Zero Client™ as a Service (ZCaaS™)

Zero Client as a Service (ZCaaS™) is a quick-booting, web-based secure enclave for Federal government contractors to work with Controlled Unclassified Information (CUI) without worrying about hardening and monitoring a local computer.

ZCaaS™ helps small- and micro-businesses achieve CMMC compliance more efficiently while minimizing cost.


What is ZCaaS™?

Zero Client as a Service (ZCaaS) ™ is a temporary “desktop in the cloud” you can use to edit your sensitive information and transfer it from one cloud service to another without “contaminating” your local PC or Mac. 

We call it a “zero client” because your local workstation acts as a client to a cloud service and zero information is ever stored, processed, or transmitted on your local machine.

ZCaaS™ is ideal for a small or micro-sized business looking to conduct business with the US Government in the Federal Contract space.


ZCaaS™ features a quick-booting, non-persistent Windows 10 environment hosted entirely in the cloud, meaning no files or data you browse to ever reach your local workstation, and when you’re finished, all traces of the session are deleted from the cloud.


ZCaaS™ allows you to interact with your files that contain sensitive information, such as Controlled Unclassified Information (CUI) or Protected Health Information (PHI), from an untrusted, un-managed, un-hardened, or employee-owned workstation. 


ZCaaS™ is a virtual ephemeral Windows 10 OS in the Azure Government Cloud built on Microsoft’s Azure Virtual Desktop (AVD) service.  The temporary nature of the desktop allows the user to operate on CUI in a secure enclave with confidence.  Files are stored long-term and shared externally through SafeShare, powered by Keeper Security™ in AWS GovCloud. 

ZCaaS™ Overview

From any unmanaged workstation with internet access, you can use ZCaaS to:

ZCaaS™ will save you time and money!​


ZCaaS™ Security

ZCaaS™ is powered by two of the leading secure cloud services: Microsoft Azure Government and AWS GovCloud technologies.  Azure Government and AWS GovCloud are SOC 2 attested and hosted in a FedRAMP Moderate Authorized environment.

The ZCaaS™ concept is based on the now defunct DoD Trusted End Node Security (TENS) program.

TENS was designed to allow DoD remote-working employees to login to DoD-controlled networks from their unmanaged personal devices.  However, TENS relied on booting a workstation from DVD or USB, which required some reconfiguration of the workstation and took several minutes to boot (at a minimum).  Also, the TENS boot media by its nature contained a limited set of drivers, and so only worked on limited workstation makes and models.  ZCaaS™ provides the same security features as TENS without the limitations.

Obtaining a ZCaaS™ Account

Contact Totem to get access to ZCaaS™.  We’ll setup billing and provide you with an account and the ZCaaS™ login.

Logging into ZCaaS™

Logging into ZCaaS™ is easy.  Check out the tutorial videos on the homepage for a run through, or follow these steps:

Login using a Web Browser

Use this link to open the ZCaaS™ web browser.

Scroll down to the first step to sign in with your ZCaaS™ username and password.

Login using Remote Desktop

To login into a ZCaaS™ remote desktop session, you must first set up your ZCaaS™ account via the ZCaaS™ web browser.  Refer to the left hand column for these steps.

Next, go to the Microsoft Store and install the Microsoft Remote Desktop application using this link.

Open and install the Microsoft Remote Desktop application.
At the top right, click '+ Add' then 'Workspaces'. 
Enter the ZCaaS™ workspace URL by copying and pasting the link below.

Continue logging into the ZCaaS™ session with your credentials.

Enter your ZCaaS™ username and password. Click "Next".
Click the ZCaaS™ icon.
Enter your ZCaaS™ username and password.

Then the ZCaaS™ session will be created.  It can take up to a minute to fully establish the session.  You’ll see the following messages as the session is launched:

Click "OK".

Once the session is launched, you’ll see a Windows 10 desktop and you are on your way!

ZCaaS™ Session Launched

ZCaaS™ Desktop Icons

The ZCaaS™ desktop comes preloaded with the following desktop icons:

ZCaaS™ Desktop Icons

Libre Office: You can use LibreOffice to open and edit documents as well as view and edit PDF files.

File Explorer: You can use the File Explorer to open documents you downloaded onto ZCaaS™ from a cloud file storage solution such as ZCaaS™ SafeShare.  The File Explorer operates just like your daily workstation.

Edge Browser: You can use Microsoft Edge to access any webpage you would normally access from your workstation.  There are a series of bookmarks, saved in the top bookmark bar, to help you get to some of the most common compliance pages.

Bookmarked Sites

ZCaaS™ comes pre-loaded with bookmarks to several commonly used sites for manipulating CUI.  These sites can be accessed from the “ZCaaS Bookmarks” folder in the bookmarks bar of the Edge browser in ZCaaS™:

ZCaaS™ Bookmarks

Session Timeout and Re-establishing Session

After 15 minutes of inactivity, ZCaaS™ will lock your session.  To log back in, reenter your ZCaaS™ password in the box provided.

ZCaaS™ Session Timeout

However, after one (1) hour of inactivity, the session will end and all work and files will be purged from the system.  The best practice if you are finished with the session is to manually disconnect and end the session.  See the instructions in the next section for disconnecting ZCaaS™. 

If you accidentally close the ZCaaS™ window, simply log back in using the ZCaaS™ login link and you will be returned to a ZCaaS™ Desktop.  Please note that closing the session window will result in deletion of unsaved user data.

ZCaaS™ Web Browser Session Ended
ZCaaS™ Remote Desktop Session Ended

Disconnecting from ZCaaS™

To manually disconnect and end the ZCaaS™ session, click the start icon in the lower left-hand corner of the ZCaaS™ session, and click “Disconnect”.

Disconnect from ZCaaS™