodes can also be monitored (213). …Each child node includes a policy engine to perform monitoring of deployed applications… Parent node 110 might include policy engine 112 to perform similar functionality to that of the policy engines of each child node. The application requirements might include properties, status, or physical components preferred or required for execution of an application at a child node or execution of an application across more than one child node. The application requirements can include communication properties preferred or required for execution of the one or more applications or for transfer of data by the child node which can be related to the one or more applications. These various application requirements can comprise … a communication bandwidth requirement of the one or more applications; and Column 27, Lines 51-57, a child node receives deployment instructions for applications or data. These instructions might include indications and policies on what resources are required for execution of the application, such as processing, storage, or communication resources along with applicable bandwidths, latencies, or other parameters).
	Pulapaka and Metzger are analogous because they are each related efficiently managing distributed containers. Pulapaka teaches distributed management of virtualized containers (Abstract, Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment). Metzger teaches a method distributed management of virtualized containers used in communication systems. (Abstract, provide enhanced satellite communication nodes. In one example, a parent communication node is configured to establish a satellite edge network over at least a satellite communication pathway with a child communication node remotely located from a geographic location of the parent node. The child communication node is configured to communicate over at least the satellite communication pathway to establish a connection to the satellite edge network and route communications of a local communication interface to the satellite edge network; and Column 4, Lines 37-49, The parent node functionality might be encapsulated into one or more software objects accompanied by state information. The software objects might comprise one or more applications, virtualized applications, containers, virtual nodes, or other configurations. The state information can include information identifying child nodes, status of the various child nodes, satellite communication link status and identifiers, network addressing information for communication nodes, failure information related to why a previous parent node failed, object node locations and properties, resources at child nodes, and pool resource information, among other information). It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention that based on the combination, the teachings of Pulapaka would be modified with the policy sharing mechanism taught by Metzger in order to manage distributed containers Therefore, it would have been obvious to combine the teachings of Pulapaka and Metzger.

	The combination of Pulapaka-Metzger fails to specifically teach,  execute a second operating system service on the hypervisor to instantiate an operating system driver based on operating systems for network instances of link aggregation drivers.
	However, Rietschin teaches, execute a second operating system service on the hypervisor to instantiate an operating system driver based on operating systems for network instances of link aggregation drivers (Column 6, Lines 18-24, The exemplary hypervisor 211 can utilize data from a container operating system image, such as the exemplary container operating system image 212, or other like container data stored on the storage media 111 of the exemplary host computing environment 110, to start booting an operating system within the exemplary container; and Column 6, Lines 48-56, one aspect of the execution of the container firmware 221 within the container 150 can be the execution of drivers for the relevant devices that the container 150 may need to access during the boot process, such as graphics drivers, user input device drivers, such as keyboard drivers and mouse drivers, and, of relevance to the descriptions provided herein, network drivers that can enable the executing firmware 221 to access information from the host computing environment 110) and dynamic detection of network driver requirements determined by the first operating system service (Column 14, Lines 17-25,  the container boot manager can utilize the identified boot device, passed in as a parameter by the firmware at step 425, to find, open and read container boot configuration data. In the present example, at step 430, such container boot configuration data will be read through the container host connection. At step 435, as part of the reading of the container boot configuration data, the container boot configuration data can include a specification of a new boot device, namely the composite device detailed above; and Column 7, Lines 5-19,  the execution of the container boot manager 231 can include the execution of drivers, or other like computer-executable instructions, that can enable the container boot manager 231 to access relevant portions of the host operating system environment 110, including, for example, graphics drivers, input peripheral drivers, network drivers, and the like. Such drivers can be the same drivers as utilized by the container firmware 22… or the drivers can be different drivers, which can require the container boot manager 231 to clear the memory previously utilized by the container firmware 221, and load its own drivers into the memory of the container environment 150).
	The combination of Pulapaka-Metzger and Rietschin are analogous because they are each related efficiently managing distributed containers. Pulapaka teaches distributed management of virtualized containers. Metzger teaches a method distributed management of virtualized containers used in communication systems. Rietschin teaches a method distributed management of virtualized containers. (Column 13, Line 66-Column 14, Line 13, the firmware can utilize the boot device, namely the container host connection, to locate a container boot manager, such as from the host computing environment, and instantiate the container boot manager into the container instance created at step 410. The instantiation of the container boot manager, by the firmware, at step 425, can include the passing of parameters from the firmware to the container boot manager. For example, the parameters can be provided from the firmware to the container boot manager in the form of pointers to values, command line parameters provided as part of an execution instruction implemented by the container boot manager, or other like passing of parameters into a process being instantiated. Such parameters can include a specification of the boot device, which, in the present example, can still be the container host connection). It would have been obvious to one having ordinary skill in the art  before the effective filing date of the claimed invention that based on the combination, the teachings of the combination of Pulapaka-Metzger would be modified with the policy sharing mechanism taught by Rietschin in order to manage distributed containers. Therefore, it would have been obvious to combine the teachings of the combination of Pulapaka-Metzger and Rietschin.

