Preparing a Host for WISdom Data Collection Installation
Before installing the WISdom data collection services, ensure the host machine is properly configured. This includes meeting OS prerequisites, enabling secure connectivity to the Fortified WISdom API, and allowing access to all monitored SQL instances.
The WISdom Installation Requirements (PDF) is available for download. It contains all the information in a single PDF.
System Requirements
Operating System
The host OS must be equal to or newer than the OS of any monitored servers.
Microsoft does not support WMI or performance metric collection from a lower-version OS.
Certificate Management
If you apply additional security hardening, you may need to ensure the Let's Encrypt root CA certificates are trusted on the server. Certificates can be found at https://letsencrypt.org/certificates/.
Network & Firewall Configuration
To ensure uninterrupted data collection and communication with the Fortified WISdom cloud, configure the following:
Inbound Access to Monitored Servers
| Service | Port(s) |
|---|---|
| SQL Server (default) | 1433 |
| SQL Browser (if named instances are used) | 1434 |
| WMI | 135, 49154† |
| Performance Counters | 445 |
† If port 49154 is unavailable, open the dynamic range: 49152–65535
Outbound Access to WISdom Cloud
Allow HTTPS traffic to: https://collectorapi.fortifiedwisdom.com
| Region | IP Range |
|---|---|
| US East 2 | 20.85.14.224/29 |
| US East 2 | 20.122.252.88/32 |
| US Central | 20.236.234.64/29 |
Antivirus Exclusions
Configure your antivirus software to exclude the following folders, along with all subdirectories, from scanning:
%Installation Folder%\CollectorResults%Installation Folder%\UploadReady%Installation Folder%\ESUploadReady(if present)
Default Installation Path: C:\Fortified\WISdom\
If a drive other than C: is present and has more available space, WISdom will default to that drive. The installation path is user-configurable during setup.
Older WISdom installations may have been placed in C:\Program Files\Fortified\Wisdom\.
Collection Host Server Sizing Guidelines
To ensure optimal performance of the WISdom service, server sizing should be based on the number of data collection endpoints. Depending on your network architecture (e.g., geographic region, domain, or subnet), you may need to deploy multiple virtual machines (VMs) for distributed data processing.
| Managed Servers | CPU Cores | RAM | Storage |
|---|---|---|---|
| 1–75 | 4 | 8–16 GB | 25 GB |
| 76–200 | 8 | 16 GB | 50 GB |
Managed server counts are approximate. The volume of data generated per server, determined by the number of databases hosted and transaction volume, will affect how many targets a single VM can reliably manage. Highly transactional instances and servers hosting many databases may require fewer targets per WISdom Data Collector.
For collectors monitoring cloud databases (e.g., Azure SQL Databases), each Azure SQL Database requires its own connection and behaves more like an independent instance than a traditional database. This increase in connections will impact the collector's capacity; plan accordingly.
Managing more than 200 servers or cloud databases on a single VM may lead to performance bottlenecks. Consider scaling horizontally by adding additional VMs.
For better fault tolerance and load distribution, you can deploy two smaller VMs instead of one large instance. This approach enhances resilience and simplifies maintenance.
WISdom Collection Service – Account Requirements
To ensure proper operation of the WISdom Collection Service, the service account must meet the following requirements:
Service Account Type
| Account Type | Recommendation | Notes |
|---|---|---|
| Group Managed Service Account (gMSA) | ✔ Recommended — Best Practice | Automatic password management, simplified administration. Ideal for enterprise environments. |
| Domain Account | Alternative | Centralized control via Active Directory. Requires manual password management. |
| Local Windows Account | Not Recommended | Requires secondary credentials to be created and assigned to monitored targets in the WISdom UI. Additional service account permissions are required — see note below. |
Use a gMSA whenever possible. gMSAs provide automatic password rotation, eliminate manual credential management, and align with Microsoft's security guidance for service accounts.
Required Permissions on the WISdom Host
| Permission | Purpose |
|---|---|
| Log on as a Service | Required to run the WISdom service as a Windows service. |
| Local Administrator Rights | Required to start, stop, and restart the Fortified WISdom Watchdog and Collector services on the host machine. |
A local Windows account requires SDDL permissions set directly on both WISdom services, as Local Administrator rights alone are not sufficient for service control. If Local Administrator group membership is also not permitted, the account must have at minimum Full Control on the WISdom installation directory.