DETAILED ACTION
Claims 1-20 are pending in this action.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 12-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Madhu et al. (US PGPUB No. 2016/0048408) [hereinafter “Madhu”] in view of Hsieh et al. (US Patent No. 7,389,313) [hereinafter “Hsieh”] in further view of Chafle et al. (US PGPUB No. 2017/0300370) [hereinafter “Chafle”].
As per claim 1, Madhu teaches method comprising: generating, using an agentless workload scanning configuration ([0067], taking agentless snapshots of cloud data including virtual machine nodes and resources, i.e. workloads), a snapshot of a workload deployed within a cloud environment ([0067], snapshot taking of cloud data); and performing, using the agentless workload scanning configuration, an analysis of the snapshot without offloading the snapshot from the cloud environment ([0067], analysis and verification of data performed by backup infrastructure residing in cloud).
Madhu does not explicitly teach wherein the scanning configuration is unprivileged. Hsieh teaches wherein the scanning configuration is unprivileged ([0050], allowing access to snapshot functionality without root/admin privileges).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu with the teachings of Hsieh, wherein the scanning configuration is unprivileged, to allow access to system data in specific instances to unprivileged processes to improve efficiency.
The combination of Madhu and Hsieh does not explicitly teach extracting workload information from the snapshot and comparing to the workload information from workload information from one or more previous snapshots without offloading the snapshot from the cloud environment. Chafle teaches extracting workload information from the snapshot ([0097], information and features extracted from each snapshot for comparison and to log changes) and comparing to the workload information from workload information from one or more previous snapshots without offloading the snapshot from the cloud environment ([0096], comparing snapshot to the nearest snapshot in time for changes to log).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu and Hsieh with the teachings of Chafle, extracting workload information from the snapshot and comparing to the workload information from workload information from one or more previous snapshots without offloading the snapshot from the cloud environment, to detect change activity in cloud resources, i.e. VMs, including malicious activity, which would increase security.
As per claim 2, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1, wherein the workload is associated with an entity and wherein the unprivileged agentless workload scanning configuration does not have access to underlying entity data in the cloud environment (Madhu; [0067], taking snapshots of virtual machine disks which is associated with an enterprise but does not provide access to other underlying enterprise data).
As per claim 3, the combination of Madhu, Hsieh and Chafle teaches the method of claim 2, wherein the generating the snapshot includes generating a snapshot of non-runtime workload data associated with the workload and not the underlying entity data (Madhu; [0067], snapshot scanning involves data about a workload, i.e. virtual machine) also (Madhu; [0009], monitoring is of specific attributes like disk storage availability and not underlying enterprise data).
As per claim 4, the combination of Madhu, Hsieh and Chafle teaches the method of claim 3, wherein the workload data comprises one or more of: a configuration of the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0147], configuration of VMs stored and used for recovery), a type of the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0049], tracking type of data scanned), a customer identification of the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0104], tracking filenames in data), an identity of a user accessing the workload (Examiner Note: this an optional feature but could overcome the current rejection if included as a required feature), a service associated with the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0011], monitoring service capabilities of nodes in enterprise), an action performed by the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0011], actions are included in service capabilities of nodes in enterprise), a response from the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0114], tracking alerts associated with enterprise nodes), a size of the workload (Madhu; [0049], tracking size of data), a time associated with the workload (Madhu; [0049], tracking modification time of data), one or more events associated with the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0049], modifications considered events), (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – [0049], last modification time considered history), security-related data associated with the workload (Examiner Note: this an optional feature but could overcome the current rejection if included as a required feature), or a keyword associated with the workload (Examiner Note: this an optional feature but to expedite prosecution a possible citation will be provided – Madhu; [0076], tracking names of jobs associated with VM snapshots).
As per claim 12, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1, wherein the performing the analysis is based on a workload assessment policy provided by the data platform (Madhu; Abstract, analyzing virtual machine and other resources, i.e. workloads based on recovery policy set by user).
As per claim 13, the combination of Madhu, Hsieh and Chafle teaches the method of claim 12, wherein the performing the operation comprises updating, by the data platform based on the analysis, the workload assessment policy (Madhu; [0110], user only set high level goals where policy specifics are constantly being calculated by the system, i.e. updated).
As per claim 14, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1, wherein the performing the analysis includes comparing the snapshot to a previous snapshot of the workload (Madhu; [0155]-[0156]; storing change points to a virtual machine, i.e. comparing to earlier versions).
As per claim 15, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1, wherein the performing the operation includes determining whether an anomaly is associated with the workload (Madhu; [0067], checksum and verification performed for snapshots).
