Executive Summary
Current infrastructure relies on a single Mac mini with residential internet β creating unacceptable risk for mission-critical operations. This plan implements active-passive redundancy with automatic failover, geographic distribution, and encrypted traffic routing.
Current Risk
HIGH
Single point of failure
Recovery Time
< 15 min
Automatic failover
Data Loss
< 5 min
Real-time sync
Monthly Cost
~$35
VPS + storage
1. Architecture Overview
Primary-secondary topology with automatic DNS failover. All traffic encrypted via VPN mesh.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DNS / LOAD BALANCER β
β (Cloudflare / Route 53) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββ΄ββββββββββββββββ
β β
βββββββββββΌβββββββββββ βββββββββββΌβββββββββββ
β PRIMARY β β SECONDARY β
β (Mac mini) ββββββββββΊβ (VPS/Cloud) β
β Home / Office β Sync β AWS/DigitalOcean β
β β β β
β - OpenClaw β β - OpenClaw β
β - Local files β β - Replicated data β
β - Telegram/Slack β β - VPN endpoint β
ββββββββββββββββββββββ ββββββββββββββββββββββ
β β
β ββββββββββββββββ β
ββββββββββΊβ MONITOR ββββββββ
β (Uptime/ β
β Heartbeat) β
ββββββββββββββββ
1.1 Cloud Provider Comparison
| Provider |
Specs |
Cost/mo |
Best For |
| DigitalOcean |
4GB RAM / 2vCPU |
$24 |
Balance of cost/performance |
| AWS Lightsail |
4GB RAM / 2vCPU |
$20 |
Enterprise integration |
| Linode |
4GB Linode |
$24 |
Simple, reliable |
| Hetzner |
CPX21 |
β¬8.20 |
Cost-conscious, EU privacy |
Recommendation: DigitalOcean (NYC3) β best balance for US-based operations.
2. VPN & Traffic Routing
VPN is critical for protecting API keys, preventing ISP snooping, and securing cloud communication.
2.1 VPN Options
Option A: Tailscale (Recommended)
# Install on both systems
curl -fsSL https://tailscale.com/install.sh | sh
# Authenticate
tailscale up --authkey tskey-auth-...
# Assign static IPs
# Primary: 100.64.1.1
# Secondary: 100.64.1.2
Pros: Zero-config, NAT traversal, free personal use
Cons: Dependency on Tailscale infrastructure
Option B: WireGuard (Self-hosted)
wg genkey | tee privatekey | wg pubkey > publickey
# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = <primary-private-key>
Address = 10.200.200.1/24
ListenPort = 51820
Pros: Fully self-hosted
Cons: Requires static IP or DDNS
Option C: Headscale (Self-hosted Tailscale)
Run your own Tailscale coordination server. Best of both worlds.
3. Risk Profiles for Expansion
| Integration |
Risk Level |
Mitigation Required |
Recommendation |
| Social Accounts |
HIGH |
Vault, MFA, IP whitelist |
Proceed with caution |
| Claude Code |
MEDIUM |
Containerized, limited scope |
Acceptable with controls |
| Banking/Finance |
CRITICAL |
Dedicated VM, hardware token |
Isolate completely |
| Email (Gmail) |
HIGH |
OAuth, app-specific passwords |
Use gog with restrictions |
| Git Repos |
MEDIUM |
Deploy keys, not personal tokens |
Acceptable |
3.1 Banking/Finance: Complete Isolation
Never grant OpenClaw: Trading access, bank transfers, crypto wallet keys, payment processor APIs.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β FINANCE VM (Isolated) β
β - No internet except bank APIs β
β - No OpenClaw integration β
β - Hardware token required β
β - Read-only reporting only β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
β (Monthly manual sync)
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β OpenClaw (Standard operations) β
β - Can READ finance reports β
β - Cannot initiate transactions β
β - No access to finance VM credentials β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
4. Implementation Roadmap
1
Foundation (Week 1)
Provision VPS, install OpenClaw, set up Tailscale VPN, configure basic file sync
2
Automation (Week 2)
Implement health checks, configure DNS failover, set up monitoring, test failover scenario
3
Security Hardening (Week 3)
Enable VPN-only API access, rotate all keys, configure social account vault, implement approval workflows
4
Documentation (Week 4)
Document failover procedures, create runbooks, train on manual recovery, schedule quarterly DR drills
5. Cost Analysis
Monthly Operating Costs
| Component |
Cost |
| VPS (4GB) |
$24 |
| Tailscale |
Free |
| Cloudflare |
Free |
| Storage (100GB) |
$6 |
| Monitoring |
$5 |
| Total |
~$35/mo |
ROI: Prevents 1 day of downtime every 14-57 months to break even. Pays for itself with first prevented outage.
