System and method for validating virtual session requests

The invention claimed is: 1. A method comprising: storing and updating published resource entitlements for a plurality of client devices; using a plurality of virtual delivery appliances to: receive connection requests from at least one client device of the plurality of client devices, the connection requests including data representing connection leases having associated resource entitlements the client devices are permitted to access, and request validation of the connection leases; at the at least one client device, upon receipt of one or more validation requests from the virtual delivery appliances, comparing the connection leases to the published resource entitlements; in response to comparing the connection leases, validating one or more virtual session requests associated with the validation requests; and at the virtual delivery appliances, providing the client devices with access to at least one of the one or more virtual sessions corresponding to at least one of the published resource entitlements; and at the client device, providing a public key along with virtual session request validations to the virtual delivery appliances; wherein the client device further has a public key/private key pair associated therewith and the public key of the client device is signed by a private key of a Root of Trust (RoT). 2. The method of claim 1 further comprising, at the client device, generating a pre-authorized validation for the virtual delivery appliances; and at the virtual delivery appliances, providing at least one client device with access to a requested virtual session without availability of the client device based upon the pre-authorized validation. 3. The method of claim 2 wherein the virtual delivery appliances are arranged in a pool, and further comprising, at a given virtual delivery appliance in the pool, ceasing providing other client devices access to virtual sessions without availability of the client device after providing the at least one client device with access to the requested virtual session. 4. The method of claim 3 further comprising re-provisioning the given virtual delivery appliance to generate the pre-authorized validation after the requested virtual session is closed. 5. The method of claim 1 further comprising, at the virtual delivery appliances, denying and redirecting the connection requests to other virtual delivery appliances without availability of the client device. 6. The method of claim 1 wherein the connection leases list a subset of the plurality of virtual delivery appliances; and further comprising, at the client device, redirecting client devices with validated connection leases to virtual delivery appliances either inside or outside of the listed subset of virtual delivery appliances based upon virtual delivery appliance usage levels. 7. The method of claim 1 wherein the connection leases are associated with a public encryption key/private encryption key pair of the client device and signed using the private encryption key; and further comprising, at the virtual delivery appliances, validating the connection leases using the public encryption key prior to requesting validation of the connection leases from the client device. 8. The method of claim 7 wherein the connection leases are also time-based, and further comprising, at the virtual delivery appliances, performing time-based validation of the connection leases prior to requesting validation of the connection leases from the client device. 9. The method of claim 1 further comprising, at a gateway device: authenticating the public key of the client device using a public key of the RoT; authenticating the virtual session request validations using the authenticated public key of the client device; and establishing session connections between the client devices and the virtual delivery appliances responsive to authenticating the virtual session request validations. 10. The method of claim 9 further comprising, at the client devices: authenticating the public key of the client device using a public key of the RoT; authenticating the virtual session request validations using the authenticated public key of the client device; and establishing session connections with the virtual delivery appliances responsive to authenticating the virtual session request validations. 11. A virtual delivery appliance comprising: a memory and a processor configured to cooperate with the memory to: receive connection requests from a plurality of client devices, the connection requests including connection leases having associated resource entitlements the client devices are respectively permitted to access; request validation of the connection leases from a computing device that stores and updates published resource entitlements for the client devices by comparing the connection leases to the updated published resource entitlements; if the computing device provides a validation of the request, provide the client devices with access to virtual sessions corresponding to the published resource entitlements; validate the connection leases using a public encryption key prior to requesting validation of the connection leases from the computing device; and perform time-based validation of the connection leases prior to requesting validation of the connection leases from the computing device; wherein the connection leases are associated with a public encryption key/private encryption key pair of the computing device and signed using the private encryption key; and wherein the connection leases are time-based. 12. The virtual delivery appliance of claim 11 wherein the computing device is configured to generate a pre-authorized validation for the virtual delivery appliances; and wherein the processor is further configured to provide the client device with access to a requested virtual session without availability of the computing device based upon the pre-authorized validation. 13. The virtual delivery appliance of claim 11 wherein the processor is further configured to deny and redirect the connection requests to other virtual delivery appliances without availability of the computing device. 14. A non-transitory computer readable medium having computer-executable instructions for causing a virtual delivery appliance to perform steps comprising: receiving connection requests from a plurality of client devices, the connection requests including connection leases having associated resource entitlements the client devices are respectively permitted to access; requesting validation of the connection leases from a computing device storing and updating published resource entitlements for the client devices by comparing the connection leases to the updated published resource entitlements; if the computing device provides validation of the connection leases, providing the client devices with access to virtual sessions corresponding to the published resource entitlements; validating the connection leases using a public encryption key prior to requesting validation of the connection leases from the computing device; and performing time-based validation of the connection leases prior to requesting validation of the connection leases from the computing device; wherein the connection leases are associated with a public encryption key/private encryption key pair of the computing device and signed using the private encryption key; and wherein the connection leases are time-based. 15. The non-transitory computer-readable medium of claim 14 wherein the computing device is configured to generate a pre-authorized validation for th