Interesting problem, the external offices, what sort of platform are they, are all terminations point Cisco (ASAs? IOS routers? mix?).
Granted I'm not an expert on DC technologies, but I can give you some food for thought.
Both in case of ASA and 3900 you can have statefull failover, provided they units have L2 connectivity between them, and having only one active unit at a time.
This will require crypto maps (in either IOS or ASA deployment) and only one device would terminate crypto at a time.
This has lots of benefits - simplified deployments, abiality to terminate almost everything (Cisco or non-Cisco).
Another way to do it, if you have Cisco routers in all other branches is to use VTI technology.
Either DVTI-SVTI or SVTI-SVTI deployments.
I.e. you have two separate concurrent tunnels to both DCs (I assume that's possible when OTV is running?)
The problem of same internal subnets is fixed by routing protocol rather than IPsec component.