- About the Customer
Enso Oils & Lubricants is manufacturer and distributor of automotive and industrial lubricants. Their business runs across various locations, covering to large-scale industrial customers and retail partners. Their IT infrastructure is important for their business continuity covering production planning, supply chain management, customer interactions, and reporting.
To enable these type of workloads, Enso operates a hybrid infrastructure which feature a large deployment of Linux and Windows EC2 instances on AWS. Such workloads manage both mission-critical production applications and business routine applications.
2. Customer Challenge
Enso oils is now expanding there business so their IT operations team is experiencing some kind of regular issues with system management and governance. Their Patch management procedures for the patching of systems were mostly manual. This type of inconsistency caused compliance issue and made it challenging for Enso Oil to maintain good security stance.
Along with that, their some kind of workloads were still depends on conventional SSH and RDP-based remote access. This method, is also working, but exposed instances to some vulnerabilities, which will make them more vulnerable to unauthorized access.
Visibility was also an area of updation for Enso Oils. There wasn’t centralized inventory and configuration data that monitoring infrastructure health or producing audit reports was very labor-intensive. When their production cycles were high, these inefficiencies leads to affect uptime and response times, which form an operational bottleneck for Enso’s cloud management team.
3. Partner Solution
Kainot Technologies, is an AWS Advanced Consulting Partner. To solve Enso’s problem Kainot team collaborate with Enso’s cloud and security teams. They architect an operational model based on AWS Systems Manager. The intention was clear which is to introduce automation, visibility, and security under one uniform model. These all with zero disruption to the production systems.
Kainot team started with the AWS Systems Manager Patch Manager and Automation runbooks and standardize and automate patching for both the environment (Linux and Windows). This step eliminate the need for manual updation. It also guaranteed that all the instances complied with their internal policies.
Systems Manager Inventory was also implemented for more visibility which provide centralized monitoring of system states, software versions, and configurations throughout Enso’s hybrid environment. Kainot also brought forward Session Manager which totally eliminate the need for open RDP and SSH ports which ensure secure access. The Administrators were able to access instances via secure and fully logged sessions in the AWS Console itself.
Real-time monitoring of operations was also set up using Amazon CloudWatch dashboards so that Enso’s IT leadership could visualize patch compliance, performance metrics, and system health easily.
4. Results and Benefits
Within three months of going live, Enso Oil had experience a great improvement in their compliance and operation efficiency within three month of going live. Also their Patch compliance is improved from less than 60% to over 95%, which is fully automated patch cycles.
Also the removal of open RDP and SSH ports with Session Manager has significantly improve the security by closing up exposure to unauthorized network access.
The manual workload of IT persons decreased by more than 60%, and free up teams to work on optimization and monitoring rather than maintenance. Their Uptime during the high production period is increased by 10% which make their manufacturing and distribution processes smoother.
Also the centralized compliance and inventory data simplified regulatory audits, which is now quicker and more transparent. This enhance Enso’s reputation for governance of operations.
Kainot Technologies Pvt Ltd is a certified AWS Advanced Tier Consulting Partner. Kainot team have good expertise in cloud automation, security best practices, and infrastructure lifecycle management using AWS Systems Manager.
6. Solution Overview
Enso Oil deployment was planned with automation, governance, and minimal impact on production systems in mind. Kainot adopted a modular model by integrating multiple AWS Systems Manager components — such as Patch Manager, Inventory, Session Manager, and Parameter Store — with Amazon CloudWatch for monitoring and visibility.
The solution was made on the principle of least privilege. The IAM roles and policies were only providing the access permissions required for each task. The Maintenance windows were set for patch deployments. This step prevent disruption at peak operations. All type of administrative tasks were audited for readiness. Control rollout plan guarantee smooth adoption across environments. This construction improved operational maturity and also implement a scalable model for future workloads.
7. Architecture Diagram
8. TCO & Operational Efficiency
Automation translated directly into cost savings. By reducing manual patching and monitoring tasks, Enso cut IT operational expenditure by approximately 45%. The Enhanced uptime prevent the potential production delays and revenue losses for Enso oil. And the stronger security reduced the breach-related costs.
9. Project Outcomes
The interaction between Enso Oils & Lubricants and Kainot Technologies brings remarkable enhancements in security, compliance, and operational effectiveness. By using the AWS Systems Manager for automation, Enso experienced a good patch compliance boost, from below 60% to more than 95% in only three months. This kept all instances up to date all the time It lowers vulnerabilities and enhance the organization’s security stance.
On Replacing open RDP and SSH access with Session Manager severed exposure to possible unauthorized access, offering safe, auditable administrative sessions. This was not only more secure but easier to govern as well because all system interactions could now be tracked and logged from one central location.
The centralized inventory and report of compliance allowed Enso to facilitate audit preparation which mean regulatory reviews would be quicker and more transparent. Overall, the project created a sound, scalable, and secure operational foundation that enhanced Enso’s cloud governance and set up the company for future growth.
10. Learnings & Recommendations
The collaboration with Enso Oils & Lubricants provided important insights into enhancing cloud operations at scale. A significant takeaway was the necessity of ongoing IAM assessments and the enforcement of least-privilege access. Even after the initial setup, conducting regular audits and refining IAM policies is essential to maintain secure access that aligns with the changing requirements of the business.
Another key understanding was the importance of keeping AWS Systems Manager Automation runbooks maintained and updated. As operational needs evolve and new workloads are added, these runbooks should be revised to reflect lessons learned, meet new compliance standards, and ensure uniformity across environments.
Monitoring and proactive notifications proved to be crucial. The early use of CloudWatch dashboards and alerts allowed Enso to spot potential problems before they affected production, leading to quicker responses and reduced downtime. By incorporating monitoring into everyday operational activities, teams can stay ahead of issues rather than responding to them after they arise. Furthermore, the early
implementation of CloudWatch dashboards and alerts facilitated the early identification and resolution of potential challenges before they disrupted production. The project also underscored the significance of collaboration across teams — including operations, security, and compliance — to ensure seamless execution, alignment with governance, and sustainable operational stability.
11. Runbook & Operations (Appendix)
As part of the engagement, Kainot Technologies created an in-depth Runbook and Operations framework to ensure Enso Oils & Lubricants is able to have a stable, secure, and efficient operating environment after implementation. The aim of this framework was to implement uniform procedures which were not only repeatable but also auditable so that Enso’s internal IT and operations teams could maintain the same degree of automation and governance as realized during deployment.
The runbook was created as an operation manual that merged automation, monitoring, and incident response into one process. It addressed every day-to-day maintenance operation Hence all the actions taken within the AWS environment were consistent and auditable, which followed Enso’s internal governance guidelines. Every part of the runbook had a direct correlation with the AWS Systems Manager components used in the project, which were Patch Manager, Session Manager, Parameter Store, and Automation Documents.
12. Secure AWS Governance
Security and governance section were important for Enso Oils & Lubricants. Kainot Technologies deployed a full-fledged governance architecture. The architecture was intended to impose tight access controls, preserve auditability, and guarantee regulatory and organizational compliance.
Security and governance were the core pillars of this deployment in Enso Architecture. MFA was used to secure the root account. The administrative accesses were kept in check using fine-grained IAM roles. SSH and RDP were eliminated and used Session Manager to avoid exposure to the internet. All admin operation were logged and auditable for traceability.
AWS CloudTrail was enabled in all regions. The logs were encrypted for tracking APIs and audits. The Centralized configuration and secret management were provided by Parameter Store which mandate consistency and secure processes. The Ongoing compliance checks validated IAM roles, patch policies, and resource configurations against internal and AWS best-practice.