CONFIGURATION OF LOAD BALANCER FOR CONNECTION SERVERS BETWEEN NETWORK MANAGEMENT SYSTEM AND MANAGED DATACENTERS

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claim(s) 1-24 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 1, 9-12, 14, 15, 20-22, and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foxhoven (US 2016/0261564) and further in view of Jain (US 9,531,590) and further in view of Dar (US 2020/0036811). Regarding claim 1, Foxhoven teaches: A method for initiating a connection between a network management system in a public cloud and a datacenter managed by the network management system (¶ 46, “The topology controller 450 connects to the on-premises redirection proxy 430 through a secure connection 472 and to the cloud system 100 through a secure connection 480”): at a controller executing in the public cloud (¶ 46, “The topology controller 450, as part of the non-volatile data for each enterprise, stores the network topology of a private network of the enterprise 404 including, but not limited to, internal domain name(s), subnet(s) and other routing information”): receiving a registration message from a particular datacenter to be managed by the network management system (¶ 46, “When the on-premises redirection proxy 430 starts, it establishes a persistent, long-lived connection 472 to the topology controller 450”); Foxhoven does not teach; however, Jain discloses: identifying one of a plurality of connection servers in the public cloud for handling a persistent connection initiated by the datacenter (col. 1:66-67 and col. 2:1-3, “the PSN has a connection data store that maintains the identity of the service node that it previously identified for each data message flow, in order to ensure that data messages that are part of the same flow are directed to the same service node (i.e., to the PSN or the same SSN)”); and configuring a load balancer in the public cloud to statically select the identified connection server for data messages that include a datacenter identifier associated with the particular datacenter (col. 2:4-7, “the PSN configures a set of one or more front-end load balancers (FLBs) that receives the data messages before the PSN, so that the FLB set can direct the data messages to the PSN or the SSN”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of identifying one of a plurality of connection servers in the public cloud for handling a persistent connection initiated by the datacenter; and configuring a load balancer in the public cloud to statically select the identified connection server for data messages that include a datacenter identifier associated with the particular datacenter, as taught by Jain, in the same way to the controller executing in the public cloud, as taught by Foxhoven. Both inventions are in the field of managing a network of a plurality of datacenters, and combining them would have predictably resulted in a method to “spread the traffic load to a number of available computing resources that can handle a particular type of traffic,” as indicated by Jain (col. 1:7-8). Foxhoven and Jain do not teach; however, Dar discloses: a persistent connection (¶ 23, “The bidirectional communication connections are, for example, persistent connections (e.g., HTTP persistent connection or HTTP keep-alive) that do not close after each request-response pair is completed”) initiated by the particular datacenter (¶ 24, “the bidirectional communication connections support the transmitting of data streams from client computing environment 210 to cloud-services computing environment 220”) and through which the network management system can push requests to the particular datacenter (¶ 48, “Client gateway 408 and cloud gateway 410 are further configured to route and execute commands that are pushed from service components 416A-N and directed to client components 404A-N (via resources manager 412, cloud gateway 410, and the secure communication connections)”), and establishing a static mapping of the particular datacenter to the identified connection server (¶ 53, “The connection information maps identification information (e.g., agent ID) of client gateway 408 to routing information (e.g., IP/port address) of the first gateway node at which the unidirectional communication connection 420 is established”); and a load balancer to forward data messages to the identified connection server based on the established static mapping of the particular datacenter to the identified connection server (¶ 67, “In some embodiments, based on a determination by the load balancer, the unidirectional communication connection is established between a first gateway node of the plurality of gateway nodes and the client gateway”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of a persistent connection initiated by the particular datacenter and through which the network management system can push requests to the particular datacenter, and establishing a static mapping of the particular datacenter to the identified connection server; and a load balancer to forward data messages to the identified connection server based on the established static mapping of the particular datacenter to the identified connection server, as taught by Dar, in the same way to the method, as taught by Foxhoven and Jain. Both inventions are in the field of hybrid cloud network management, and combining them would have predictably resulted in “enabling command request messages initiated by service components of the cloud-services computing environment to be delivered to the client computing environment in a fast, reliable, and secure manner,” as indicated by Dar (¶ 14). Regarding claim 9, Foxhoven discloses: The method of claim 1, wherein: the registration message is received from a connection agent operating at the datacenter (¶ 27, “The redirection proxy inside the enterprise (on premises) “dials out” and connects to the cloud as if too were an end-point”); and the connection agent is configured to initiate a connection to a network address associated with the connection servers (¶ 27, “connects to the cloud system 100 as if too were an end-point via secure connections 440, 442”). Regarding claim 10, Foxhoven discloses: The method of claim 9, wherein the connection agent initiates the connection using the datacenter identifier (¶ 50, “With the identity of the user and the enterprise they belong to, the VPN server will contact the topology controller 450 and