Understanding Isolation
Last updated: January 29, 2025
Why Isolation Matters
When you run a OpenClaw instance, isolation determines who can access your data, how resources are shared, and what happens if another tenant is compromised. The difference between "secure by policy" and "secure by architecture" is fundamental.
In shared hosting, your security depends on every other tenant following best practices. In isolated hosting, your security is enforced by the infrastructure itself — regardless of what happens elsewhere.
Comparison Overview
| Feature | Starter | Premium | Enterprise |
|---|---|---|---|
| Architecture | Multi-tenant | Single-tenant | Single-tenant |
| Container | Shared | Dedicated | Dedicated |
| Filesystem | Shared volume | Isolated volume | Isolated volume |
| Network | Shared namespace | Isolated namespace | Isolated namespace |
| Encryption keys | Shared infrastructure | Per-tenant keys | Per-tenant keys |
| LLM processing | External providers | External providers | Local LLM included |
| Data sovereignty | EU-hosted | EU-hosted | Complete (never leaves instance) |
Starter: Shared Infrastructure
What it means
Starter tier runs on managed multi-tenant infrastructure. Your OpenClaw instance shares compute resources, storage systems, and network infrastructure with other customers. This is similar to traditional shared hosting.
Who it's for
- Personal projects and experimentation
- Small teams getting started with OpenClaw
- Non-sensitive use cases where convenience outweighs isolation requirements
- Users who want managed hosting without the cost of dedicated infrastructure
Security measures still in place
Shared doesn't mean insecure. Starter tier still includes:
- EU-hosted infrastructure (Germany data centers)
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Managed updates and security patches
- No exposed admin interfaces
- DDoS protection and WAF
The difference is architectural: in Starter, security boundaries are enforced by software configuration. In Premium and Enterprise, they're enforced by infrastructure separation.
Premium: Full Isolation
Premium tier provides true single-tenant architecture. Your OpenClaw runs in complete isolation from every other customer.
Dedicated Container
Your instance runs in its own container or microVM with dedicated process namespace, memory allocation, and CPU resources. There is no shared runtime between tenants — a compromise of another customer's container cannot affect yours.
Isolated Filesystem
Each Premium customer gets a dedicated storage volume. Your data, configuration, and logs are physically separated from other tenants. There's no shared filesystem that could leak data between customers.
Network Boundaries
Your instance operates in an isolated network namespace. There are no routing paths to other tenants — your container cannot see, reach, or communicate with other customers' infrastructure. Egress traffic is filtered and monitored.
Per-Tenant Secrets
Encryption keys are generated uniquely per customer and stored in isolated key management. Your secrets are never shared with or accessible to other tenants. Keys are injected at runtime and never written to disk in plaintext.
Why this matters
With Premium isolation:
- Lateral movement is impossible. If another tenant is compromised, there's no path to your instance.
- Resource contention is eliminated. A noisy neighbor can't affect your performance.
- Compliance is simplified. You can demonstrate true tenant isolation for audits.
- Risk is architectural, not policy-based. You don't depend on other tenants following best practices.
Enterprise: Maximum Privacy
Enterprise tier includes everything in Premium, plus complete data sovereignty through local LLM processing.
Everything in Premium
Enterprise inherits all Premium isolation features: dedicated container, isolated filesystem, network boundaries, and per-tenant secrets.
Local LLM Processing
The key differentiator: Enterprise includes an on-instance LLM. Your conversations are processed locally — they never leave your isolated environment. No data is sent to external AI providers like OpenAI or Anthropic.
Complete Data Sovereignty
With local LLM processing:
- Zero external calls. Your conversations stay within your instance.
- No third-party training. Your data can never be used to train external models.
- True air-gap capability. For highly sensitive use cases, the instance can operate with minimal external connectivity.
- Maximum privacy. Only you have access to your conversation data — not us, not LLM providers, not anyone.
Multi-Tenant vs Single-Tenant Architecture
Understanding the difference between multi-tenant and single-tenant architecture is crucial for making the right choice.
Multi-Tenant (Starter)
Multiple customers share the same underlying infrastructure. Isolation is enforced through software — access controls, configuration boundaries, and policy enforcement. This is cost-effective but means your security depends partly on the correct configuration of shared systems.
Single-Tenant (Premium & Enterprise)
Each customer gets dedicated infrastructure. Isolation is enforced through physical and logical separation at the infrastructure level. Even if isolation policies were misconfigured, there's simply no shared resource for data to leak through.
Think of it this way: multi-tenant is like having your own locked room in an apartment building. Single-tenant is like having your own building.
Ready to choose your isolation level?
All plans include a 7-day free trial with no credit card required. Start with Starter and upgrade anytime, or go straight to Premium for full isolation.