Nimbostratus
EmployeeIt's great that you have such a detailed list. APM stores user session data in "session variables" that are available for user-display, logging, rule evaluation, etc. The user's truncated session ID is automatically included in all system-generated logs (except for some at the very beginning of a native mode RDP/Citrix connection where we don't know what the session is yet)
Let's talk about each one of your requirements.
APM has an Informational-level "New session from..." message that you have probably seen, it includes the BIG-IP Virtual server that services the connection, a user-agent, a client ip. The username is unknown until the session executes and obtains that information, so you'll have to put logging agents or irules in for such. If you use iRules, fire those after the session has been fully started. The iRule event for this is called ACCESS_POLICY_COMPLETED.
This is a little more tricky. If you enable VDI informational level logging, you'll see a lot of data that IIRC includes most of this information. Check it out and see if it works for you. If you want to do timing, you'll have to record a "start time" associated with that link, then figure out what happens at the end of the RDP session. This could vary greatly depending on if users timeout or force-close, or allow their session to expire, or log out, etc. A local proxy like Fiddler or an equivalent can help you figure out what URLs exactly that your client accesses during different usage. Once you know these URLs, you can use a technique with iRules like this to detect and log (you'd substitute log statements and the RDP URL for the VPN URL)
https://my.f5.com/manage/s/article/K27804015