6. Emergency Procedures
Scenario A: Primary Hardware Failure
- Detection: Health check fails 3x (3 minutes)
- Automatic: DNS switches to secondary
- Manual: Verify secondary handling traffic
- Recovery: Repair/replace primary
- Restore: Sync data back to new primary
- Failback: Update DNS, verify
Time to recovery: 15 minutes automatic + 2 hours full restoration
Scenario B: Internet Outage (Primary Location)
- Failover to secondary (already on cloud)
- Access via mobile hotspot for urgent tasks
- Wait for ISP restoration
- Reconcile divergent changes
Time to recovery: 5 minutes
Scenario C: Complete Data Loss
- Restore from backup (S3/Backblaze)
- Decrypt using offline recovery key
- Checksum validation
- Restart OpenClaw services
- Full functionality verification
Time to recovery: 2-4 hours
7. Security Checklist
FAQ
Q: Should I use an EU or domestic VPS provider?
Short answer: Geographic diversity is the main advantage. Everything else is trade-offs.
When EU Hosting Wins
- Geographic Redundancy: Hurricane Sandy took out NYC datacenters. EU survives California earthquakes.
- Privacy: GDPR protection, data shielded from US surveillance
- Cost: Hetzner β¬8.20 vs DigitalOcean $24 (~65% cheaper)
When EU Hosting Loses
- Latency: NYCβNYC ~5ms vs NYCβFrankfurt ~85ms
- Data Transfer: Outbound from EU = $0.09-0.12/GB (+$27-36/mo for 10GB/day)
- GDPR Complexity: Compliance overhead, right-to-be-forgotten requests
- Support Hours: Hetzner = CET business hours (3AM EST issue = wait until morning)
Recommendation
| Scenario |
Choice |
| You + Primary = US |
DigitalOcean NYC β DigitalOcean SFO |
| US + EU customers |
DigitalOcean NYC β Hetzner Frankfurt |
| Privacy paranoid |
Hetzner (German privacy laws) |
| Cost optimization |
Hetzner (65% cheaper) |
Bottom line: For US-based operations, same-provider coast-to-coast redundancy beats cross-continent complexity unless you specifically need EU presence.
Q: What happens if both primary and secondary fail?
This is the "what if the internet dies" scenario. Recovery depends on backup storage:
- S3/Backblaze B2: Restore to any new machine with internet
- Offline backup: Encrypted USB drive stored offsite
- Recovery time: 2-4 hours from cold start
Q: Do I really need a VPN if both nodes are mine?
Yes. Three reasons:
- API keys in transit: Without VPN, credentials travel over public internet
- ISP snooping: Traffic patterns reveal operational intel
- Automatic encryption: Tailscale/WireGuard encrypts everything by default
Cost: $0 (Tailscale free tier). Risk without: Unknown but non-zero.
Q: Can I use this for client work or is it personal only?
This scales to client work with modifications:
- Per-client isolation: Separate VMs or containers per client
- Data residency: Ensure client data stays in their required jurisdiction
- Audit logging: Immutable logs of all agent actions
- SOC 2 prep: Document controls, access reviews, incident response
Next Steps
- Review this plan β Schedule 30-min discussion
- Select VPS provider β DigitalOcean recommended
- Provision secondary node β Week 1 goal
- Test failover β Verify RTO/RPO targets
- Document lessons learned β Update runbooks