U.S. Patent No. 7,519,814 (“’814 Patent”)
`Accused Instrumentalities: Google’s products and services using user mode critical system elements as shared libraries, including
`without limitation Google Kubernetes Engine, Cloud Run, Migrate to Containers, and all versions and variations thereof since the
`issuance of the asserted patent. To the extent Google contends “Google Cloud Observability” is a separate instrumentality, the
`combination of GKE and Google Cloud Observability and the combination of Cloud Run and Google Cloud Observability are
`Accused Instrumentalities with respect to claim 13.
`Each Accused Instrumentality infringes the claims in substantially the same way, and the evidence shown in this chart is similarly
`applicable to each Accused Instrumentality. Each claim limitation is literally infringed by each Accused Instrumentality. However, to
`the extent any claim limitation is not met literally, it is nonetheless met under the doctrine of equivalents because the differences
`between the claim limitation and each Accused Instrumentality would be insubstantial, and each Accused Instrumentality performs
`substantially the same function, in substantially the same way, to achieve the same result as the claimed invention. Notably, Defendant
`has not yet articulated which, if any, particular claim limitations it believes are not met by the Accused Instrumentalities.
`
`Claim 1
`
`Claim 1
`[1pre] 1. In a system having a
`plurality of servers with
`operating systems that differ,
`operating in disparate
`computing environments,
`wherein each server includes a
`processor and an operating
`system including a kernel a set
`of associated local system files
`compatible with the processor,
`a method of providing at least
`some of the servers in the
`system with secure,
`executable, applications related
`to a service, wherein the
`applications are executed in a
`
`Accused Instrumentalities
`To the extent the preamble is limiting, Google and/or its customer practices, through the Accused
`Instrumentalities, in a system having a plurality of servers with operating systems that differ,
`operating in disparate computing environments, wherein each server includes a processor and an
`operating system including a kernel a set of associated local system files compatible with the
`processor, a method of providing at least some of the servers in the system with secure, executable,
`applications related to a service, wherein the applications are executed in a secure environment,
`wherein the applications each include an object executable by at least some of the different operating
`systems for performing a task related to the service, as claimed.
`For example, Google Kubernetes Engine and Cloud Run, as well as containers produced by Migrate
`to Containers, each runs on individual servers, each of which uses an independent operating system.
`This is also true in the infringing configuration where Migrate to Containers is used to produce a
`container that is run on Google Kubernetes Engine or Cloud Run. Google provides and/or requires
`that each server includes a processor with one or more cores available to the OS kernel. Google
`further provides and/or requires that each server has a supported operating system (e.g., Container-
`Optimized OS, Ubuntu), which includes a kernel and associated local system files, including for
`example libraries such as libc/glibc, configuration files, etc. On information and belief, there exist at
`
`Page 1 of 68
`
`Google Exhibit 1079
`Google v. VirtaMove
`
`

`

`
`
`Claim 1
`secure environment, wherein
`the applications each include
`an object executable by at least
`some of the different operating
`systems for performing a task
`related to the service, the
`method comprising:
`
`Accused Instrumentalities
`least two GKE/Cloud Run servers that have different operating systems, for example Container-
`Optimized OS and Ubuntu. The servers operate in disparate computing environments, including
`because each server is a stand-alone computer and/or each server is unrelated to the other servers due
`to having independent hardware and, in some instances, independent software.
`See claim limitations below.
`See also, e.g.:
`
`https://cloud.google.com/migrate/containers/docs/getting-started
`
`
`
`https://cloud.google.com/kubernetes-engine/docs/concepts/node-images
`
`
`
`Page 2 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://cloud.google.com/kubernetes-engine/docs/concepts/node-images
`
`
`
`Page 3 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://cloud.google.com/migrate/containers/docs/getting-started
`
`
`
`
`https://cloud.google.com/blog/products/containers-kubernetes/how-migrate-for-anthos-improves-vm-
`to-container-migration
`
`
`https://cloud.google.com/migrate/containers/docs/compatible-os-versions, Last accessed on June 05,
`2023
`
`Page 4 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/learn/what-are-containers
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`
`
`Page 5 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/blog/products/application-modernization/shift-your-apps-to-container-
`based-workloads-on-the-command-line
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`Page 6 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/learn/what-are-containers
`
`https://cloud.google.com/learn/what-are-containers
`
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`
`
`
`
`Page 7 of 68
`
`

