Connection leasing for hosted services

摘要

Aspects herein describe brokering hosted resources in a virtual desktop infrastructure (VDI) using connection leases to reduce demand on connection brokers and to allow hosted services to be maintained even in the event of a broker outage. When a client device desires to connect to a hosted resource (e.g., a hosted desktop or a hosted application), the client device may present a lease token to the session host. The lease token is a self-sustaining package of data from which a session host can determine whether the requesting client device is authorized to access one or more resources hosted by that session host. The lease token may be cryptographically signed to ensure its contents have not been altered, and further that the lease token originated from a trusted source. Lease tokens may be stored independently from a connection broker, thereby still being usable if the connection broker goes offline.

主权项

1. A session host apparatus, comprising:
a processor controlling operations of the session host apparatus; and memory storing computer readable instructions that, when executed by the processor, cause the session host apparatus to establish a session with a session client by: receiving a lease token associated with a session client, wherein the lease token is a self-sustaining package of cryptographically signed connection lease data from which the session host apparatus can determine whether the session client device is authorized to access one or more resources hosted by that session host, wherein the lease token comprises a plurality of data fields, each data field defining a different one of a lease ID, a set of one or more client devices, a set of one or more session hosts, and a set of one or more resources; determining, based on the lease token, one or more resources, hosted by the session host apparatus, that the session client is authorized to access; sending connection information to the session client based on the determined resources, after determining that the session client is authorized to access the one or more resources; and establishing a session with the session client to provide access to the one or more determined resources.