DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-21 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
	

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-6, 10, 12-13 and 16-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jain et al., US 20160294728 A1 (hereafter referred to as Jain) in view of Chanda et al., US 20170093617 A1 (hereafter referred to as Chanda).
For claim 1, Jain taught for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters, a method comprising: 
receiving a definition of an application to be deployed in the virtual infrastructure (p. 26, “… dynamic service placement is performed by an orchestration engine of a network manager that is responsible for managing and configuring the resources of the network.” And p. 87, “This physical network 990 may span one or more data centers and include various physical switches and routers.”), the application definition specifying (i) a set of tiers of the application (p. 59, “In order to provision an application 600 in a datacenter, the orchestration engine of the data center receives an application profile 610 that specifies three different layers or tiers (Tier 0, Tier 1, and Tier 2).”) and (ii) a set of requirements for deploying the application (p. 30, “… an application is a multi-tier application that has a web layer, an application layer, and a database layer. Each layer has its own requirement for network services. The service template 122 of the application in turn describes the service requirements for each of the different layers/components.”); 
based at least on the set of application tiers specified by the application definition, automatically defining a set of logical forwarding elements (p. 35, “… a generic service specification in the service template 122 may refer to one of the service catalogues so the orchestration engine would know to use network resources made available by the particular service catalogue. “) for connecting data compute nodes (DCNs) that implement the application tiers in the set of datacenters (p. 76, “… the virtualization software of each host machine 801-804 is running a distributed virtual switch (DVS) and a virtual distributed router (VDR). In some embodiment, these are also referred to as managed forwarding elements (MFEs) as they are software defined and managed for performing L2 and L3 packet forwarding operations.” And p. 76, “… these managed forwarding elements serve as service resources that can be selected to implement the required network services (generically specified or otherwise).” Also p. 79, “… the physical routers, VDR instances, and the DVS instances are some of the service resources of the datacenter.” “… these service resources are known to the network manager (or orchestration) for placement mapping the requested services. In some embodiments, some of these service resources are referred to by a particular service catalogue as corresponding to a particular level of service.”); and 
configuring a set of forwarding elements in the set of datacenters to implement the defined set of logical forwarding elements (p. 8, “… the orchestration engine uses a selected service catalogue to look up the most suitable placement mapping for a given generic service. In some embodiments, the service catalogue limits the placement mapping to only those allowed by the catalogue.” And p. 73, “… Section I above generically refers to datacenter resources that perform computation for applications as “computing resources” or “compute nodes” and resources that perform services for application components as “service resources” or “service nodes”. In some embodiments, these network resources are implemented by computing devices (i.e., host machines) that operate virtualization software …”).  

Jain does not specifically teach configuring a set of forwarding elements in the set of datacenters to implement the set of forwarding elements. However, in the same field of endeavor, Chanda teaches configuring a set of forwarding elements in the set of datacenters to implement the set of forwarding elements (see Chanda ¶0023 and ¶0027; “The network control system 115 of some embodiments configures and manages virtual tunnel end points (VTEPs) for both software forwarding elements and hardware forwarding elements to implement one or more logical networks (e.g., for one or more tenants of a hosting system (e.g., a datacenter or multiple datacenters)).”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jain to substitute configuring forwarding elements for the defined forwarding elements to deploy an application in the data center consistent with the application profile. The motivation would have been to integrate control instructions for deploying the application.
For claim 2, Jain/Chanda teaches the method of claim 1, wherein automatically defining the set of forwarding elements comprises defining, for each respective tier of the application, a respective logical switch to which DCNs implementing the respective tier of the application couple (see Chanda ¶0038), “In some embodiments, the network control system 200 receives the definition of a set of logical forwarding elements of the logical network from a user (e.g., a network administrator, a tenant of a datacenter, etc.) and modifies forwarding behaviors of the physical forwarding elements according to the forwarding logic of the set of logical forwarding elements.”).
For claim 3, Jain/Chanda teaches the method of claim 2, wherein automatically defining the set of forwarding elements further comprises defining a logical router that connects the logical switches (see Chanda ¶0038-0039, “The logical network 200 includes three logical forwarding elements (a logical router 225 and two logical switches 220 and 230) that describe the desired forwarding behaviors for the end machines VM1, VM2, and PM1-PM5 in the logical network.”).
