To help you understand how the session statistics change in a Unified Access Gateway session for the Horizon edge service, a flow of events is described in this topic.
The session flow described here does not include any authentication method configured for Horizon in the Unified Access Gateway Admin UI.
Edge service health check occurs as per the value configured in Monitor Interval, an advanced system configuration setting in the Unified Access Gateway Admin UI.
To see definition about the session statistics mentioned here, see Monitoring Edge Service Session Statistics.
- When the Horizon Client sends an XMLAPI request through Unified Access Gateway to the Horizon Connection Server, a new session is created in Unified Access Gateway.
In the subsequent edge service health check, the session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 0 Inactive Sessions 1 Failed Login Attempts 0 Session High Water Mark 1 After receiving the response from the Horizon Connection Server, Unified Access Gateway sends the response to the Horizon Client and an authentication prompt is displayed on the end user's device.
- At the authentication prompt, the end user's action can vary. Depending on the action, the session statistics have different values.
- If an end user's authentication is successful, in the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 1 Inactive Sessions 0 Failed Login Attempts 0 Session High Water Mark 1 - If an end user submits incorrect credentials for authentication, the change in session statistics depends on the number of login attempts, as allowed by the Horizon Connection Server.
- If the number of login attempts allowed is more than one, the session remains inactive until the number of login attempts reaches the maximum limit as allowed by the Horizon Connection Server.
The Failed Login Attempts parameter increases by one for every failed login attempt.
In the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 0 Inactive Sessions 1 Failed Login Attempts 1 Session High Water Mark 1 - If the number of attempts allowed is only one, then the session is removed.
Note: When a session is removed, Total Sessions and Inactive Sessions decrease by one.
In the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 0 Active Sessions 0 Inactive Sessions 0 Failed Login Attempts 1 Session High Water Mark 1
- If the number of login attempts allowed is more than one, the session remains inactive until the number of login attempts reaches the maximum limit as allowed by the Horizon Connection Server.
- If an end user attempts to authenticate after the Authentication Timeout (a system configuration setting, configured in the Unified Access Gateway Admin UI), authentication fails and the session is removed.
In the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 0 Active Sessions 0 Inactive Sessions 0 Failed Login Attempts 1 Session High Water Mark 1 - If an end user cancels the authentication prompt, the session is not authenticated and remains in this state until the time from when the session was created exceeds the Authentication Timeout. When the Authentication Timeout is exceeded, the session expires.
Note: Expired sessions are included as part of Total Sessions until the limit for the total number of sessions is reached. This limit depends on the sizing of the Unified Access Gateway appliance.
In the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 0 Inactive Sessions 1 Failed Login Attempts 0 Session High Water Mark 1
- If an end user's authentication is successful, in the subsequent edge service health check, session statistics have the following values:
- After successful authentication, if VMware Tunnel is enabled in Unified Access Gateway and the Horizon Client is used, a tunnel session is created in Unified Access Gateway.
In the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 1 Inactive Sessions 0 Failed Login Attempts 0 Session High Water Mark 1 Tunnel Sessions 1 Note: If Tunnel is disabled in Unified Access Gateway, then the value is0. - Depending on the display protocol (PCOIP or Blast) selected by the end user for launching desktops or applications, the corresponding protocol's session statistics are affected.
For example, if Blast protocol is configured to be used, then in the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 1 Inactive Sessions 0 Failed Login Attempts 0 Session High Water Mark 1 Tunnel Sessions 1 Blast Sessions 1 PCoIP Sessions 0 - If the end user disconnects the launched desktop or application, then in the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 1 Active Sessions 1 Inactive Sessions 0 Failed Login Attempts 0 Session High Water Mark 1 Tunnel Sessions 1 Blast Sessions 0 PCoIP Sessions 0 - End-user logout can occur due to various reasons such as user-initiated logout, inactivity after user authentication, or session expiry. When the end user is logged out, in the subsequent edge service health check, session statistics have the following values:
Session statistics Values Total Sessions 0 Active Sessions 0 Inactive Sessions 0 Failed Login Attempts 0 Session High Water Mark 1 Tunnel Sessions 0 Blast Sessions 0 PCoIP Sessions 0
