TeVista is Chevin's offering in the network visibility and management market. It is a Windows-based management suite that installs on Windows 2000 or XP (we tried it on Windows 2000 Server with all of the latest patches and service packs).

The architecture of the product is fairly standard. You install the server package on a machine that's going to stay active all the time collecting network information, and you can place the management console software on whichever machine(s) you're going to use to actually look at what the server component's doing. There's a third widget, called the Software Visibility Agent (SVA), which you can distribute around the network and to which the centralised components can connect on demand, and the package is augmented by the inclusion of (and integration with) the EtherPeek packet analyser, which provides the ability for low-level packet decoding.

The idea of the SVA is that it allows you to do things that you wouldn't be able to do from a centralised location in the average switched network – namely reach into distant collision domains to do packet capture. It's a neat idea, as it allows you to dig into the low-level traffic on a far-away segment without having to go there and plug in a packet analyser.

We won't concentrate on the background server aspect of the system, as it's one of those things that you install, run and largely forget about. The main components of interest are the SVA and, of course, the various user interfaces.

The SVA can be installed along with the main package, and you'd commonly run one on your management station to watch the local collision domain. You can then install further instances either via the main installer or via a facility within the management application that lets you build a distributable SVA installer as either a stand-alone installer or a Windows MSI (both of which can then be shipped to remote machines and installed).

The management components have a number of user interfaces. One is the Network Asset Manager, which is a graphical interface onto the systems on your network. You tell it what subnet(s) to search, and it goes away and auto-discovers the devices on the network, and then does some probing to see what services (SMTP, Web, FTP, etc) each is running. The package can be configured to poll the various devices on the network at predefined intervals, and to keep records of the results so you can see what's going on; it'll also flag issues in the usual red/yellow/green colours on the front page, so you can easily spot problems.

The main user interface component is the management console itself, though. It's a standard-looking two-pane view, with an overview of your systems on the left and then the detail in the right-hand area. The summary pane is a tree of objects that you can build up to represent the hierarchy of your various subnets, and then you add items in the detail pane for each subnet. You add items and connect them together with network links, and for each entity you can define the mechanism (SNMP, for example, or Ping) that the system should use to check whether each is still alive.

The main power of the system is its ability to dig into the devices on the network using a variety of tools and protocols. At the most basic level you can highlight a device and be connected to it via a high-level protocol such as Telnet or a Web browser; at a much lower level, however, you're given options to dig about using SNMP (via a basic MIB browser and RMON tool or by using Chevin's more in-depth SNMP analyser). You can also kick off packet capturing on a selected device if there's something specific you want to watch regarding its traffic.

SVAs are, incidentally, represented as special "virtual devices" in the network map. Adding them is a bit convoluted, but the manual's pretty clear and it only takes a minute or two to figure out how to do it. When you drill into an SVA, you're basically given a complete packet sniffer tool that can, as we've already mentioned, see across subnets and collision domains since the capture is happening not on the server but on the client computer on which the SVA is installed. The capture tool allows you to watch all the usual activities, including lists of nodes it sees, conversations between nodes on and off the network, protocol distributions and application-specific traffic (e.g. SNMP, BOOTP or NetBIOS).

The only real negative side of TeVista is the fact that the various components feel like (and are) separate entities. We would prefer to have a common user interface between the asset manager and the management console, for instance, with the ability to drag stuff between the two views; it would also be nice to have basic stuff such as the "connect via HTTP" and "connect via Telnet" features implemented as controls within the main application instead of firing off separate browser or Telnet applications.

On the whole, though, TeVista is a useful product that brings together a lot of nice features (the MIB browser, a good packet capture/decode application, a network representation that's easy to build and use, a sensible reporting engine and a neat remote-capture concept in the shape of the SVA) and which we hope Chevin will evolve into a more comprehensively integrated package.


Consider the architecture of your management network, particularly the SVAs, carefully - in a switched network, packet capture can be one of the hardest things to do. If your switches don't have port mirroring facilities, you'll need to think hard about whether you can do packet capture at all. Also bear in mind that although we reviewed the "all in" Enterprise version, less expensive subsets are available.