Deployment Options
Deployment should align to enterprise controls: isolation, identity, monitoring, and change management. Below are common deployment models and what we typically require from IT.
Recommended models
Dedicated VM per gateway (recommended baseline)
Strong isolation boundary and simpler security review. Ideal for regulated environments.
Container deployment (with strict host controls)
Works well with platform teams that can enforce network policies, secrets management, and observability.
On‑prem vs private cloud
Both are viable. The choice depends on your governance model, data residency, and standard enterprise tooling.
Reference architecture (conceptual)
User channels
Chat / ticketing triggers
→
OpenClaw Gateway
Isolated VM/container; one trust boundary
→
Scoped tools
Ticketing, docs, CRM via dedicated creds
Observability
Logs, alerts, drift checks, SIEM integration
Governance
Allowlisted skills, approval gates, change windows, runbooks
This diagram is intentionally high-level. We provide environment-specific architectures as part of the Security Pack and Starter Package.
What we need from IT
- Preferred hosting environment (on‑prem/private cloud) and isolation baseline (VM/container)
- Network requirements (ingress/egress, allowlists, proxies)
- Secrets management approach and credential issuance process
- Logging and monitoring standards (SIEM, alert routing)
- Change management requirements (maintenance windows, rollback approvals)
Want an architecture tailored to your constraints?
Email us for the Security Pack and a deployment checklist.