Glossary

This glossary provides definitions for key terms and concepts used across the oneclick™ platform.

---

A

Acting-as Mode An admin functionality that allows administrators to access applications in the role of a specific user, for troubleshooting and support purposes.

Active Directory (AD) A directory service used for authentication and user management. oneclick™ supports integration with on-premises Active Directory for credential synchronization and single sign-on.

Admin Session A special administrative connection to a destination that is independent of CAL licenses. Used for maintenance and troubleshooting without consuming user licenses.

Administrator Role A role with full administrative rights across the oneclick™ platform. Administrators are typically assigned to the "Administrators" group and can manage users, resources, policies, and configurations.

API See oneclick™ API.

App Configuration A set of settings that defines how a destination or resource is accessed. Access types include entire desktop, single program (Remote App), web application, shell/console, or published app.

App Instance A user- or group-specific assignment of an app configuration. It includes configured credentials, destination settings, and determines how a specific user or group accesses a particular resource.

App License A license that enables the assignment of resources and applications to users. Available as Standard or High Performance tiers.

App Tile The visual representation of an application on the oneclick™ Desk. Each tile displays the app name, color, and controls such as settings and power switches.

Autoscaling The automatic creation and deletion of virtual machines based on current load. Requires a base VM and a Golden Image to function. Configured through event profiles.

Availability Zone A data center zone within a cloud provider region. Used for VM placement and redundancy planning when creating cloud resources.

B

Bandwidth A network performance metric that affects oneclick™ Streaming quality and user experience. Higher bandwidth enables better resolution and responsiveness in remote sessions. The oneclick™ Streaming protocol dynamically adjusts compression based on available bandwidth.

Base VM / Master VM The template virtual machine used as the source for autoscaled clone systems. The base VM serves as the reference image from which new instances are created during autoscaling.

Basic User License A user license tier that grants access to exactly one application. Includes optional mounted Hybrid Drive access (without the Hybrid Drive App) but does not provide desktop access or administrative rights.

C

CIDR (Classless Inter-Domain Routing) A network address range notation used to define subnets when creating networks in cloud subscriptions.

Clipboard The copy/paste functionality between a local device and a remote session. Can be enabled or disabled per app configuration or through policies.

Clone System An automatically created instance of a base VM during autoscaling. Clone systems are provisioned and removed dynamically based on load demand.

Cloud Bursting The dynamic scaling of resources across multiple cloud providers to handle peak demand. In oneclick™, this is enabled by the multicloud architecture, allowing workloads to spill over from one connected cloud subscription to another when capacity limits are reached.

Cloud Manager See oneclick™ Cloud Manager.

Cloud Resources Virtual machines and infrastructure managed through cloud providers that are connected to the oneclick™ platform.

Cloud Subscription A license type that allows the creation and management of cloud infrastructure from supported providers such as Azure, AWS, 1&1 IONOS, Vultr, and others.

Concurrent Usage Simultaneous application access by multiple users. Relevant for group licensing, where billing is based on the number of concurrent users.

Contact Persons Administrative contacts listed in the user interface, providing users with information on who to reach for system support.

CSV Import A bulk user import functionality that allows administrators to create multiple user accounts at once by uploading a CSV file with user data.

Customer In the Marketplace context, a sub-account created for reseller or hosting scenarios. Customers are managed through the Marketplace license and can have their own users and resources.

Customer Admin An administrative role for customer or reseller accounts, providing management rights within the scope of a specific customer division.

D

DaaS (Desktop-as-a-Service) The desktop delivery model used by oneclick™, providing virtual desktops and applications as a managed cloud service.

Destination A single virtual machine, server, or accessible resource. A destination can be a cloud VM or an on-premises machine connected to the platform.

Destination Pool A collection of related destinations grouped together for centralized management and delivery. Destination pools are used to organize resources and enable features like load balancing.

Division A separately managed business unit within the oneclick™ platform, such as a company, location, or department. Each division has its own cost center and can manage its own infrastructure independently.

Desk See oneclick™ Desk.

DLP (Data Loss Prevention) Security controls that prevent unauthorized data transfer from remote sessions. In oneclick™, DLP is enforced through policies that manage clipboard access, file transfer permissions via Hybrid Drive, and printing restrictions.

Domain Controller An Active Directory infrastructure component used for managing domain membership, particularly relevant in autoscaling scenarios where clone systems need to join a domain automatically.