pre-fetch the enterprise private topology”). Regarding claim 11, Jain discloses: The method of claim 10, wherein the load balancer selects the identified connection server for the connection agent when the connection agent initiates the connection after the load balancer is configured (col. 2:4-7, “the PSN configures a set of one or more front-end load balancers (FLBs) that receives the data messages before the PSN, so that the FLB set can direct the data messages to the PSN or the SSN”). Regarding claim 12, Jain discloses: The method of claim 1, wherein configuring the load balancer comprises: writing a mapping of the datacenter identifier to the identified connection server to a schema (col. 2:35-37, “the PSN provides to the FLB set a hash table that defines multiple hash value ranges and a service node for each hash value range”); and based on the mapping in the schema, configuring the load balancer (col. 2:43-48, “To make its flow distribution stateful, the load balancer in some embodiments stores the identity of the identified service node for the data message flow in a flow connection-state storage, which the load balancer can subsequently access to select the identified service node for subsequent data messages of the flow”). Regarding claim 14, Foxhoven discloses: The method of claim 1, wherein the data messages including the datacenter identifier comprise (i) requests from services of the network management system directed to a local network manager at the particular datacenter (¶ 50, “the redirection proxy 430 establishes the outbound tunnel, and requests are forward between the client 410 and the enterprise 404 securely (step 560)”), (ii) responses from the local network manager (¶ 46, “When the on-premises redirection proxy 430 starts, it establishes a persistent, long-lived connection 472 to the topology controller 450”), and (iii) data streamed by the local network manager to the network management system (¶ 50, “The redirection proxy 430 establishes an on-demand tunnel to the specific VPN server so that it can receive packets meant for its internal network”). Claims 15, 20-22, and 24 recite commensurate subject matter as claims 1, 9-12, and 14. Therefore, they are rejected for the same reasons. Claim(s) 2, 3, 5, 6, and 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foxhoven, Jain, and Dar, as applied above, and further in view of Mayya (US 2016/0315912). Regarding claim 2, Foxhoven, Jain, and Dar do not teach; however, Mayya discloses: the registration message is part of an onboarding process for the particular datacenter (¶ 42, “In the initial negotiation, edge devices 208 A-B can send an MP_INIT message e.g. an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device) which contains all the information needed to identify the edge device and serve as a secure and unsecure gateway for edge device traffic” and ¶ 50, “A special edge device called a Datacenter Edge (DCE) can be deployed as customer premise equipment”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of the registration message is part of an onboarding process for the particular datacenter, as taught by Mayya, in the same way to the registration message, as taught by Foxhoven, Jain, and Dar. Both inventions are in the field of establishing connections in cloud networks, and combining them would have predictably resulted in “establishing a virtual private network in a cloud service for branch networking,” as indicated by Mayya (¶ 2). Regarding claim 3, Mayya discloses: The method of claim 2, wherein the particular datacenter joins a group of datacenters managed by a same set of service instances of the network management system for a particular tenant (¶ 43, “If edge devices 208 A-B are not the first from an enterprise to connect, the enterprise logical identifier can be used to index into the existing VRF and edge devices 208 A-B's subnets can be added to the existing table”), wherein a logical network spans the group of datacenters (¶ 42, “This can include a logical identifier for the enterprise which is used for virtual routing and/or forwarding. The logical identifier can also be used for subnets that are routable behind edge devices 208 A-B”). Regarding claim 5, Foxhoven, Jain, and Dar do not teach; however, Mayya discloses: the identified connection server handles connections for a plurality of datacenters for a plurality of different tenants (¶ 50, “A special edge device called a Datacenter Edge (DCE) can be deployed as customer premise equipment” and ¶ 21, “Customer-premises equipment (CPE) can be any terminal and associated equipment located at a subscriber's premises and connected with a carrier's telecommunication channel at the demarcation point”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of the identified connection server handles connections for a plurality of datacenters for a plurality of different tenants, as taught by Mayya, in the same way to the identified connection server, as taught by Foxhoven, Jain, and Dar. Both inventions are in the field of establishing connections in cloud networks, and combining them would have predictably resulted in “establishing a virtual private network in a cloud service for branch networking,” as indicated by Mayya (¶ 2). Regarding claim 6, Foxhoven, Jain, and Dar do not teach; however, Mayya discloses: determining which of the plurality of connection servers has a highest current available connection load (¶ 50, “A special edge device called a Datacenter Edge (DCE) can be deployed as customer premise equipment” and ¶ 21, “Customer-premises equipment (CPE) can be any terminal and associated equipment located at a subscriber's premises and connected with a carrier's telecommunication channel at the demarcation point”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of the identified connection server handles connections for a plurality of datacenters for a plurality of different tenants, as taught by Mayya, in the same way to the identifying the connection server from the plurality of connection servers, as taught by Foxhoven, Jain, and Dar. Both inventions are in the field of establishing connections in cloud networks, and combining them would have predictably resulted in “establishing a virtual private network in a cloud service for branch networking,” as indicated by Mayya (¶ 2). Claims 16-18 recite commensurate subject matter as claims 3, 5, and 6. Therefore, they are rejected for the same reasons. Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foxhoven, Jain, and Dar, as applied above, and further in view of Gupta (US 2018/0041515). Regarding claim 4, Foxhoven, Jain, and Dar do not teach; however, Gupta discloses: the registration message is an API request (¶ 25, “IDCS manages access to custom applications and services running on the public cloud, and on-premise systems” and ¶ 37, “IDCS services may be obtained by calling IDCS APIs 142”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of the registration message is part of an onboarding process for the particular datacenter, as taught by Gupta, in the same way to the registration message, as taught by Foxhoven, Jain, and Dar. Both inventions are in the field of establishing connections in cloud networks, and combining them would have predictably resulted in “identity management in a cloud system,” as indicated by Gupta (¶ 2). Claim(s) 7, 8, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foxhoven, Jain, Dar, and Mayya, as applied above, and further in view of Kommula (US 8,024,441). Regarding claim 7, Foxhoven, Jain, Dar, and Mayya do not teach; however, Kommula discloses: the controller stores metadata for each of the connection servers (col. 4:17-23, “Site-specific metric collector 406 communicates with metric agents in site-specific switches (e.g., FIG. 3 shows site-specific metric collector 406 communicating with site-specific metric agent 407 of a site server load balancing ServerIron or "SLB SI") to collect site-specific metrics (e.g., number of available sessions on a specific host server and/or connection-load data at that host server)”) that specifies, for each connection server, (i) a maximum number of connections that the connection server can handle (col. 5:48-49, “Each site switch may have a different maximum number of TCP sessions it can serve”) and (ii) a number of current connections handled by the connection server (col. 5:52-56, “The virtual IP address configured at site switch 18B may be disqualified from being the "best" IP address if the number of sessions for switch 18B exceed a predetermined threshold percentage (e.g., 90%) of the maximum number of sessions”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of the controller stores metadata for each of the connection servers that specifies, for each connection server, (i) a maximum number of connections that the connection server can handle and (ii) a number of current connections handled by the connection server, as taught by Kommula, in the same way to the controller, as taught by Foxhoven, Jain, Dar, and Mayya. Both inventions are in the field of establishing connections in cloud networks, and combining them would have predictably resulted in “an improved method and system for serving IP addresses to a client, based on a selected set of performance metrics,” as indicated by Kommula (col. 2:11-13). Regarding claim 8, Kommula discloses: The method of claim 7, wherein for each connection server, the maximum number of connections is based on an amount of resources assigned to the connection server (col. 6:55-62, “The minimum value is 1, and a parser or other software component in the site switch 18A, for instance, limits the maximum value--there need not be a default value. By default, this connection-load metric is turned off and can be turned on when the load limit is specified. The average load for a given site is calculated using the user-defined weights and intervals, which will be explained later below”). Claim 19 recites commensurate subject matter as claim 7. Therefore, it is rejected for the same reasons. Claim(s) 13 and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Foxhoven, Jain, and Dar, as applied above, and further in view of Day (US 2011/0231515). Regarding claim 13, Foxhoven, Jain, and Dar do not teach; however, Day discloses: detecting that the identified connection server has become unavailable (¶ 63, “Any cache server that is trying to forward a dynamic content request to an origin server detects the failure condition of the origin server at step 1002”); and identifying another one of the plurality of connection servers to handle the persistent connection (¶ 63, “The cache server selects a new origin server that is healthy and least loaded at step 1004. When the cache server is responsible for managing persistence, it determines which type of persistence applies”); and re-configuring the load balancer forward the data messages that include the datacenter identifier associated with the particular datacenter to the identified another one or the plurality of connection servers (¶ 63, “For persistence managed though a table, the cache server replaces the existing origin server address with a new origin server address in the appropriate entry of the table” and ¶ 57, “a subsequent request from the same client is routed to another cache server, it needs to access the binding table of the first cache server or it selects a new origin server based upon current load balancing factors”). It would have been obvious to a person having ordinary skill in the art, at the effective filing date of the invention, to have applied the known technique of detecting that a particular one of the connection servers has become unavailable; and for each persistent connection between a respective datacenter and the network management system handled by the particular connection server: identifying a respective connection server to handle the connection; and configuring the load balancer to statically select the respective connection server for data messages that include a respective datacenter identifier associated with the respective datacenter, as taught by Day, in the same way to the connection servers, as taught by Foxhoven, Jain, and Dar. Both inventions are in the field of establishing connections in cloud networks, and combining them would have predictably resulted in “establishment and management of persistent connections by a server in a content delivery network,” as indicated by Day (¶ 2). Claim 23 recites commensurate subject matter as claim 13. Therefore, it is rejected for the same reasons. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB D DASCOMB whose telephone number is (571)272-9993. The examiner can normally be reached M-F 9:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached at (571) 272-4215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JACOB D DASCOMB/Primary Examiner, Art Unit 2198