`

`
`
`Claim 1
`[1a] storing in memory
`accessible to at least some of
`the servers a plurality of secure
`containers of application
`software, each container
`comprising one or more of the
`executable applications and a
`set of associated system files
`required to execute the one or
`more applications, for use with
`a local kernel residing
`permanently on one of the
`servers;
`
`
`Accused Instrumentalities
`The method practiced by Google and/or its customer through the Accused Instrumentalities includes
`a step of storing in memory accessible to at least some of the servers a plurality of secure containers
`of application software, each container comprising one or more of the executable applications and a
`set of associated system files required to execute the one or more applications, for use with a local
`kernel residing permanently on one of the servers.
`For example, GKE and, Cloud Run, and Migrate to Containers each stores application containers,
`sometimes called Docker containers, container images, Kubernetes containers, or Kubernetes pods,
`in persistent storage available to each node running the application. This is also true in the infringing
`configuration where Migrate to Containers is used to produce a container that is run on Google
`Kubernetes Engine or Cloud Run. The terms “node” and “host” are sometimes used to refer to the
`claimed server. The container might be in a format defined by the Open Container Initiative. This
`storage may be physically attached to the server or connected through any supported interconnect,
`including over a network. In addition to Each container includes the application software, each
`container includes associated system files, including as well as a Linux user space required to
`execute the application, for example libc/glibc and other shared libraries, configuration files, etc.
`necessary for the application. For example, the container includes a base OS image, provided by
`Google or by a third party, such as a Debian, Rocky Linux, or Ubuntu base image. The container is
`compatible with the host kernel, for example because the container libraries are linked against the
`Linux kernel, and the supported host operating systems also use the Linux kernel, which has a stable
`binary interface.
`For another example, GKE and Cloud Run each stores files, pertaining to the applications, in
`ephemeral or persistent volumes or in the filesystem represented in the container image, required to
`execute the applications within those containers. Because these volumes are stored and accessible
`within the GKE/Cloud Run environment, it is inferred that they are stored in the memory of the
`server as claimed.
`The containers are secure containers as claimed. For example, the data within an individual container
`is insulated from the effects of other containers except to the extent the container is specifically
`configured to allow other containers to modify its data, for example using a shared volume.
`See, e.g.:
`
`Page 8 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://cloud.google.com/software-supply-chain-security/docs/base-images
`
`
`
`Page 9 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://cloud.google.com/software-supply-chain-security/docs/base-images
`
`
`
`Page 10 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`
`
`https://cloud.google.com/kubernetes-engine/docs/concepts/storage-overview
`
`
`https://www.docker.com/blog/the-10-most-common-questions-it-admins-ask-about-docker/
`
`
`
`
`
`https://kubernetes.io/docs/concepts/storage/volumes/
`
`Page 11 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/blog/products/application-modernization/shift-your-apps-to-container-
`based-workloads-on-the-command-line
`
`
`
`
`
`
`
`Page 12 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`https://cloud.google.com/learn/what-are-containers
`
`
`
`
`
`Page 13 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 14 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 15 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 16 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/storage/volumes/
`
`
`
`
`https://kubernetes.io/docs/concepts/containers/container-environment/
`
`Page 17 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/containers/images/
`
`https://kubernetes.io/docs/concepts/storage/volumes/
`
`Page 18 of 68
`
`
`
`
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/spec.md
`
`
`
`Page 19 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/spec.md
`
`
`
`Page 20 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`
`
`Page 21 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`
`
`Page 22 of 68
`
`

`

`
`
`Claim 1
`
`
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`Page 23 of 68
`
`

