Sikurd

3CX disaster recovery, proven — not promised.

Most 3CX 'backups' are never restore-tested, so you only find out they fail on the day you need them. Sikurd keeps off-site immutable backups of every PBX, actually restores them on a sealed golden image, and hands you a tamper-evident certificate that says your phone system will come back.

Start free — 3 instances See the restore certificate

Off-site backups and restore testing included free for your first three instances. No credit card.

Most 3CX “disaster recovery” is a backup nobody has ever restored

Ask an MSP if they have disaster recovery for their 3CX fleet and the answer is almost always “yes, we take backups.” Ask when those backups were last restored— actually brought back to life on a working server — and the room goes quiet. A backup is not a disaster-recovery plan. It's a file, and a file you have never restored is a promise you have never kept.

Every backup tool will happily report “success.” What almost none of them tell you is whether that archive would actually restore if a server died, a disk corrupted, or ransomware swept through. A truncated archive, a silent bit-flip in storage, a backup of an already-broken configuration — they all report green. You discover the truth on the worst possible day: a customer's phones are down, the clock is running, and the restore fails.

That is the disaster recovery gap. Not the absence of backups — the absence of proof those backups recover. Sikurd was built to close it.

A backup you can't restore is worthless. So on a rotating schedule we take a real backup and actually restore it onto a throwaway server that's completely sealed off from the internet and from your live system — nothing about the test can touch your real PBX. We confirm the restore completed, count what came back, and issue a tamper-evident certificate with a unique ID and a public verification page. Your IT provider is emailed every result, pass or fail.

How Sikurd delivers disaster recovery for 3CX

Proven recoverability is the whole point, so Sikurd's DR is built in four layers — each one designed to be defensible, not just reassuring.

1. Off-site, immutable backups of every PBX

Every instance is backed up off-site into object-locked, immutable cloud storage(Backblaze B2), encrypted per tenant with authenticated AES-256-GCM. Immutable means the backup can't be silently overwritten or deleted — including by ransomware that compromises a connected system. Your last good backup is somewhere your disaster can't reach.

2. Air-gapped restore tests on a golden image

On a rotating schedule, Sikurd takes a real backup and actually restores it onto a brand-new server cloned from a golden 3CX image — a known-good baseline. That server is air-gapped: sealed off from the public internet and from your production network. It runs the official 3CXRestoreCmd — the same restore tool 3CX ships — and confirms from the restore log that the restore completed. Then it destroys the throwaway server. Your live PBX is never touched.

3. Tamper-evident restore certificates

Each successful restore test produces a tamper-evident certificate with a unique verification ID and a public page anyone can open. Certificates are hash-chained — each links to the previous verification for that instance, so altering a single character of any stored field breaks the chain and flips the badge to FAILED. Your IT provider is emailed every result, pass or fail. This is the artifact you hand an auditor, a client, or your own future self.

4. Fast, predictable restore when it counts

Because your backups are off-site, immutable, and already proven to restore, real recovery becomes a known quantity instead of an open-ended emergency. Sikurd records how long each restore test took, so your recovery-time expectations are grounded in measured restore times — not a hopeful guess scribbled in a runbook.

  • Off-site immutable backups
    Every PBX backed up into object-locked storage, encrypted per tenant — unreachable by ransomware or accidental deletion.
  • Air-gapped restore testing
    Real backups restored onto a sealed, golden-image server on a rotating schedule, using the official 3CX restore tool. Your production system is never touched.
  • Tamper-evident certificates
    Every restore test certified with a unique ID, a public verification page, and a hash chain that breaks if anything is altered.
  • Measured, predictable recovery
    Recorded restore times turn RTO from a guess into a number you can stand behind.

The honest framing we hold ourselves to: continuously verified, and restore-tested on a rotating schedule — roughly every 30 days per instance. Any vendor claiming to fully restore-test everybackup is either redefining “restore” or stretching the truth. The full mechanics live on the Verified Backups page.

RTO and RPO for 3CX, in plain English

Disaster-recovery conversations drown in acronyms. Here are the only two that matter, in language you can repeat to a customer without a glossary:

Here's the part most DR pitches skip: an RTO is fiction if the backup doesn't restore. You can promise a four-hour recovery, but if the archive is corrupt you have an RTO of never. That is exactly why Sikurd's disaster recovery is built on tested backups — a certified, restore-proven backup turns recovery into a predictable window instead of a gamble, and the recorded restore time gives you a real number to put in the SLA.

The restore certificate: audit-ready proof your 3CX recovers

When a client's compliance team, an insurer, or your own QA asks “prove your disaster-recovery actually works,” a screenshot of a green backup job isn't evidence. A Sikurd restore certificate is. Every restore test produces one: it names the instance and 3CX version, when the backup was created and when it was restore-tested, how long the restore took, the backup size, and the full archive SHA-256. It lists what came back — call records, recordings, extensions, trunks, queues, ring groups and inbound rules — production against the restored backup, with the hash chain resolving to AUTHENTIC and a QR code to the live verification page.

