Get VMware Unified Access Gateway (UAG) Session Count Using PowerShell

With the recent COVID-19 catastrophe, we had the need to automatically pull UAG session statistics and report them to a dashboard so we could keep track of our external Horizon users to ensure the 2k limit per UAG was not exceeded. What better way to automate this than a little PowerShell?

VMware has some documentation on the API URL and definitions here – unfortunately there’s no information on how to interact with the API, authenticate, etc., so I had to figure that out for myself. Special thanks to pallabpain for the great REST framework that I used for this script – I will certainly continue to utilize it!

I recommend creating a read-only account in the GUI under Advanced Settings -> Account Settings. Definitely no reason to use your production admin account for this:

Here’s the full script – you just need to paste it into a .ps1, execute it, and it will become an available function:

################################################
# This is a script to grab UAG authenticated sessions
# Written by Nick Burton
################################################

# Ignore cert errors

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'

# Create a function for UAG API call - thanks to Pallabpain.wordpress.com for this great REST framework!

function Get-UAGSessionCount([string]$username, [string]$password, [string]$UAGHostName) {
 
  $url = "https://"+$UAGHostName+":9443/rest/v1/monitor/stats"
  # Step 1. Create a username:password pair
  $credPair = "$($username):$($password)"
 
  # Step 2. Encode the pair to Base64 string
  $encodedCredentials = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($credPair))
 
  # Step 3. Form the header and add the Authorization attribute to it
  $headers = @{ Authorization = "Basic $encodedCredentials" }
 
  # Step 4. Make the GET request
  $responseData = Invoke-WebRequest -Uri $url -Method Get -Headers $headers -UseBasicParsing

  $firstString = "<authenticatedSessionCount>"
  $secondString = "</authenticatedSessionCount>"
  $content = $responseData

  # Get the value between the two strings above
    $pattern = "$firstString(.*?)$secondString"

    # Output result of pattern match using regex
    $result = [regex]::Match($content,$pattern).Groups[1].Value

    # Return result
    return $result
}

Execute it with PowerShell, and you now have an available PowerShell function called Get-UAGSessionCount:

Get-UAGSessionCount -username [read-only UAG account] -password [password] -UAGHostName [FQDN or IP of UAG]

After executing, you’ll simply get a number back. This number represents the AuthenticatedSession count found in the UAG GUI:

With this, you can do some pretty cool stuff. Add it to a scheduled task that outputs the value to a csv with the date/time. Use it in PowerBI, Tableau, etc. across your UAG’s to have a real-time dashboard of your remote workforce. Happy monitoring!