E

Entire Desktop An access type in app configurations that provides full virtual desktop access via RDP or VNC, giving users a complete Windows or Linux desktop experience.

Entra ID Microsoft's identity service (formerly Azure AD). oneclick™ supports Entra ID integration for authentication, user synchronization, and single sign-on.

Event Profile A scheduled automation rule for time-controlled actions on virtual machines. Supports actions like start/stop, process execution, and autoscaling triggers.

F

Firewall / WAF (Web Application Firewall) A network security layer providing traffic filtering and DDoS protection for cloud resources. Managed through network security groups and cloud provider settings.

Force Scale Down An autoscaling setting that allows the system to terminate active user sessions in order to scale down and remove virtual machines when demand decreases.

FSLogix A Microsoft profile management solution used for roaming profiles and application layering. Supported within oneclick™ environments for persistent user settings.

G

Gateway See oneclick™ Gateway.

Golden Image A template virtual machine that resets to its original state on each restart. Used for training environments, temporary workspaces, and as the base for autoscaling.

Grace Period A configurable time window that allows processes like profile attachment or session initialization to complete before new user sessions are started on a destination.

Group A user organization unit that enables collective assignment of policies, app instances, and licenses. Groups can be used for group licensing (pay-per-use).

Group License (Pay-Per-Use) A usage-based licensing model where charges are based on the number of concurrent users within a group during peak monthly usage.

H

Hybrid App Share A shared folder on Hybrid Drive that is accessible from virtual desktops within a Professional workspace.

Hybrid Drive A mounted file transfer solution that enables drag-and-drop data exchange between local end devices and virtual resources. Available as a mounted drive for all license types and as a dedicated app (Hybrid Drive App) for Professional users.

Hybrid Drive App A dedicated application within the Professional workspace for managing files on Hybrid Drive. Provides advanced file management features including integration with external storage services. Only available with Professional User Licenses.

Hybrid Printer A print solution that enables printing from remote sessions to local printers. Available in two versions: V1 generates a PDF for download, V2 provides direct printer integration through the browser.

I

IaaS (Infrastructure-as-a-Service) A cloud provider model where infrastructure resources (VMs, storage, networking) are provided on demand. oneclick™ connects to IaaS providers to manage and deliver resources.

IDS/IPS (Intrusion Detection/Prevention System) Security systems integrated into the oneclick™ infrastructure that monitor network traffic for suspicious activity and can automatically block threats. Part of the platform's multi-layered security architecture protecting cloud resources and user sessions.

Idle Shutdown The automatic shutdown of a virtual machine when no users are actively connected, helping to reduce resource consumption and costs.

Image A custom virtual machine template created from a fully configured VM. Images can be reused to deploy new destinations with identical configurations.

Instance A virtual machine type or flavor with defined CPU and RAM specifications, as offered by cloud providers.

Internal Website/App An access type that delivers browser-based internal web applications within an isolated container, with optional single sign-on support.

IP Whitelisting/Blacklisting An access control mechanism that restricts or allows connections based on IP addresses. Configured through policies.

ISV (Independent Software Vendor) A software vendor that uses oneclick™ as a delivery platform for their applications.

K

Keyboard Shortcuts System hotkeys available in full-screen mode during remote sessions. Full-screen mode enables standard operating system keyboard shortcuts to pass through to the remote session.

L

Latency A network performance metric measuring the delay between user input and remote session response. Low latency is critical for a smooth oneclick™ Streaming experience. The platform's global infrastructure and protocol optimizations help minimize latency for end users.

Load Balancing The dynamic distribution of users across multiple servers based on metrics such as CPU usage, RAM utilization, and active user count. Configured within destination pools.

Load Metrics Performance data including CPU usage, RAM utilization, and active user count, collected from destinations via the Windows Exporter. Used by the load balancing algorithm to distribute users.

M

Maintenance Mode A feature that temporarily blocks user access to a destination while keeping it visible. Administrators can display a custom maintenance notice to inform users about the downtime.

Marketplace The oneclick™ software licensing and purchasing system. Enables bundled application delivery and customer management for resellers and hosting providers.

Marketplace License A license that enables the Marketplace functionality, allowing the creation and management of customers and bundled software offerings.

Mesh See oneclick™ Mesh.

Mesh Client Software installed on destination devices to enable oneclick™ Mesh connectivity. Required for connecting on-premises resources through the mesh network.

MSP (Managed Service Provider) A service provider that implements and manages oneclick™ solutions for their customers.

