Nicira, Inc.Download PDFPatent Trials and Appeals BoardMar 31, 20212019007021 (P.T.A.B. Mar. 31, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/387,242 12/21/2016 Kaushal Bansal N296.C1 4358 109858 7590 03/31/2021 ADELI LLP P.O. Box 516 Pacific Palisades, CA 90272 EXAMINER TRAN, ELLEN C ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 03/31/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com mail@adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte KAUSHAL BANSAL and UDAY MASUREKAR Appeal 2019-007021 Application 15/387,242 Technology Center 2400 Before JEAN R. HOMERE, ERIC B. CHEN, and MICHAEL J. ENGLE, Administrative Patent Judges. HOMERE, Administrative Patent Judge. DECISION ON APPEAL I. STATEMENT OF THE CASE1 Pursuant to 35 U.S.C. § 134(a), Appellant appeals from the Examiner’s rejection of claims 21–32, 34–38, and 41–45, all of the claims pending.2 Appeal Br. 1. Claims 33, 39, and 40 are canceled. See generally Appeal Br., Claims App. We have jurisdiction under 35 U.S.C. § 6(b). 1 We refer to the Specification filed Dec. 21, 2016 (“Spec.”); the Final Office Action, mailed Dec. 14, 2018 (“Final Act.”); the Appeal Brief, filed June 10, 2019 (“Appeal Br.”); the Examiner’s Answer, mailed July 31, 2019 (“Ans.”); and the Reply Brief, filed Sept. 27, 2019 (“Reply Br.”). 2 “Appellant” refers to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies VMware, Inc. and Nicira, Inc. as the real parties in interest. Appeal Br. 2. Appeal 2019-007021 Application 15/387,242 2 We REVERSE. II. CLAIMED SUBJECT MATTER According to Appellant, the claimed subject matter relates to a method and system for creating global objects and translating firewall rules in a distributed firewall across datacenters (201–203) in various geographic locations. Spec. ¶¶ 2, 3, 7. Figure 2, reproduced and discussed below, is useful for understanding the claimed subject matter: Figure 2 above illustrates datacenters (201–203) supporting dynamically Appeal 2019-007021 Application 15/387,242 3 defined global objects, each datacenter (201–203) includes network manager server (211–213), local object data store (251–253), and message broker (261–263), respectively. Each network manager (211–213) includes distributed firewall (DFW) publisher (221–223), global translation provider (231–233), and local translation provider (241–243), respectively. Network manager (211) is designated as the master/primary network manager and participating network managers (212–213) are designated as slave/secondary network managers. Datacenters (201–203) share a distributed cache 270 that acts as (or is used to store) a global object data store. The distributed cache is accessible to the network managers in each datacenter. Id. ¶¶ 52–53. For each virtual machine (VM) in a datacenter, a network manager creates a lightweight VM object including the VM’s properties stored in the local object data store (251–253) and stores the lightweight VM object in the global object data store within the distributed cache (accessible by the network managers of participating datacenters). Spec. ¶ 7. The network manager subsequently uses the lightweight VM objects in the distributed cache to translate distributed firewall rules including dynamically defined objects that use object identifiers (e.g., IP addresses or MAC addresses). Id. ¶ 8. More particularly, upon finding the object identifier in a firewall rule in the local object data store of the datacenter, the network manager translates the object identifier to a corresponding globally recognized static address specified in the local object data store by translating a VM identifier into a corresponding IP address or MAC address, and then distributes the translated firewall rules to the firewall enforcement points across the datacenters. When the object is not found in the local object data store, the network manager searches for the object in the global data store. Id. ¶ 9. Appeal 2019-007021 Application 15/387,242 4 Claims 21, 28, and 35 are independent. Claim 21, reproduced below with disputed limitations emphasized, is illustrative: 21. A method of defining firewall rules in a datacenter group comprising a plurality of datacenters, each datacenter comprising a network manager server and a plurality of data compute nodes (DCNs), the method comprising: at a network manager server of a first datacenter of the datacenter group: receiving a firewall rule comprising a set of matching criteria and an action, the set of matching criteria comprising a source or destination identifier defined by reference to a global identifier identifying a particular DCN of a second datacenter of the datacenter group; from a distributed cache accessible to all the network manager servers of the datacenter group, retrieving a network address corresponding to the global identifier of the particular DCN; generating a modified firewall rule from the received firewall rule by translating the global identifier of the particular DCN into the retrieved network address; and