Network analysis is a fundamental role for administrators, particularly when they must keep to service level agreements, so there is a wide range of products on the market. However, although hardware analysers were once the weapon of choice for the enterprise, their ridiculously high costs have forced many to look at lower-cost software alternatives. At first glance, Chevin's TeVISTA Enterprise (CTE) looks expensive but delving deeper shows this analysis software offers a lot for your money.

Most noticeable is the substantial refurbishment CTE has gone through. We've quite familiar with earlier versions of this software and Chevin has done a lot of work on improving the main user interface. A key requirement of enterprise network analysis products is the ability to monitor and report back on multiple network segments, and CTE achieves this with its Software Visibility Agents (SVAs). Designed to run on any Windows workstation, SVAs gather information about their local segment and deliver it to the main console.

The SVA is one of three key functions of CTE and as with similar products such as HP's OpenView, it has standard SNMP device polling at its heart. It augments this with full protocol analysis and for this you get the excellent EtherPeek NX from WildPackets. However, CTE can also integrate with most other popular protocol analysers.

Version 3.2 of TeVISTA also introduces application response probing with the new Synthetic User component. This supports a wide range of common applications including SQL Server, Exchange and Oracle but can also monitor simple file and print services and be customised for bespoke applications. CTE can probe applications as a simulated user and measure response times; if performance falls below a specified threshold then it can alert administrators and helpdesk staff

Getting things going
The action centres on the Enterprise Management Console which provides access to all components. It kicks off with an automatic network discovery and populates its top-level map with identified subnets. Beneath these you'll find all SNMP-enabled devices, and CTE had no difficulties identifying the SNMP-enabled servers, workstations, switches and printers on our test network. Non-SNMP devices can also be added to these maps and CTE uses ICMP to provide basic node status information. You can change the device icons but it was disappointing to see the supplied list clearly hadn't been updated for a very long time. Double-clicking on an icon fires off the HubView utility which is another elderly component that hasn't been updated for over seven years. Chevin also provides a Java console for remote access which we found simple enough to set up and use.

Systems running the SVA are easy to spot as they get a custom icon, and selecting one takes you straight to the network visibility screen which provides real-time activity. For the selected segment you get an overview that includes general utilisation, packets per second, error statistics and a breakdown of errors. There's much more on a side menu, which offers in-depth views on conversations and applications, plus protocol, device and node utilisation and general activity. A top talkers graph is always invaluable and sure enough CTE provides a full rundown of the biggest bandwidth gobblers.

Monitoring behaviour
A valuable feature of CTE is its ability to monitor devices and gather information about their behaviour. After it has learnt how the device should behave, you can implement alarms to warn you of activity outside normal parameters. Packet capturing is also easy to carry out directly from the map or conversation monitor tool and EtherPeek NX provides a wealth of information. The decoding and analysis tools are amongst the best as they show detailed packet contents for all seven OSI layers, and it provides plenty of filters to help refine the captured data.

For segments with unresolved problems you can set the resident SVA to capture data constantly by regularly recycling its capture buffer. Reporting is another key requirement for network analysis and CTE doesn't disappoint in this department. It provides plenty of web based trend reports and the network visibility component can be used to create detailed reports on areas such as the busiest nodes, protocol usage and conversations.

Despite a few minor rough edges Chevin's TeVISTA Enterprise offers an extensive range of analysis tools, neatly integrated under one roof to make for easy administration. The SVAs make light work of monitoring local and remote network segments and the complete package looks comparatively good value.


Network analysis tools need to be easy to understand and use if they are going to be of any use and we found TeVISTA Enterprise simple enough to install and get running. These types of products are always going to be expensive but Chevin does compare well with the competition and it offers a well integrated suite of tools backed up with good packet decoding and analysis.