Benefits of using IPv6 in Distributed Virtual Private Networks (VPNs)
Introduction
The many advantages of improving and corporation's network, particularly its Virtual personal Networks (VPNs) from IPv4 to IPv6 create the expenses related to the move recoverable from increased network steadiness, auto-configuration, security, mobility, increase and quality-of-service and multicast capability (Cisco 2007). First, in phrases of quantitative, address varies for an IPv6-based network is 128-bits, providing the company lots higher security, likewise (Fink, 1999). Secondly, the safety concerns with regards to utilizing DHCP to assign information science addresses victimization IPv4 these days will be mitigated with the homeless reconfiguration capability of IPv6 (Lehtovirta, J 2006).
With several of the systems throughout the company administered remotely exploitation IPsec-based VPNs, the opportunity to maneuver to more secure VPNs attributable to IPsec-mandated end-to-end security exploitation IPv6 also adds in greater levels of security moreover. The increasing use of wireless connections by members among the IT employees to observe and maintain IT systems also can currently be potential exploitation Mobile IP with Direct Routing (Cisco 2007). The redoubled support for protocols specifically for multicast routing are also supported in IPv6, that may build marketing’s’ several webinars and on-line initiatives additional expeditiously delivered, moreover. Most vital concerning the upgrade from IPv4 to IPv6, the requirement also exists to update the many network-based applications among the IT organization, moreover. The use of IPv6s’ backward compatibility choices also protects the investments in existing networking applications, moreover. The intent of this paper is to gauge the migration to IPv6 for VPNs and remote communications.
Defining Virtual Private Networks and their role in security

While there are a unit many alternative and every now and then conflicting definitions of what a Virtual personal Network (VPN) is, there's a consensus that its role is to change the connections of components of 1 network over another network. These connections from one network to a different area unit accomplished through the utilization of tunnels, that area unit secured connections from one computer or network to a different. Figure 1 shows associate example of both the abstract and logical equivalents of VPNs based on IPv6 protocols for securing the transit Internetwork.

Source: (Cisco Tutorial 2007)
Figure 1: Comparing the conceptual and logical equivalents of VPNs based on IPv6.

VPNs support each IPv4 and IPv6 with VPNs running the SSL protocol being the dominant configuration in use. From the analysis completed for this analysis, clearly IPv4’s dominance in IPsec-based VPN configurations was necessary attributable to shortcomings in security. The emergence of SSL-based VPNs has been augmented by the improved security and message lengths' potential exploitation the IPv6 protocol.
VPNs by definition have faith in the information link layer of the OSI Model to provide ATM and Frame Relay connections, in addition to support for Multi-Protocol Label change (MPLS) and Link-Layer secret writing (L2TP or PPTP). On the Network Layer, VPNs support the IPsec protocol, in addition to managing address validation and best bathtub improvement through a network. This approach to configuring these layers of the OSI Model with IPv4-based connections was necessary attributable to security audits showing potential vulnerabilities in networks. The SSL protocol styled is intended as part of the Transport and Application layers of the OSI Model and share's design objectives with IPv6 in securing adhoc and infrastructure wireless network over VPNs.
Comparative Analysis of IPSEC vs. SSL-based VPN

