Private cloud vaults for D2C - x360Recover

Feb 2021

Written By Tami Sutcliffe (Super Administrator)

Updated at June 16th, 2022

Private Cloud vaults for Direct-to-Cloud

x360Recover release 10.6.1 now supports Direct-to-Cloud backups on your self-hosted private cloud vaults. 

Enable this feature to provide all the functionality of Axcient-hosted D2C (Direct-to-Cloud)  backups.


Hosting Direct-to-Cloud backups on your self-hosted vaults has some requirements above and beyond those of normal vault operation. 

Firewall ports

Additional services will be running to receive backup data, so additional firewall ports will need to be opened. 

The following firewall ports must be opened from the internet to your vault:

  • TCP 80 (Http)
  • TCP 443 (Https/TLS)
  • TCP 9079 (Thrift/TLS - Endpoint Manager)
  • TCP 9082 (Thrift/TLS – Cloudserver)
  • TCP 9090 (Thrift/TLS – Backup Manager)

Static, public IP address and public DNS ‘A’ record 

Also, your vault will require a static, public IP address and a public DNS ‘A’ record to provide the Fully Qualified Domain Name (FQDN) address of the vault.

Note: Ensure that your vault is assigned a public Static IP address and has a DNS ‘A’ record created.  Direct-to-Cloud mode requires that the vault be assigned a valid publicly trusted certificate, and certificates cannot be assigned to a simple IP address.  (Certificate management is handled automatically by the system.)

How to enable Direct-to-Cloud on private vaults

Once you have satisfied the prerequisites for firewall ports, IP address and DNS records, you may enable Direct-to-Cloud functionality.  

1. Login to the vault and navigate to System Settings -> Direct to Cloud

2. Click the check box for Enable Direct to Cloud.


3. Enter a valid FQDN address for the vault and click Get Certificate.

Note: You CANNOT use a simple IP address. You must enter a valid domain URL that is publicly accessible from the internet in order for certificate generation to be completed.  Direct-to-Cloud cannot operate without a valid, publicly trusted certificate.

4. If the certificate registration is completed successfully, click Save to commit the settings.


Certificate registration is provided by Let’s Encrypt, a free public certificate signing service that is widely accepted and is supported by the x360Recover agent. 

Successful signing requires that both HTTP and HTTPS (ports 80 and 443) be opened on the firewall, and that both are accessible to the Let’s Encrypt servers using the FQDN name specified. 

Once the certificate is obtained and settings are saved, Direct-to-Cloud services are now available for this vault. 

Locate the Direct-to-Cloud agent installer DOWNLOAD links on the User page to begin deploying agents.


For more details on configuring and deploying Axcient, refer to this knowledgebase article:


SUPPORT  | 720-204-4500 | 800-352-0248  

  • To learn more about any of our Axcient products,  sign up for free one-on-one training.
  • Please contact your Partner Success Manager or Support if you have specific technical questions.
  • Subscribe to the Axcient Status page for a list of status updates and scheduled maintenance.