As per claim 16, the combination of Madhu, Hsieh and Chafle teaches the method of claim 14, further comprising performing an anomaly-based operation when the workload includes an anomaly (Madhu; [0067], when there is failover with a virtual machine, recovery is performed).
As per claim 19, the substance of the claimed invention is identical or substantially similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.
As per claim 20, Madhu teaches a computer program product embodied in a non-transitory computable readable storage medium and comprising computer instructions capable of being executed to: generate, using an agentless workload scanning configuration ([0067], taking agentless snapshots of cloud data including virtual machine nodes and resources, i.e. workloads), a snapshot of a workload deployed within a cloud environment ([0067], snapshot taking of cloud data); perform, using the agentless workload scanning configuration, an analysis of the snapshot without offloading the snapshot from the cloud environment ([0067], analysis and verification of data performed by backup infrastructure residing in cloud); and perform, by a data platform based on the analysis, an operation with respect to the workload ([0067], deduplicating, check summing, loading new VMs – all related operations with respect to workloads, i.e. VM, resources, machines).
Madhu does not explicitly teach wherein the scanning configuration is unprivileged. Hsieh teaches wherein the scanning configuration is unprivileged ([0050], allowing access to snapshot functionality without root/admin privileges).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Herzberg with the teachings of Hsieh, wherein the scanning configuration is unprivileged, to allow access to system data in specific instances to unprivileged processes to improve efficiency.
The combination of Madhu and Hsieh does not explicitly teach extracting workload information from the snapshot and comparing to the workload information from workload information from one or more previous snapshots without offloading the snapshot from the cloud environment. Chafle teaches extracting workload information from the snapshot ([0097], information and features extracted from each snapshot for comparison and to log changes) and comparing to the workload information from workload information from one or more previous snapshots without offloading the snapshot from the cloud environment ([0096], comparing snapshot to the nearest snapshot in time for changes to log).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu and Hsieh with the teachings of Chafle, extracting workload information from the snapshot and comparing to the workload information from workload information from one or more previous snapshots without offloading the snapshot from the cloud environment, to detect change activity in cloud resources, i.e. VMs, including malicious activity, which would increase security.
Claims 5 is rejected under 35 U.S.C. 103 as being unpatentable over Madhu, Hsieh and Chafle in further view of Mandagere et al. (US PGPUB No. 2021/0117549) [hereinafter “Mandagere”].
As per claim 5, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1.
The combination of Madhu, Hsieh and Chafle does not explicitly teach wherein the generating the snapshot includes generating a snapshot of a portion of the workload that is less than an entirety of the workload. Mandagere teaches wherein the generating the snapshot includes generating a snapshot of a portion of the workload that is less than an entirety of the workload ([0034], generating a backup snapshot of incremental data of a workload).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Mandagere, wherein the generating the snapshot includes generating a snapshot of a portion of the workload that is less than an entirety of the workload, to allow for only relevant delta steps of a workload be processed or grouped together.
Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over Madhu, Hsieh and Chafle in further view of Sheriff et al. (US PGPUB No. 2022/0129540) [hereinafter “Sheriff”].
As per claim 6, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1 as well as unprivileged agentless workload scanning configuration. See above rejection.
The combination of Madhu, Hsieh and Chafle does not explicitly teach cloud functions implemented as a serverless function or a daemon. Sheriff teaches cloud functions implemented as a serverless function or a daemon (Abstract, implementing serverless functions across cloud system).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Sheriff, cloud functions implemented as a serverless function or a daemon, to allow for quicker and more efficient deployment of necessary functionality across the cloud.
Claims 7, 8 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Madhu, Hsieh and Chafle in further view of Bezbaruah et al. (US Patent No. 8,707,299) [hereinafter “Bezbaruah”].
As per claim 7, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1.
The combination of Madhu, Hsieh and Chafle does not explicitly teach wherein: the workload is deployed on a first compute node within the cloud environment; and the generating the snapshot includes mounting the snapshot on a second compute node within the cloud environment. Bezbaruah teaches wherein: the workload is deployed on a first compute node within the cloud environment (Abstract, taking snapshot of virtual machine deployed as a virtual desktop); and the generating the snapshot includes mounting the snapshot on a second compute node within the cloud environment (Col. 5, lines 26-32, mounting snapshot to perform forensic or non-forensic analysis).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Bezbaruah, wherein: the workload is deployed on a first compute node within the cloud environment; and the generating the snapshot includes mounting the snapshot on a second compute node within the cloud environment, to allow for only relevant delta steps of a workload be processed or grouped together.
As per claim 8, the combination of Madhu, Hsieh, Chafle and Bezbaruah teaches the method of claim 7, wherein the analysis of the snapshot is performed on the second compute node (Bezbaruah; Col. 5, lines 26-32, mounting snapshot and performing analysis).