For claim 4, Jain/Chanda teaches the method of claim 3, wherein the logical router is a tier-1 logical router that connects to a tier-O logical router in order to provide connectivity to external networks for the DCNs implementing the application tiers (Chanda ¶0038, ¶0041; “The logical network 200 includes three logical forwarding elements (a logical router 225 and two logical switches 220 and 230) that describe the desired forwarding behaviors for the end machines VM1, VM2, and PM1-PM5 in the logical network.”).
For claim 5, Jain/Chanda teaches the method of claim 4, wherein configuring the set of forwarding elements comprises selecting one or more forwarding elements to implement a gateway for the tier-1 logical router (Chanda ¶0038, ¶0041; “The connections of the end machines to the logical switches as well as the connections of the logical switches to the logical router are defined using logical ports, which are mapped to the physical ports of the MSFE 225 and MHFE 230, as well as to the physical ports of HFE1 and HFE2, which are connected to hardware VTEP gateway 235.”).
For claim 6, Jain/Chanda teaches the method of claim 5, wherein: the application is defined for deployment within a particular virtual cloud of the virtual infrastructure; the selected forwarding elements belong to clusters of edge nodes associated with the particular virtual cloud; and the tier-0 logical router is associated with the particular virtual cloud (Chanda ¶0038, ¶0042; “For example, although end machines VM1, PM1, PM3, and PM4 are connected to a single logical switch 220 in the logical network 200, they are all physically connected to different forwarding elements (i.e., MSFE 225, MHFE 230, HFE1, and HFE2) in the physical network 205. The MSFE 225, MHFE 230, and the hardware VTEP gateway could reside in different machines, different subnets, or even different datacenters in different parts of the world.”).
For claim 10, Jain/Chanda teaches all the limitations of claim 1.  Jain/Chanda teaches wherein the set of tiers of the application comprises a web tier, an application tier, and a database tier .
For claim 12, Jain/Chanda teaches the method of claim 1, as cited above. Jain/Chanda does not specifically teach wherein the application definition further specifies a set of services available in the virtual infrastructure to be used by the application. However, in the same field of endeavor, Altman teaches wherein the application definition further specifies a set of services available in the virtual infrastructure to be used by the application (see Altman ¶0022 “In some embodiments, SLA profiles may be associated with a host server and one or more applications hosted on the server ca eh server can inherit the SLA values defined in one of the profiles associated with the host server.” and ¶0026 application defined by specific SLA policies).
For claim 13, Jain/Chanda teaches the method of claim 1, further comprising identifying an application policy based on the application definition from a set of application policies defined for the virtual infrastructure, the application policy specifying how to translate the set of tiers and the set of requirements for deploying the application into the set of forwarding elements (p. 8, “… the orchestration engine uses a selected service catalogue to look up the most suitable placement mapping for a given generic service. In some embodiments, the service catalogue limits the placement mapping to only those allowed by the catalogue.” And p. 31, “The network manager 110 in turn translates these generic services in the service template 122 into the configurations 140 for configuring the resources in the network 100. The generated configurations 140 are specific to the actual physical computing or service resources in the network 100.”).
With respect to independent claim 16, Jain teaches a non-transitory machine-readable medium storing a network manager program which when executed by at least one processing unit manages a virtual infrastructure deployed across a set of datacenters (¶42, “The MSFE 225, MHFE 230, and the hardware VTEP gateway could reside in different machines, different subnets, or even different datacenters in different parts of the world.”).  For claim 16 Jain/Chanda teaches a non-transitory machine-readable medium similar to claim 1 and is rejected on the same rationale as claim 1.
For claim 17, Jain/Chanda teaches the non-transitory machine-readable medium of claim 16, wherein the set of instructions for automatically defining the logical network architecture comprises sets of instructions for: defining, for each respective tier of the application, a respective logical switch to which DCNs implementing the respective tier of the application couple; defining a tier-1 logical router that connects the logical switches; and connecting the tier-1 logical router to a tier-0 logical router in order to provide connectivity to external networks for the DCNs implementing the application tiers (Chanda ¶0038, ¶0041; “In some embodiments, the network control system 200 receives the definition of a set of logical forwarding elements of the logical network from a user (e.g., a network administrator, a tenant of a datacenter, etc.) and modifies forwarding behaviors of the physical forwarding elements according to the forwarding logic of the set of logical forwarding elements.”). 