`

`
`
`Claim 1
`[1b] wherein the set of
`associated system files are
`compatible with a local kernel
`of at least some of the plurality
`of different operating systems,
`
`Accused Instrumentalities
`In the method practiced by Google and/or its customer through the Accused Instrumentalities, the set
`of associated system files are compatible with a local kernel of at least some of the plurality of
`different operating systems.
`The associated system files in the container are compatible with the host kernel, for example because
`they are linked against the Linux kernel and the supported host operating systems also use the Linux
`kernel, which has a stable binary interface.
`See discussion and evidence in element [1a] above.
`See also, e.g.:
`
`
`
`
`
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`Page 24 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/learn/what-are-containers
`
`Page 25 of 68
`
`

`

`
`
`Claim 1
`[1c] the containers of
`application software excluding
`a kernel,
`
`Accused Instrumentalities
`In the method practiced by Google and/or its customer through the Accused Instrumentalities, the
`containers of application software exclude a kernel.
`See discussion and evidence in element [1a] above.
`See also, e.g.:
`
`
`https://cloud.google.com/blog/products/containers-kubernetes/how-migrate-for-anthos-improves-vm-
`to-container-migration
`
`
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`Page 26 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://www.docker.com/blog/the-10-most-common-questions-it-admins-ask-about-docker/
`
`Page 27 of 68
`
`

`

`
`
`Claim 1
`[1d] wherein some or all of the
`associated system files within
`a container stored in memory
`are utilized in place of the
`associated local system files
`that remain resident on the
`server,
`
`Accused Instrumentalities
`In the method practiced by Google and/or its customer through the Accused Instrumentalities, some
`or all of the associated system files within a container stored in memory are utilized in place of the
`associated local system files that remain resident on the server.
`For example, each container will utilize its own local associated system files, including libraries such
`as libc/glibc and configuration files, not the corresponding associated local system files (e.g. libraries
`and configuration files of the host OS). As described above and below, in the Accused
`Instrumentalities the associated system files provide at least some of the same functionalities as the
`associated local system files. The host/node’s associated local system files remain resident on the
`host/node, for example for use by system processes or applications outside the container
`environment.
`See discussion and evidence in element [1a] above.
`See also, e.g.:
`
`
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`Page 28 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/blog/products/application-modernization/shift-your-apps-to-container-
`based-workloads-on-the-command-line
`
`Page 29 of 68
`
`

`

`
`
`Claim 1
`[1e] wherein said associated
`system files utilized in place of
`the associated local system
`files are copies or modified
`copies of the associated local
`system files that remain
`resident on the server,
`
`Accused Instrumentalities
`In the method practiced by Google and/or its customer through the Accused Instrumentalities, said
`associated system files utilized in place of the associated local system files are copies or modified
`copies of the associated local system files that remain resident on the server.
`For example, in some cases the host OS and container will use one or more identical system files, for
`example when both the host and the container incorporate the same Linux distribution version, or
`when both host and container use the same version of libc. In other cases modified copies are used
`instead, for example when different versions of the same library, or configuration files with different
`parameters, are used by the host and container.
`See discussion and evidence in element [1a] above.
`See also, e.g.:
`
`
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`Page 30 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`
`https://medium.com/@swalperen3008/what-is-dockerize-and-dockerize-your-project-a-step-by-step-
`guide-899c48a34df6
`
`https://kubernetes.io/docs/concepts/containers/
`
`
`
`Page 31 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 32 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 33 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 34 of 68
`
`

`

`
`
`Claim 1
`[1f] and wherein the
`application software cannot be
`shared between the plurality of
`secure containers of
`application software,
`
`Accused Instrumentalities
`In the method practiced by Google and/or its customer through the Accused Instrumentalities, the
`application software cannot be shared between the plurality of secure containers of application
`software.
`For example, each container has an isolated runtime environment that cannot be accessed by other
`containers, for example including a per-container writeable layer or other ephemeral per-container
`storage. For another example, when the plurality of secure containers each corresponds to a different
`container image, each container cannot access another container’s image and therefore application
`software.
`See, e.g.:
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`https://cloud.google.com/kubernetes-engine/docs/concepts/volumes
`
`
`
`
`
`
`
`Page 35 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/workloads/pods/
`
`
`
`
`
`
`https://cloud.google.com/kubernetes-engine#section-2
`
`Page 36 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 37 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 38 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 39 of 68
`
`

