I've got some legacy web hosts running Virtualmin and DirectAdmin, and I've been impressed enough with Enhance than I'm about to move everyone over to my Enhance servers and decommission the other machines (more like I'll archive the VMs and create new Enhance servers to inherit their IP addresses.)
Before I do this, is there any advice about Enhance you wish you'd known before you committed to it? Are there any gotches that will bite me if I don't do something right?
Install Enhance Controller on a VM, you can back up with some external tool, or if the provider offers Block backups for the VM, pay for the service as you will not regret it.
Other examples are ESXI (hypervisor), Veeam (backup tool), Proxmox, and its Backup server (I never liked Proxmox (interface), but I consider it neat from a backup perspective.)
Install DNS servers on small VMs in different DC (advice not a necessity). Do not install other roles on DNS
Email servers can be a pain if they are spammed; this is why it is suggested that smart hosts be used. Also, Email role should be on a separate server (cheap storage) $$$
The backup role should be on a separate server. Preferable same continent but different DC (cheap storage) $$$
I am sure others will have great advice to provide. Just pay attention to what they suggest 
Isaia-Arknet_PTY_LTD if the provider offers Block backups for the VM, pay for the service as you will not regret it.
And make sure to test restoring said backups at least once before going live. Some VPS providers do a very poor job at this if the server is powered on during the backup. In my experience and others here, Linode & Heztner are reliable. If you can take the backup image and restore to another VPS its great for testing but some providers don't let you do this and you just have to hope the backup isn't corrupted.
There are a few bugs that relate to trying to do something too soon after creating a site or adding a role. For example trying to add a website to a server with the role added 30 seconds ago. Wait a few minutes and there isn't an issue. Might just be an issue on slower servers.
On lower end servers the installation can seem like its hanging at 98% ish. Even if CPU usage is low, it is working, just wait. I recommend running the installation inside screen. Otherwise if you lose connection to SSH the installation won't finish.
There is no server or website security out of the box. You have to take care of kernel updates, security related to SSH, ports, linux hardening etc. The only security is isolation between sites.
Make sure whatever firewall you use doesn't block any ports to/from the control panel server.
Don't put the control panel behind any CDN.
