How to choose a Segment type
Choose the Segment type before you create a Segment. The type determines what AlloyScan discovers, which credentials it asks for, and which Inventory sections receive the results.
Segment types
AlloyScan supports seven Segment types:
| Type | Use it for | Status |
|---|---|---|
| Address list | IP ranges, subnets, DNS names, or NetBIOS names inside a reachable network | Available |
| Domain | Active Directory domain computers | Available |
| AWS | AWS cloud resources | Preview |
| Azure | Azure cloud resources | Preview |
| Google Cloud Platform | Google Cloud Platform resources | Preview |
| Google Directory | ChromeOS and Chromebook devices managed through Google Admin Directory | Preview |
| Jamf | macOS computers, iPhone / iPad devices, and other Apple mobile devices managed through Jamf Pro | Preview |
Choose Address list
Use an Address list Segment when you know the network addresses you want AlloyScan to scan.
Good examples:
- a subnet such as a server VLAN
- a list of IP ranges
- a group of named hosts
- SNMP devices such as printers and switches
- mixed targets where the Audit Service can reach the devices directly
Address list Segments can use Windows, Linux and macOS, Hypervisor, or SNMP credentials, depending on the targets.
Choose Domain
Use a Domain Segment when the targets are Active Directory domain members.
Choose this type when:
- the Audit Service host is in the same Active Directory domain as the targets
- a Windows credential can enumerate computer objects in the domain
- you want AlloyScan to discover domain computers without entering address ranges manually
For cross-domain or workgroup machines, use Audit Agents instead of relying on a Domain Segment.
Choose AWS, Azure, Google Cloud Platform, Google Directory, or Jamf
Use a cloud Segment when you want AlloyScan to discover and audit resources from a cloud provider account, subscription, or project. Use Google Directory when you want Chromebook inventory through Google Admin Directory instead of Google Cloud Platform resources. Use Jamf when you want Apple device inventory through Jamf Pro.
| Cloud type | Typical credential | Inventory result |
|---|---|---|
| AWS | AWS access key and secret, or IAM role | AWS Inventory sections such as EC2 instances, AMIs, Subnets, VPCs, S3 buckets, RDS, load balancers, security groups, key pairs, and network interfaces |
| Azure | Tenant ID, Client ID, Client secret | Azure Inventory sections such as virtual machines, application gateways, load balancers, network interfaces, public IPs, resource groups, subscriptions, virtual networks, volumes, and security groups |
| Google Cloud Platform | Project ID, client email, private key, or JSON key file | Google Inventory sections such as VM instances, images, load balancers, public IPs, security groups, subnets, VPCs, volumes, and Bigtable resources |
| Google Directory | Client email, private key, delegated admin email, optional customer ID | Chromebook Inventory sections such as ChromeOS devices, device versions, enrollment data, and recent-user information |
| Jamf | Jamf Pro server root URL, login, password | Apple Inventory sections such as macOS computers, iPhone / iPad devices, and other Apple mobile devices |
Decision checklist
Before creating the Segment, confirm:
- The Segment type matches the target source.
- An active Audit Service is available for agentless or cloud scan execution.
- The matching credential type exists in the Audit Service's credential pool.
- Required ports or cloud API access are available.
- You know whether the Segment should have a scan schedule.
- You know whether newly discovered devices should be audited automatically.
- You know whether an Auto tag should be applied to devices discovered by this Segment.