`

`
`
`Claim 1
`[1g] and wherein each of the
`containers has a unique root
`file system that is different
`from an operating system's
`root file system.
`
`Accused Instrumentalities
`In the method practiced by Google and/or its customer through the Accused Instrumentalities, each
`of the containers has a unique root file system that is different from an operating system's root file
`system.
`For example, the container’s root file system comprises the image layer(s), an ephemeral writeable
`layer (e.g., in Docker terminology the container layer), and optionally one or more volumes. This
`root file system is distinct and isolated from the host operating system’s root file system.
`See, e.g.:
`
`“Borg, Omega, and, Kubernetes,”
`https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44843.pdf
`
`
`
`
`https://opensource.googleblog.com/2023/04/gvisor-improves-performance-with-root-filesystem-
`overlay.html
`
`Page 40 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/storage/volumes/
`
`
`
`Page 41 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 42 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 43 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://docs.docker.com/storage/storagedriver/
`
`
`
`Page 44 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/storage/volumes/
`
`
`
`
`https://kubernetes.io/docs/concepts/containers/container-environment/
`
`Page 45 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/containers/images/
`
`https://kubernetes.io/docs/concepts/storage/volumes/
`
`Page 46 of 68
`
`
`
`
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/spec.md
`
`
`
`Page 47 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/spec.md
`
`
`
`Page 48 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`
`
`Page 49 of 68
`
`

`

`
`
`Claim 1
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`
`
`Page 50 of 68
`
`

`

`
`
`Claim 1
`
`
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`Claim 2
`
`Claim 2
`2. A method as defined in
`claim 1, wherein each
`container has an execution
`file associated therewith for
`starting the one or more
`applications.
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 1, wherein each container has an execution file associated therewith for starting the one or more
`applications.
`For example, a container image has an associated image configuration comprising information for
`starting the one or more applications. This can be an Open Containers Initiative image configuration.
`See, e.g.:
`
`Page 51 of 68
`
`

`

`
`
`Claim 2
`
`Accused Instrumentalities
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/spec.md
`
`
`
`Page 52 of 68
`
`

`

`
`
`Claim 2
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/spec.md
`
`
`
`Page 53 of 68
`
`

`

`
`
`Claim 2
`
`Accused Instrumentalities
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`
`
`Page 54 of 68
`
`

`

`
`
`Claim 2
`
`Accused Instrumentalities
`
`
`
`
`
`https://github.com/opencontainers/image-
`spec/blob/a6af2b480dcfc001ba975f44de53001c873cb0ef/config.md
`
`Page 55 of 68
`
`

`

`
`
`Claim 4
`
`Claim 4
`4. A method as defined in
`claim 1 further comprising the
`step of pre-identifying
`applications and system files
`required for association with
`the one or more containers
`prior to said storing step.
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 1 further comprising the step of pre-identifying applications and system files required for
`association with the one or more containers prior to said storing step.
`For example, in the infringing configuration where Google’s Migrate to Containers is used to produce
`a container that is run on Google Kubernetes Engine or Cloud Run, Google’s Migrate to Containers
`feature identifies the application along with its dependencies to be migrated to the target
`cluster/container. This identification step happens before storing the containers having the migrated
`application and files in the target machine, as described above.
`See analysis and evidence for claim 1 above.
`See also, e.g.:
`
`
`https://cloud.google.com/migrate/containers/docs/setting-up-overview
`
`https://cloud.google.com/migrate/containers/docs/m2c-cli/migrate-data
`
`
`
`Page 56 of 68
`
`

`

`
`
`Claim 4
`
`Accused Instrumentalities
`
`https://cloud.google.com/migrate/containers/docs/m2c-cli/copy-file-system
`
`
`
`https://cloud.google.com/migrate/containers/docs/m2c-cli/create-a-migration-plan
`
`
`
`Page 57 of 68
`
`