distributing the modified firewall rule to a firewall enforcement point associated with the first datacenter to process packets in accordance with a firewall action specified by the modified firewall rule. Appeal Br. 32 (Claims App.) (Emphasis added). III. REFERENCES The Examiner relies upon the following references.3 Name Reference Date Litvin US 2009/0249472 A1 Oct. 1, 2009 Loh US 2015/0277949 A1 Oct. 1, 2015 3 All reference citations are to the first named inventor only. Appeal 2019-007021 Application 15/387,242 5 IV. REJECTION The Examiner rejects claims 21–32, 34–38, and 41–45 as unpatentable under 35 U.S.C. § 103 over the combination of Litvin and Loh. Final Act. 7–12. V. ANALYSIS Appellant argues, inter alia, that the Examiner errs in finding that the combination of Litvin and Loh teaches or suggests at a plurality of data centers, each comprising a network manager server, as recited in independent claim 21. Appeal Br. 16. In particular, Appellant argues that Litvin discloses a hosting system that runs a plurality of physical computers (host nodes), each including multiple VMs, and the host nodes are managed by a single a firewall coordinator. Id. at 16–17 (citing Litvin ¶¶ 7, 65, 77, Fig. 4). According to Appellant, Litvin’s hosting system teaches a single data center, consistent with the definition of data center, and not a plurality of data centers, as required by the claim. Id. at 17–18 (citing Spec. ¶ 36); Reply Br. 3–4. Appellant’s arguments are persuasive of reversible Examiner error. We begin our analysis by giving the term “datacenter” its broadest reasonable interpretation consistent with Appellant’s disclosure. As explained in In re Morris: [T]he PTO applies to the verbiage of the proposed claims the broadest reasonable meaning of the words in their ordinary usage as they would be understood by one of ordinary skill in the art, taking into account whatever enlightenment by way of definitions or otherwise that may be afforded by the written description contained in the applicant’s specification. In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997); see also In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 1989) (“[C]laims must be interpreted as broadly as Appeal 2019-007021 Application 15/387,242 6 their terms reasonably allow.”). Our reviewing court further states, “the ‘ordinary meaning’ of a claim term is its meaning to the ordinary artisan after reading the entire patent.” Phillips v. AWH Corp., 415 F.3d 1303, 1321 (Fed. Cir. 2005) (en banc). As correctly noted by Appellant, the Specification defines “datacenter” as “a facility that houses computing resources, networking resources, storage resources, and the associated components for one or more tenants (or customers).” Appeal Br. 17 (quoting Spec. ¶ 36). Litvin relates to firewall system (100) wherein a firewall coordinator (400) coordinates firewalls (420, 422, 424) in host nodes/servers (410, 412, 414), each node including a plurality of VMs and implementing a separate firewall. Litvin ¶¶ 7, 77, Fig. 4. In particular, Litvin indicates upon detecting that a VM has moved from one node to another, the firewall coordinator sends the associated firewall policy to the new host node, and updates the connection table to reflect the move. Id. ¶¶ 18–20, 106, 107. We do not agree with the Examiner that Litvin’s host nodes teach the claimed plurality of datacenters consistent with the Specification. Ans. 11. As persuasively argued by Appellant, Litvin’s firewall system comports with a single datacenter, as set forth above, because the disclosed firewall system includes a facility with multiple computing devices (e.g., host nodes and VMs), storage devices, and network resources (e.g., firewall coordinator) for managing resources of a tenant. Appeal Br. 16. We therefore agree with Appellant that a host node by itself does not teach or suggest a datacenter. Id. Albeit it would have been within the purview of the ordinarily skilled artisan to replicate Litvin’s datacenter such that the combination of Litvin and Loh would predictably result in a system that uses universal identifiers Appeal 2019-007021 Application 15/387,242 7 for dynamically managing firewall policies across diverse geographic locations as a VM migrates from one datacenter to another, the Examiner has not made such findings on the record before us. Because Appellant shows at least one reversible error in the Examiner’s obviousness rejection of independent claim 21, we do not reach Appellant’s remaining arguments. Accordingly, we do not sustain the Examiner’s obviousness rejection of independent claim 21. Likewise, we do not sustain the rejections of dependent claims 22–32, 34–38, and 41–45, which also recite the disputed limitations. VI. CONCLUSION For the above reasons, we reverse the Examiner’s rejection of claims 21–32, 34–38, and 41–45. VII. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 21–32, 34– 38, 41–45 103 Litvin, Loh 21–32, 34– 38, 41–45 REVERSED Copy with citationCopy as parenthetical citation