Multi-Monitor Support The ability to display remote sessions across multiple monitors. Browser-based streaming supports up to four monitors.

Multicloud The simultaneous use of multiple cloud providers within the oneclick™ platform, enabling flexible resource deployment and redundancy.

N

Network Virtual network infrastructure created within cloud subscriptions for organizing and connecting cloud resources.

Network Security Group (NSG) Firewall rules that control incoming and outgoing traffic for cloud resources. Configured per network or resource within cloud subscriptions.

Nextcloud A cloud storage solution that can be integrated within the Hybrid Drive App for file sharing and collaboration.

Notifications Status messages displayed to users about system events such as VM start/stop, settings changes, or maintenance windows.

O

oneclick™ API The platform API that enables automation and integration of all oneclick™ functions through programmatic access.

oneclick™ Cloud Manager The management system for creating, provisioning, and managing infrastructure resources from connected cloud providers.

oneclick™ Customer Number A unique identifier assigned to each division or customer account. Found in the division tile ID and used for support and billing purposes.

oneclick™ Desk The central hub for Professional users, providing a unified workspace with access to multiple applications, Hybrid Drive, and personalization options.

oneclick™ Gateway A centrally managed connection solution that provides secure access to remote resources via native RDP clients without using browser-based streaming.

oneclick™ Marketplace See Marketplace.

oneclick™ Mesh An encrypted mesh networking technology that connects devices without requiring public IP addresses. Uses UDP hole punching for direct connections and relay services as fallback.

oneclick™ Streaming A browser-based protocol for secure remote access to desktops and applications. Features dynamic compression and session reliability for optimal performance.

oneclick™ Workspace The overall access environment in which users work, encompassing either a single application interface (Basic) or a unified desktop experience (Professional).

Overall Limit A restriction on the total number of simultaneous app connections across all users for a given app instance.

P

Peak Usage The highest number of concurrent users recorded during a billing period. Used as the billing metric for group licenses (pay-per-use).

Per User Limit A restriction on the number of simultaneous app connections an individual user can have for a given app instance.

Policy A set of security and access control rules applied to users or groups. Policies can enforce two-factor authentication, IP restrictions, allowed login methods, clipboard permissions, and other security settings.

Port 3389 The default RDP port used for cloud resource connections.

Port 9182 The port used for load balancing monitoring on destination servers.

Port Forwarding A connection method for accessing resources that are available through network routers, where traffic is forwarded from a public port to an internal resource.

Process An automated Windows task that can be executed on destinations. Requires WinRM preparation on the target machine and can be triggered manually or through event profiles.

Professional User License A user license tier providing full access to oneclick™ Desk (Unified Workspace), multiple applications, Hybrid Drive with 1-50 GB storage, Hybrid Drive App, and profile customization options.

Profile Container User profile storage managed via FSLogix, ensuring persistent user settings across sessions and servers.

Public Website/App An access type that delivers external web resources within an isolated container in the oneclick™ workspace.

Published App See Remote App.

Q

Quota Resource limits (CPU, RAM, storage) defined per cloud subscription. Quotas determine the maximum resources that can be provisioned within a subscription.

R

RDP (Remote Desktop Protocol) A Microsoft protocol used for desktop and application access. Supports multiple encryption methods including NLA (Network Level Authentication) and TLS.

RDS (Remote Desktop Services) A Microsoft suite for remote desktop and application delivery. oneclick™ leverages RDS infrastructure for multi-user environments.

RDS CAL/SAL (Client Access License / Subscriber Access License) Microsoft licensing required for Remote Desktop Services access. Each user connecting to an RDS environment needs a valid CAL or SAL.

RDSH (Remote Desktop Session Host) A multi-user Windows Server environment that hosts published applications and shared desktop sessions. Used for Remote App delivery.

Registration Link An email invitation sent to users to onboard them into the oneclick™ workspace. Users follow the link to set up their account and access their assigned applications.

Relay Service A fallback routing mechanism through oneclick™ servers, used when direct peer-to-peer mesh connections cannot be established.

Remote App A single application delivered to users without full desktop access. Uses RDSH infrastructure to run individual programs in a seamless window. Also referred to as Published App.

Reset Credentials A function that allows users or administrators to update stored login credentials when passwords have changed, ensuring continued access to destinations.

Roaming Profile User settings and preferences that follow a user across different resources and sessions, typically managed through FSLogix profile containers.