`

`
`
`Claim 4
`
`Accused Instrumentalities
`
`https://cloud.google.com/migrate/containers/docs/m2c-cli/linux/customizing-a-migration-plan
`
`https://cloud.google.com/migrate/containers/docs/m2c-cli/linux/customizing-a-migration-plan
`
`
`
`
`
`Page 58 of 68
`
`

`

`
`
`Claim 4
`
`Accused Instrumentalities
`
`https://cloud.google.com/migrate/containers/docs/m2c-cli/linux/customizing-a-migration-plan
`
`
`
`Claim 6
`
`Claim 6
`6. A method as defined in
`claim 2, comprising the step
`of assigning a unique
`associated identity to each of
`a plurality of the containers,
`wherein the identity includes
`at least one of IP address, host
`name, and MAC address.
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 2, comprising the step of assigning a unique associated identity to each of a plurality of the
`containers, wherein the identity includes at least one of IP address, host name, and MAC address.
`For example, Kubernetes containers have an associated hostname, which in the case of a single-
`container Pod is the unique identity of that container. For another example, Kubernetes pods have an
`associated hostname, which is unique. For another example, a networked Kubernetes pod has an
`assigned IPv4 and/or IPv6 address. For another example, a Docker container has an IP address and a
`hostname.
`See, e.g.:
`
`Page 59 of 68
`
`

`

`
`
`Claim 6
`
`Accused Instrumentalities
`
`https://kubernetes.io/docs/concepts/containers/container-environment/
`
`
`
`Page 60 of 68
`
`

`

`
`
`Claim 6
`
`Accused Instrumentalities
`
`Claim 9
`
`Claim 9
`9. A method as defined in
`claim 2, wherein server
`information related to
`hardware resource usage
`including at least one of CPU
`memory, network bandwidth,
`and disk allocation is
`associated with at least some
`of the containers prior to the
`
`https://docs.docker.com/network/
`
`
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 2, wherein server information related to hardware resource usage including at least one of CPU
`memory, network bandwidth, and disk allocation is associated with at least some of the containers
`prior to the applications within the containers being executed.
`For example, Kubernetes tracks and limits resource usage, including CPU and memory resources. For
`another example, Docker tracks and limits resource usage, including CPU and memory resources.
`See, e.g.:
`
`Page 61 of 68
`
`

`

`
`
`Claim 9
`applications within the
`containers being executed.
`
`Accused Instrumentalities
`Resource Management for Pods and Containers
`
`When you specify a Pod, you can optionally specify how much of each resource
`a container needs. The most common resources to specify are CPU and memory
`(RAM); there are others.
`
`When you specify the resource request for containers in a Pod, the kube-
`scheduler uses this information to decide which node to place the Pod on. When
`you specify a resource limit for a container, the kubelet enforces those limits so
`that the running container is not allowed to use more of that resource than the
`limit you set. The kubelet also reserves at least the request amount of that system
`resource specifically for that container to use.
`
`Requests and limits
`If the node where a Pod is running has enough of a resource available, it's
`possible (and allowed) for a container to use more resource than its request for
`that resource specifies. However, a container is not allowed to use more than its
`resource limit.
`
`For example, if you set a memory request of 256 MiB for a container, and that
`container is in a Pod scheduled to a Node with 8GiB of memory and no other
`Pods, then the container can try to use more RAM.
`
`If you set a memory limit of 4GiB for that container, the kubelet (and container
`runtime) enforce the limit. The runtime prevents the container from using more
`than the configured resource limit. For example: when a process in the container
`tries to consume more than the allowed amount of memory, the system kernel
`
`Page 62 of 68
`
`

