<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=58103&amp;fmt=gif">
Skip to content
Let's Talk
Search icon
Let's Talk
All posts

Energy Utility Automates Critical Grid Infrastructure in a Fully Disconnected Environment with Ansible

  Shadow-Soft Team  ·  2 minute read

An energy utility needed a production-ready automation platform for its disconnected Distribution Management System — with no room for downtime. Shadow-Soft deployed a highly available, air-gapped Ansible Automation Platform with Active Directory integration and enterprise access controls, giving the client a secure, automated foundation for managing Linux and Windows systems across critical grid infrastructure.

The Challenge

Managing patch cycles and OS updates across a disconnected, air-gapped environment is one of the more demanding problems in enterprise IT. Without connectivity to external repositories or management tools, teams fall back on manual processes — creating inconsistency, operational risk, and delays.

For this regulated energy utility, the stakes were especially high. Their Distribution Management System (DMS) sits at the center of grid operations. Any misconfigured server or unplanned downtime during patching could affect grid reliability and compliance.

The client needed automation that could operate fully offline, survive node failures without interruption, and enforce access controls tied to their existing identity infrastructure. Manual processes weren't going to cut it anymore.

Our Solution

Shadow-Soft designed and deployed a highly available Red Hat Ansible Automation Platform specifically for the client's disconnected DMS environment. We built for resilience from day one — two-node clustering, Active Directory integration, and role-based access controls — so the platform could handle automation workflows without a single point of failure, and without any reliance on external networks.

We also developed and refined automation content for both Linux and Windows target systems, and delivered documentation to support the client's team going forward.

Our Process

Key milestones included:

  • Designed a two-node AAP architecture tailored to the air-gapped DMS environment, with redundancy and offline content management built into the foundation.
  • Prepared both nodes to AAP prerequisites, resolving all package dependencies from internal repositories before installation began.
  • Installed and configured Ansible Automation Platform in a highly available two-node cluster with failover capability.
  • Integrated AAP with the client's Active Directory environment for centralized user authentication.
  • Configured role-based access control, scoping permissions for engineers, administrators, and operators across the platform.
  • Developed reusable Ansible playbooks and roles for patch deployment and OS management across Linux and Windows DMS systems.
  • Delivered full implementation documentation covering architecture, configuration, RBAC structure, and operational workflows.

The Roadblocks

Deploying automation in a disconnected environment means every dependency — collections, execution environments, packages — has to be pre-staged internally. There's no fallback to an external repo when something's missing.

We anticipated this early. Instead of discovering gaps mid-installation, we built the offline content strategy into the architecture design phase and staged everything before the first server was touched. That preparation is what kept the deployment clean and on schedule.

The Toolstack

Red Hat Ansible Automation Platform 2.x: Core automation platform, deployed in a two-node HA cluster with offline execution environments.

Red Hat Enterprise Linux (RHEL): Base OS for both AAP nodes, hardened for the disconnected environment.

Microsoft Windows Server: Target OS for automation content alongside Linux systems.

Microsoft Active Directory: Integrated for centralized authentication and identity governance across the platform.

The Results

  • Deployed a production-ready, highly available AAP cluster inside the client's air-gapped ADMS environment
  • Eliminated manual patching processes for Linux and Windows systems, reducing human error and configuration drift
  • Secured platform access through Active Directory integration and scoped RBAC
  • Delivered reusable automation content the client's team can extend as the DMS environment grows
  • Provided complete operational documentation for long-term internal ownership of the platform

What's Next?

The automation foundation Shadow-Soft put in place gives this utility a clear path to extend coverage across additional DMS workflows — including compliance reporting, configuration management, and event-driven automation as their operational maturity grows.

Client Overview

A regulated electric utility serving a broad regional customer base, operating critical grid infrastructure under strict reliability and security requirements. Their DMS is mission-critical, requiring precise, auditable control over software and configurations across a mix of Linux and Windows systems in a fully disconnected environment.