We're deliberately careful about what a certificate claims. Call-history and recording counts are read straight from the backup's own data. Configuration counts — extensions, SIP trunks, call queues, ring groups and inbound rules — are certified as of the backup date, because the configuration inside a 3CX backup is encrypted and represents the moment the backup was taken. If production has legitimately changed since, the certificate shows a neutral result rather than a misleading mismatch. The numbers mean exactly what they say.

See a real, field-by-field example — including the sample certificate — on the Verified Backups page.

Disaster recovery across every customer PBX, from one console

For an MSP, disaster recovery isn't one server — it's dozens of customers, each trusting you with their phones. Doing DR one PBX at a time, by hand, doesn't scale, and the instance you forgot to test is the one that fails. Sikurd runs disaster recovery for your entire 3CX fleet from a single pane of glass: every customer's off-site backups, verification status, and latest restore certificate in one place.

You see at a glance which instances have a fresh, restore-proven backup and which need attention. New customers inherit the same proven DR the moment you connect them — no per-site project, no bespoke runbook. And because billing is per instance with no tiers or feature gating, disaster recovery isn't an upsell you have to gate behind a plan — it's included for every PBX you manage, with your first three instances free forever.

DR is one capability of the broader Sikurd platform — one console to monitor, manage and verifiably back up every 3CX server you run. MSPs already using Sikurd to monitor 3CX at scale get fleet-wide disaster recovery in the same place they watch trunks and health.

  • Fleet-wide DR view
    Every customer's backup and restore status in one console — no instance forgotten.
  • Proven DR on day one
    Connect a new customer and they inherit the same off-site, restore-tested protection immediately.
  • Included, not gated
    Per-instance billing, no tiers — disaster recovery ships with every PBX you manage.
  • Client-ready evidence
    Hand each customer a certificate that proves their phone system is recoverable.

Frequently asked questions

How do I set up 3CX disaster recovery?
Connect each 3CX instance to Sikurd and disaster recovery runs on its own. Every PBX is backed up off-site into immutable cloud storage, every backup is continuously integrity- and archive-verified, and on a rotating schedule a real backup is restored onto a sealed, air-gapped server to prove it actually comes back. You don't build runbooks or babysit a test lab — you connect the instance, and the proof arrives as a certificate. Your first three instances are free, so you can stand up real DR for a customer in minutes.
Does 3CX have disaster recovery?
3CX ships a backup-and-restore tool and supports failover on some editions, but it does not give you proven, off-site, multi-tenant disaster recovery. There's no automatic off-site immutable copy of every customer's backup, no scheduled restore testing to confirm those backups actually restore, and no certificate proving it across a fleet. Sikurd adds that layer on top of 3CX: off-site immutable backups, air-gapped restore tests on a rotating schedule, and tamper-evident certificates for every PBX you manage.
How often should I test 3CX backups?
Every backup should be verified continuously (integrity at capture plus an always-on archive check), and a full restore test — actually restoring the backup onto a throwaway server — should run on a recurring rotation. Sikurd restore-tests each instance on a rotating schedule of roughly every 30 days, because a real restore spins up a whole sandbox VM. Testing only when disaster strikes is how MSPs discover a backup was never recoverable at the worst possible moment.
What's a good RTO and RPO for 3CX?
RPO (how much data you can afford to lose) is set by how often you back up — daily backups mean at most about a day of call history and config at risk, and you can back up more frequently for a tighter RPO. RTO (how fast you're back up) for 3CX is driven by how quickly you can restore the latest known-good backup onto a working server. The number that actually matters is whether that backup restores at all: a tested, certified backup turns recovery into a predictable restore window instead of an open-ended emergency. Sikurd records how long each restore test took, so your RTO estimate is grounded in real restore times, not a guess.
Can the restore test affect our live 3CX system?
No. The restore runs on a brand-new server cloned from a golden 3CX image that is air-gapped — sealed off from the public internet and from your production network. It never connects to your live PBX, never registers a device, and never places a call. When the test finishes, the throwaway server is destroyed, so nothing about disaster-recovery testing can disrupt the phone system it's protecting.
Is disaster recovery a separate paid tier?
There are no tiers and no feature gating. Your first three instances are free forever, with off-site backups and restore testing included. Beyond that you pay a simple per-instance price — every capability, including verified disaster recovery, is available to every account.

Disaster recovery is part of the Sikurd platform — one console to monitor, manage and verifiably back up every 3CX server in your fleet, billed simply per instance. Dig into the proof on the Verified Backups page, see how pricing works, or read the wider 3CX fleet-management landscape.

Give every customer DR you can actually prove.

Connect an instance and Sikurd starts protecting it immediately — off-site immutable backups, continuous verification, and a real restore test on a rotating schedule, all from one console. Your first three instances are free, forever.

Start Free

Disaster recovery included. No credit card, no sales call.

3CX Resources

Compare Sikurd