`

`
`
`Claim 9
`
`Accused Instrumentalities
`terminates the process that attempted the allocation, with an out of memory
`(OOM) error.
`
`Limits can be implemented either reactively (the system intervenes once it sees a
`violation) or by enforcement (the system prevents the container from ever
`exceeding the limit). Different runtimes can have different ways to implement the
`same restrictions.
`
`https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
`
`Runtime options with Memory, CPUs, and GPUs
`By default, a container has no resource constraints and can use as much of a given
`resource as the host's kernel scheduler allows. Docker provides ways to control how
`much memory, or CPU a container can use, setting runtime configuration flags of
`the docker run command. This section provides details on when you should set such
`limits and the possible implications of setting them.
`
`Limit a container's access to memory
`Docker can enforce hard or soft memory limits.
`• Hard limits lets the container use no more than a fixed amount of memory.
`• Soft limits lets the container use as much memory as it needs unless certain
`conditions are met, such as when the kernel detects low memory or contention on
`the host machine.
`
`
`https://docs.docker.com/config/containers/resource_constraints/
`
`Page 63 of 68
`
`

`

`
`
`Claim 10
`
`Claim 10
`10. A method as defined in
`claim 2, wherein in operation
`when an application residing
`within a container is executed,
`said application has no access
`to system files or applications
`in other containers or to
`system files within the
`operating system during
`execution thereof.
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 2, wherein in operation when an application residing within a container is executed, said
`application has no access to system files or applications in other containers or to system files within
`the operating system during execution thereof.
`As described in connection with limitations [1a] and [1f] above, containers cannot access the
`host/node’s file system, or the file systems of other containers, unless specifically configured to allow
`such access, for example using a shared volume.
`See, e.g.:
`
`
`
`
`
`
`
`
`
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`Page 64 of 68
`
`

`

`
`
`Claim 10
`
`Accused Instrumentalities
`
`Claim 13
`
`Claim 13
`13. A method as defined in
`claim 1 further comprising the
`step of associating with a
`plurality of containers a
`stored history of when
`processes related to
`applications within the
`container are executed for at
`least one of, tracking
`statistics, resource allocation,
`and for monitoring the status
`of the application.
`
`https://services.google.com/fh/files/misc/why_container_security_matters.pdf
`
`
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 1 further comprising the step of associating with a plurality of containers a stored history of
`when processes related to applications within the container are executed for at least one of, tracking
`statistics, resource allocation, and for monitoring the status of the application.
`See analysis and evidence for claim 1 above.
`See also, e.g.:
`
`https://cloud.google.com/architecture/migrating-containers-kubernetes-gke
`
`
`
`Page 65 of 68
`
`

`

`
`
`Claim 13
`
`Accused Instrumentalities
`
`
`https://cloud.google.com/blog/products/gcp/manage-google-kubernetes-engine-from-cloud-console-
`dashboard-now-generally-available
`
`Claim 14
`
`Claim 14
`14. A method as defined in
`claim 1 comprising the step of
`creating containers prior to
`said step of storing containers
`in memory, wherein
`containers are created by:
`
`Accused Instrumentalities
`Google and/or its customer practices, through the Accused Instrumentalities, a method as defined in
`claim 1 comprising the step of creating containers prior to said step of storing containers in memory,
`wherein containers are created by (a) running an instance of a service on a server; (b) determining
`which files are being used; and, (c) copying applications and associated system files to memory
`without overwriting the associated system files so as to provide a second instance of the applications
`and associated system files.
`
`Page 66 of 68
`
`

`

`
`
`Claim 14
`a) running an instance of a
`service on a server;
`b) determining which files are
`being used; and,
`c) copying applications and
`associated system files to
`memory without overwriting
`the associated system files so
`as to provide a second
`instance of the applications
`and associated system files.
`
`Accused Instrumentalities
`For example, GKE, Cloud Run, and Migrate to Containers support the creation of containers and
`deploying the containers on the server. The containers are first created (e.g., by Migrate to
`Containers) and then later deployed/stored on the server (e.g., by GKE or Cloud Run). The creation
`step involves determining which applications and files are to be migrated, copying these identified
`applications and files to a location in the target server. Based on information and belief, once the files
`are migrated, the earlier stored files (if any) are not deleted/overwritten, rather, the migrated files are
`stored as different instance in memory accessible to containers. Further, an instance of an
`application/service may be te