As per claim 11, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1.
The combination of Madhu, Hsieh and Chafle does not explicitly teach wherein the analysis is performed on a portion of the snapshot that is less than an entirety of the snapshot. Bezabarnuah teaches wherein the analysis is performed on a portion of the snapshot that is less than an entirety of the snapshot (Col. 4, lines 63-67, extracting portions of the snapshot for review).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Bezbaruah, wherein the analysis is performed on a portion of the snapshot that is less than an entirety of the snapshot, to allow for only relevant delta steps of a workload be processed or grouped together.
Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Madhu, Hsieh and Chafle in further view of Li et al. (US PGPUB No. 2016/0357443) [hereinafter “Li”].
As per claim 9, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1 as well as streaming blocks of the snapshot (Madhu; [0161], streaming chunks of data from an incremental snapshot).
The combination of Madhu, Hsieh and Chafle does not explicitly teach requesting a copy-on-write snapshot for the workload. Li teaches requesting a copy-on-write snapshot for the workload ([0052], copy-on-write performed after a write command for a snapshot).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Li, requesting a copy-on-write snapshot for the workload, to allow for easy reversion back to previous states.
As per claim 10, the combination of Madhu, Hsieh, Chafle and Li teaches the method of claim 9, wherein the performing the analysis of the snapshot comprises analyzing the blocks as the blocks are streamed (Madhu; [0161]-[0162], analyzing and processing streamed data from a snapshot including metadata).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Madhu, Hsieh and Chafle in further view of Woolward et al. (US PGPUB No. 2020/0382557) [hereinafter “Woolward”].
As per claim 17, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1.
The combination of Madhu, Hsieh and Chafle does not explicitly wherein the performing the operation includes constructing, based on the analysis, a graph comprising a plurality of nodes connected by a plurality of edges, wherein each node of the plurality of nodes represents a logical entity from the workload and each edge of the plurality of edges represents a behavioral relationship between nodes connected by the edge. Woolward teaches wherein the performing the operation includes constructing, based on the analysis, a graph comprising a plurality of nodes connected by a plurality of edges, wherein each node of the plurality of nodes represents a logical entity from the workload ([0030], nodes representing entities including workloads) and each edge of the plurality of edges represents a behavioral relationship between nodes connected by the edge ([0030], edges representing relationships between the nodes).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Woolward, wherein the performing the operation includes constructing, based on the analysis, a graph comprising a plurality of nodes connected by a plurality of edges, wherein each node of the plurality of nodes represents a logical entity from the workload and each edge of the plurality of edges represents a behavioral relationship between nodes connected by the edge, to most efficiently track relationships across the cloud environment.
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Madhu, Hsieh and Chafle in further view of Balter et al. (US PGPUB No. 2017/0353543) [hereinafter “Balter”].
As per claim 18, the combination of Madhu, Hsieh and Chafle teaches the method of claim 1, wherein the performing the operation includes performing an operation with respect to an agent deployed within the cloud environment (Madhu; [0071], also using agents to collect metadata).
The combination of Madhu, Hsieh and Chafle does not explicitly teach an agent configured to collect runtime workload data associated with the workload. Baltar teaches an agent configured to collect runtime workload data associated with the workload ([0035], while running on a host, an agent scans workload data for analysis).
At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Madhu, Hsieh and Chafle with the teachings of Baltar, an agent configured to collect runtime workload data associated with the workload, to obtain a complete picture of workload activity for a more accurate analysis.
Response to Arguments
Applicant's arguments with respect to the rejection of claims 1-20 under 35 U.S.C. 103 have been fully considered. In light of the new amendments, a new prior art reference, Chafle, has been introduced to teach the new features.
To expedite prosecution, Examiner is open to conducting an after-final interview to discuss the current rejection and also to discuss the novelty of the invention and how to fully articulate it in the claim language.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Baltar et al. (US PGPUB No. 2017/03535343), Woolward et al. (US PGPUB No. 2020/0382557), Wigmore (US Patent No. 10,289,320), Bhattacharyya et al. ("Online Phase Detection and Characterization of Cloud Applications," 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Hong Kong, China, 2017, pp. 98-105, doi: 10.1109/CloudCom.2017.21) and Li et al. ("ConSnap: Taking continuous snapshots for running state protection of virtual machines," 2014 20th IEEE International Conference on Parallel and Distributed Systems (ICPADS), Hsinchu, Taiwan, 2014, pp. 677-684, doi: 10.1109/PADSW.2014.7097869) all disclose various aspects of the claimed invention including taking snapshots using agentless scanning.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179. The examiner can normally be reached Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/PETER C SHAW/Primary Examiner, Art Unit 2493 February 6, 2026