As per claim 2, Rietschin teaches, wherein the instructions are further configured to, when read and executed by the processor subsystem, communicate a message from the first operating system service to the  second operating system service to instantiate the operating system driver (Column 7, Lines 5-19,  the execution of the container boot manager 231 can include the execution of drivers, or other like computer-executable instructions, that can enable the container boot manager 231 to access relevant portions of the host operating system environment 110, including, for example, graphics drivers, input peripheral drivers, network drivers, and the like. Such drivers can be the same drivers as utilized by the container firmware 22… or the drivers can be different drivers, which can require the container boot manager 231 to clear the memory previously utilized by the container firmware 221, and load its own drivers into the memory of the container environment 150).

As per claim 3, Pulapaka teaches, wherein the container comprises a virtual machine (Column 7, Lines 18-19, the virtualized container is run in a lightweight virtual machine).

As per claim 4, Pulapaka teaches, wherein the container comprises a software application container (Column 7, Lines 3-9, Each container 130(1), . . . , 130(n) can be implemented in different manners. One type of container that a container 130 can be implemented as is referred to as a process container. For a process container, the application processes within the container run as if they were operating on their own individual system (e.g., computing device), which is accomplished using namespace isolation).

As per claim 5, Pulapaka teaches, wherein the container comprises a hardware-rooted, secure container (Column 7, Lines 3-4, Each container 130(1), . . . , 130(n) can be implemented in different manners; and Column 7, Lines 16-31, Another type of container that a container 130 can be implemented as is referred to as a virtualized container. For a virtualized container, the virtualized container is run in a lightweight virtual machine that, rather than having specific host physical memory assigned to the virtual machine, has virtual address backed memory pages. Thus, the memory pages assigned to the virtual machine can be swapped out to a page file. The use of a lightweight virtual machine provides additional security and isolation between processes running in a container. Thus, whereas process containers use process isolation or silo-based process isolation to achieve their containment, virtualized containers use virtual machine based protection to achieve a higher level of isolation beyond what a normal process boundary can provide. A container may also be run in a virtual machine using physical memory).

As per claim 6, this is the  “method claim” corresponding to claim 1 and is rejected for the same reasons. The same motivation used in the rejection of claim 1 is applicable to the instant claim.
As per claim 7, this claim is similar to claim 2 and is rejected for the same reasons.
As per claim 8, this claim is similar to claim 3 and is rejected for the same reasons.
As per claim 9, this claim is similar to claim 4 and is rejected for the same reasons.
As per claim 10, this claim is similar to claim 5 and is rejected for the same reasons.
As per claim 11, this is the “article of manufacture claim” corresponding to claim 1 and is rejected for the same reasons. The same motivation used in the rejection of claim 1 is applicable to the instant claim.
As per claim 12, this claim is similar to claim 2 and is rejected for the same reasons.
As per claim 13, this claim is similar to claim 3 and is rejected for the same reasons.
As per claim 14, this claim is similar to claim 4 and is rejected for the same reasons.
As per claim 15, this claim is similar to claim 5 and is rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure and is as follows:
Kanso et al. (US 2020/0304599) {Discusses policy deployment in distributed systems}.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MELISSA A HEADLY whose telephone number is (571)272-1972. The examiner can normally be reached Monday- Friday 9-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LEWIS A BULLOCK  JR/Supervisory Patent Examiner, Art Unit 2199                                                                                                                                                                                                        
MELISSA A. HEADLY
Examiner
Art Unit 2199