For claim 18, Jain/Chanda teaches the non-transitory machine-readable medium of claim 17, wherein: the set of instructions for configuring the set of forwarding elements comprises a set of instructions for selecting one or more forwarding elements to implement a gateway for the tier-1 logical router. the application is defined for deployment within a particular virtual cloud of the virtual infrastructure; the selected forwarding elements belong to clusters of edge nodes associated with the particular virtual cloud; and the tier-0 logical router is associated with the particular virtual cloud (Chanda ¶0038, ¶0041).
For claim 19, see the rejection of claim 7.
For claim 20, see the rejection of claim 9.
For claim 21, see the rejection of claim 13. 

Claim(s) 7-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jain and Chanda as applied to claim 1 above, and further in view of Altman et al., US 20180062944 A1 (hereafter referred to as Altman).
For claim 7, Jain/Chanda teaches the method of claim 1, wherein automatically defining the set of forwarding elements comprises defining a single logical switch.  Jain/Chanda does not specifically teach a logical router to which DCNs implementing each of the application tiers connect. However, in the same field of endeavor, Altman teaches  a single logical switch to which DCNs implementing each of the application tiers connect (see Altman fig.3 and ¶0024 “As shown in FIG. 3, the deployment 10 includes a server 12 disposed in a cloud data center 14 and connected to an Internet or WAN 16 via a router or switch 17”.  ¶0026; “In operation, API traffic comes into the router/switch 17 and is routed toward the server 12.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jain/Chanda to substitute a single logical router connected to DCNs for the single logical router from Jain/Chanda to … 
For claim 8, Jain/Chanda/Altman teaches the method of claim 7, wherein automatically defining the set of forwarding elements further comprises defining a tier-1 logical router through which the logical switch is connected to a tier-O logical router that provides connectivity to external networks for the DCN implementing the application tiers (Chanda ¶0038, ¶0041). 
For claim 9, Jain/Chanda/Altman teaches the method of claim 7, wherein the network management and control system differentiates the DCNs implementing different tiers of the application by applying different tags to the DCNs (see Altman fig.4 and ¶0027-0028 SLA tags different applications based on profiles to different tiers; “Alternately, the rate limiter 50 may obtain the SLA profiles by querying the applications for their SLA profile or from the cloud orchestration system that provisions the applications and their SLAs.”).

Claims 11, 14 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jain/Chanda and further in view of Martin (US Pub 20070219653).
For claim 11, Jain/Chanda teaches all the limitations of claim 1.  Chanda/Altman is silent to explicitly teach the method of claim 1 further comprising assigning the DCNs that implement the application tiers to security zones defined for the virtual infrastructure, the security zones defining connectivity policies for the DCNs.
	Martin teaches assigning the DCNs that implement the application tiers to security zones defined for the virtual infrastructure, the security zones defining connectivity policies for the DCNs (see Martin ¶0026 the firewall designates different security zones). Therefore, it would have been obvious at the time of filing to a person having ordinary skill in the art to which the subject matter pertains to modify Jain/Chanda with the firewall implementing web tier security zones for different levels of application protection in a computing environment.
For claim 14, Jain/Chanda teaches all the limitations of claim 1.  Jain/Chanda is silent to explicitly teach the method of claim 1 further comprising assigning the DCNs implementing the application tiers to different security groups (see Martin ¶0026 different security zones), wherein the security groups are used for applying firewall rules to the DCNs (see Martin ¶0026 different firewalls).
Martin teaches assigning the DCNs that implement the application tiers to security zones defined for the virtual infrastructure, the security zones defining connectivity policies for the DCNs (see Martin ¶0026 the firewall designates different security zones). Therefore, it would have been obvious at the time of filing to a person having ordinary skill in the art to which the subject matter pertains to modify Jain/Chanda with the firewall implementing web tier security zones for different levels of application protection in a computing environment.
For claim 15, Jain/Chanda/Martin teaches the method of claim 14, wherein the DCNs implementing a first tier of the application are assigned to a first security group and the DCNs implementing a second tier of the application are assigned to a second security group (see Martin ¶0026).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please see the attached PTO-892 for other pertinent prior art reference made of record.
Maes et al., US 20170302531 A1, teaches a blueprint that provides an application specification and network resources allocated from a network topology.
Wang et al., US 20180373961 A1, teaches exporting identified components and associated properties and relationships from graphical topology of a software defined network of multi-tier logical routers.
Bishop et al., 20150312274, teaches ensuring an application conforms with security and regulatory controls prior to deployment.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PATRICE L WINDER whose telephone number is (571)272-3935. The examiner can normally be reached M-F 10am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Patrice L Winder/Primary Examiner, Art Unit 2452