Role A permission bundle that defines administrative and user rights across various platform areas. Roles specify read, create, edit, and delete permissions for different sections of the platform.

S

Scale Out / Scale In Autoscaling actions that create (scale out) or remove (scale in) virtual machine instances based on current demand and configured thresholds.

Shell/Console An access type that provides command-line access to resources via SSH. Used primarily for Linux servers and network devices.

SIEM (Security Information and Event Management) A security monitoring system used within the oneclick™ infrastructure to collect and analyze log data from platform components, user sessions, and cloud resources for threat detection and compliance reporting.

Single License (Pay-Per-License) An individual license allocation model where each license is assigned to a specific user or group.

Single Sign-On (SSO) Authentication integration that allows users to access oneclick™ using credentials from identity providers such as Entra ID, Okta, or Active Directory.

SOC (Security Operations Centre) A managed security monitoring service that provides continuous surveillance and incident response for the oneclick™ platform. The SOC monitors infrastructure, detects anomalies, and ensures rapid response to security incidents.

SSH (Secure Shell) A protocol for secure command-line access to remote servers. In oneclick™, SSH is used as the connection protocol for the shell/console access type in app configurations, enabling administrators and users to manage Linux servers and network devices.

SSL/TLS Encryption protocols that secure all communications between end-user devices and the oneclick™ platform, including streaming sessions, API calls, and administrative access. All oneclick™ connections are encrypted by default.

Status Page The public system status monitoring page at status.oneclick-cloud.com, providing real-time information about platform availability and incidents.

Sticky Sessions A session persistence feature that allows users to reconnect to the same server within a defined timeframe, ensuring continuity of their work session.

Stored Credentials Saved login information (username and password) within an app instance that enables automatic authentication when connecting to a destination.

Streaming See oneclick™ Streaming.

Support Access A permission that allows parent division administrators to access systems within child divisions for maintenance and troubleshooting purposes.

Sync State An action that refreshes the virtual machine status from the cloud provider, ensuring the oneclick™ platform reflects the actual state of cloud resources.

T

Terminal Services Session-based multi-user server infrastructure. The foundational technology behind RDSH and published application delivery.

Thin Client A lightweight endpoint device running oneclick™ OS, designed specifically for accessing remote workspaces without local processing requirements.

TOTP (Time-based One-Time Password) A time-synchronized authentication code used for two-factor authentication. Generated by authenticator apps and valid for a short time window.

Two-Factor Authentication (2FA/MFA) Multi-factor authentication requiring a second verification step beyond username and password. Supported methods include TOTP, SMS, email, and hardware tokens.

U

UDP Hole Punching A NAT traversal technique used by oneclick™ Mesh to establish direct peer-to-peer connections between devices without requiring public IP addresses.

Unified Workspace The Professional user interface displaying multiple application tiles, Hybrid Drive, and personalization options. Synonymous with oneclick™ Desk.

User License An account license granting workspace access. Available in Basic and Professional tiers with different feature sets.

User Role The standard user role with no administrative rights. Users can access assigned applications and are members of the "All Users" group by default.

V

VNC (Virtual Network Computing) A protocol for remote desktop access, primarily used for Mac end devices. Provides graphical desktop sharing but is generally less performant than RDP.

VPN IPsec Site-to-site VPN connectivity using IKEv1 or IKEv2 protocols. Used to integrate on-premises networks with cloud resources managed through oneclick™.

W

Webcam/Microphone Support Peripheral device integration that enables the use of local webcams and microphones within remote sessions, supporting applications like Microsoft Teams and Zoom.

Weighting Factor A priority value (on a 0-10 scale) assigned to individual load balancing criteria (CPU, RAM, user count). Determines how heavily each metric influences the distribution of users across servers.

White-label Complete customization of the oneclick™ platform appearance, including login pages, branding, colors, and logos. Enables service providers to offer oneclick™ under their own brand.

Windows Exporter A monitoring component automatically installed on destinations within a load balancing pool. Collects performance metrics (CPU, RAM, user count) used by the load balancing algorithm.

Workspace See oneclick™ Workspace and Unified Workspace.

Workspace Appearance User preferences for customizing the oneclick™ Desk, including background images, tile arrangement, and display settings. Available to Professional users.

X

XDR (Extended Detection and Response) A threat detection and response system integrated into the oneclick™ security architecture. Combines data from multiple security layers (network, endpoint, identity) for comprehensive threat visibility across the platform and connected cloud resources.