I recently received a question on how to identify idle vCenter sessions that may stem from a non-active vSphere Client or vSphere API connection. Properly managing sessions to your vCenter Server is as important as knowing who is logging in. If you exhaust the maximum number of connections, you can easily deny login access to other users and/or services that are needed to connect to vCenter Server which can lead to very bad things. In the worse case, you can even prevent administrators from logging into a new session to help terminate any stale/idle connections.
The vSphere API provides a sessionManagement manager to help you manage all sessions, including checking whether a session is still active and terminating a session. I wrote a quick vSphere SDK for Perl script called sessionManagement.pl which allows you to list all sessions for a given vCenter and terminating a a specific session. Every session has a unique sessionKey that the vCenter Server uses to track and it provides information such username, login time and last active which can be used to create an unattended script to automatically terminate sessions that have gone beyond a certain threshold.
Here is an example script output of performing the “list” operation:
Note: There maybe vCenter Plugins/Extensions that creates sessions such as CapacityIQ, those will be denoted by “vCenter Ext Session” field. These should not be terminated as it can negatively impact 3rd party applications.
Here is an example script output of terminating a specific session using the “disconnect” operation which you will need to specify sessionkey provided in the previous command:
For those of you that are interested in creating your own script to terminate idle sessions, you can use the DateTime Perl module to help with calculating the amount of idle time and comparing that to a pre-defined timeout value.