ZCaaS™ Documentation

Browse Zero Client as a Service™ frequently asked questions.

zcaas-laptop-blue

What is ZCaaS™?

zcaas-desktop

Zero Client as a Service (ZCaaS™) is a quick-booting secure enclave for Federal government contractors to work with Controlled Unclassified Information (CUI) without having to worry about implementing challenging cybersecurity requirements such as hardening or monitoring. Any sensitive information handled within ZCaaS is isolated only to the cloud, therefore negating the need to implement the required cybersecurity controls within a contractor's local environment. This results in considerable cost savings, especially for small- and micro-sized contractors who must meet NIST SP 800-171/CMMC Level 2 requirements but lack the resources to do so.

Please refer to zcaas.totem.tech for more information.

 


How is ZCaaS™ secure?

ZCaaS™ is a virtual ephemeral Windows 10 in the Azure Government Cloud built on Microsoft’s Azure Virtual Desktop (AVD) service. All CUI handled within the ZCaaS™ enclave is purged once the user ends their session. Files are stored long-term and shared externally through Totem SafeShare™, powered by Keeper Security or Cocoon Data in the Amazon Web Services (AWS) GovCloud.

ZCaaS™ is powered by two of the leading secure cloud services: Microsoft Azure Government and Amazon Web Services (AWS) GovCloud technologies.  Azure Government and GovCloud are both SOC 2 attested and hosted in a FedRAMP High Authorized environment.

The ZCaaS™ concept is based on the now-defunct DoD Trusted End Node Security (TENS) program.

TENS was designed to allow DoD remote-working employees to login to DoD-controlled networks from their unmanaged personal devices.  However, TENS relied on booting a workstation from DVD or USB, which required some reconfiguration of the workstation and took several minutes to boot (at a minimum).  Also, the TENS boot media by its nature contained a limited set of drivers, and so only worked on limited workstation makes and models.  ZCaaS™ provides the same security features as TENS without the limitations.

Please contact Support if you are interested in learning more about the ZCaaS™ security features.


How do I access ZCaaS™?

Please refer to our tutorial video on accessing ZCaaS™ here.

When signing into ZCaaS™ for the first time, please use the web URL provided within the Welcome to ZCaaS email. If you cannot locate this email, please contact Support. After you have signed into ZCaaS™ using the web URL, you may also use the Microsoft Remote Desktop application to connect to ZCaaS™. You can download this app from either the Microsoft Store (Windows) or from the Apple App Store (MacOS).

To connect via the Remote Desktop app:

  • Select the “+ Add” button in the upper right corner, then select “Workspaces”
  • Paste into the “Email or Workspace URL” field the URL specified in the Welcome to ZCaaS email

Note that while neither method for accessing ZCaaS™ is presently required, the Remote Desktop application does offer more advanced functionalities, and therefore future iterations of ZCaaS™ may require use of the app rather than the web URL. Users may experience greater ease of use when connecting to ZCaaS™ via the Remote Desktop app compared to the web.


How many users can I have in ZCaaS™?

A ZCaaS™ subscription includes 10 user accounts. Additional users can be added for a monthly fee; please refer to our ZCaaS™ pricing.

 


How do I add a new user in ZCaaS™?

Please contact Support to add additional users to ZCaaS™.

 


Where is my ZCaaS™ System Security Plan (SSP)?

zcaas-totem

Your ZCaaS™ SSP lives within the Totem™ CCM tool (see image above), which you receive access to as part of your ZCaaS™ subscription. Subscribers receive a customized SSP that describes, in detail, the NIST 800-171/CMMC Level 2 requirements satisfied by ZCaaS™, as well as the deficient safeguards that still must be addressed. If you have lost access to Totem™, please contact Support.

 


Do I need to use ZCaaS™ to access the Totem™ CCM tool?

No. Since no Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) is ever intended to be stored within Totem™, as it is meant to be used for building and maintaining your compliance documentation (such as your SSP and POA&M), it is not necessary to access Totem™ through the ZCaaS™ enclave. You can use any standard web browser to access Totem™.

 


I forgot my username/password. What can I do?

If you forget your ZCaaS™ username or password, please contact Support.

 


I need to reset my MFA. What can I do?

If you need to reset your MFA to access ZCaaS™, please contact Support.

 


Why is my username for ZCaaS™ different from my Totem™ login?

At this time, the underlying Microsoft architecture does not yet support external identities for ZCaaS™. Once available, Totem Tech plans to integrate a Single Sign-On (SSO) across ZCaaS™, Totem™, and Totem SafeShare™. Until then, users will maintain separate accounts when accessing the platforms.

 


Is the Microsoft Remote Desktop application required to use ZCaaS™?

No. However, the Remote Desktop application does offer more advanced functionalities, and therefore future iterations of ZCaaS™ may require use of the app rather than the web URL. Users may experience greater ease of use when connecting to ZCaaS™ via the Remote Desktop app compared to the web.

 


How do I view my email while signed into ZCaaS™?

To view email while signed into ZCaaS™, such as to retrieve a CUI file sent to you via DoD SAFE, you can sign into your preferred email service via the Microsoft Edge browser.

For instance, to sign into Microsoft Outlook via the web, in your ZCaaS™ browser, navigate to https://outlook.office.com/ and sign in using your preferred account.

 


I can't hear any sound from within ZCaaS™, what do I do?

To facilitate the highest standard of CUI protection, we block many file transfer and console connection capabilities like Copy/Paste.  This includes sound transfer. 

 


I forgot to save a document when I signed out. Can I get my file back?

Unfortunately, no. Once a file has been purged from ZCaaS™, it is permanently deleted.  We encourage all users to leverage Totem SafeShare™ or similar cloud storage services as there is no persistent storage associated with ZCaaS™ by design. 

 


I have software that I would like installed in ZCaaS™. Is this possible?

Potentially. Please contact Support and we will review your request.

 


My Common Access Card (CAC) isn't working. What do I do?

Although we install the functionality for the most common CAC readers into ZCaaS™, some less common or manufacturer-installed CAC readers may not be included. Please contact Support if your CAC is not working so that we can gather additional information. Note that adding new CAC readers to ZCaaS™ may take up to 45 days due to the patch cycles.

 


I can't load a specific government webpage. What do I do?

Some government websites do not support the virtualization technology we use in ZCaaS™.  This can result in unstable or inconsistent loading for some specialized government webpages.  We are working with our government counterparts to resolve as many of these as we can but are, unfortunately, unable to resolve all the issues.  If you encounter one of these pages, please contact Support and we will investigate the issue. 

 


How do I access DoD SAFE?

dod-safe

To access DoD SAFE within the ZCaaS™ enclave, open up the Microsoft Edge browser. Select the ZCaaS Bookmarks folder, and select DoD SAFE. Or, in your ZCaaS™ browser, navigate to https://safe.apps.mil/.

 


How do I access Totem SafeShare™?

safeshare-browser

To access SafeShare™ within the ZCaaS™ enclave, open up the Microsoft Edge browser. Select the ZCaaS Bookmarks folder, and select ZCaaS SafeShare. Or, in your ZCaaS™ browser, navigate to https://access.govcloud.cocoondatacloud.com.


How do I transfer and edit files using DoD SAFE and Totem SafeShare™?

Please refer to our tutorial video here.