The performance and security variations between IPv4 and IPv6 area unit influencing the employment of IPsec and SSL. The magnified field length size of IPv6 has efficient the employment and maintenance of VPNs built on each of those each protocol (IPsec and SSL), yet has significantly magnified the pliability and security of implementation for the latter protocol. This section completes a comparison of the protocols relative to the topologies supported, security models used for each session authentication and confidentiality. In addition, the key variations in, however, Quality of Service (QoS) and service Level Agreements (SLAs) area unit managed are discussed. The measurability aspects of each protocol are compared, in addition to each site-to-site and remote access support from a management perspective is enclosed. Provisioning and service deployment as a part of VPN management is additionally enclosed in the following table. Variations in VPN shopper support and transparency are profiled. Table 1, Technical Analysis of variations between IPv4-based IPsec and IPv6-based SSL VPNs highlight the variations on each of those technical dimensions. The key differences' center on measurability and transparency for the user. Measurability of IPv6-based SSL is entirely smitten by the underlying net traffic, while in IPv4-IPsec, through optimized routing of point-to-point connections, together with the employment of algorithms, area unit used to maximize speed.
Table 1: Technical Analysis of Differences between IPSec and SSL | IPv4-based VPNs using IPSec | IPv6-based VPNs using SSL | Topology | Site-to-site VPN; mainly configured in a hub-and-spoke design. | Remote-access VPN | Security | | Session authentication | Authenticates through digital certificate or preshared key Drops packets that do not conform to the security policy | Authenticate through the use of digital certificates; drops packets if a fatal alert is received | Confidentiality | Uses a flexible suite of encryption and tunneling mechanisms at the IP network layer | Encrypts traffic use the public key infrastructure (PKI) | QoS and SLAs | Does not address QoS and SLAs directly; yet the IPSec VPNs can be configured to preserve packet classification for QoS within an IPSec tunnel | Both QoS and SLAs do not apply to SSL deployments; the service provider's network traffic is unaware of SSL traffic or its relative level. | Scalability | Acceptable scalability in the most hub-and-spoke configurations and deployments. Scalability for IPSec-based networks when there are large, meshed IPSec VPN deployments across a very large number of users (over 10, 000); support for key management and peering configuration. | Entirely dependent on network traffic; SSL is not impacted by server provider network | Management | | Site-to-Site support | Yes | No | Remote Access Support | Yes | Yes | Provisioning | Reduces operational expense through a centralized network-level provisioning | Does not apply; service provider traffic does not see SSL traffic | Service Deployment | Is a protocol compatible with other ones located through an existing IP network | Does not apply; service provider traffic does not see SSL traffic | VPN Client | Is required for client-initiated IPSec VPN deployment | Relies on a Web browser to complete sessions | Place in network | Local loop, edge and off-net | Local loop, edge and off-net | Transparency | Transparency to applications | Works only with applications coded for SSL | Wireless | Not easily accomplished as this protocol relies on point-to-point connections | Support for QoS, non-QoS and enterprise-wide connectivity through wireless |

Market Comparative Analysis of IPv4-based IPsec vs. IPv6-based SSL VPNs

When each protocols square measure compared and contrasted by their support of applications, encryption, authentication, overall security, support for users, accessibility, costs, complexity, simple use, and measurability, which square measure the most critical concerns for IT departments implementing VPNs, many key insights emerge. Table 2, comparing IT Management Key concerns by Protocol, highlights these major differences. First, it’s clear that despite the comparatively high value of IPv6-based SSL relative to IPv6-based IPsec VPNs, the convenience of use it delivers is considered definitely worth the investment by several organizations. Additionally, the following factors additionally emerge supporting the continued use of IPv4 on the IPsec protocol:
• Regulatory compliance to HIPAA and SOX force the sustaining and improvement of this integration commonplace. The IPsec protocol is employed specifically in those configurations that need a high level of auditing and tracking of monetary transactions, exactly positioning to the point-to-point integration approach this security commonplace enforces.
• Integration and compatibility with gift applications, specifically those with a heavy reliance on the TCP/IP commands for system management, file management and user management. These commands embody ftp, lpr, ping, telnet and other TCP/IP commands used for managing systems.
• Enhanced security levels, including authentication on remote-access demand command sequences, primarily because of the point-to-point security protocol that IPsec has as a part of its inherent design.
• Advancements within the IPv4-dominated IPsec VPNs at the transport level definition and optimization. Route and point-to-point optimization provides a higher level of system management than is possible in strictly random-based approaches to gaining access to servers for authentication of traffic.
• Wide-Area Network (WAN) integration across Frame Relay and ATM architectures.

Table 2: Comparing IT Management Key Concerns by Protocol | IPv6-based SSL VPNs | IPv4-based IPSec VPNs | Applications | Web-enabled applications, including file sharing and e-mail | All IP-based services | Encryption | Strong but variable – highly dependent on the encryption levels supported in the browser | Strong and consistent – often tied to a specific implementation and implemented for a specific network type | Authentication | Is configurable and variable by design; supports either one- or two-way authentication using tokens or digital certificates | Stronger of the two protocols’ authentication approaches using tokens and digital certificates to manage security functions | Overall Security | Moderate – any device can be used for creating holes in the network | Strong – tied to specific devices and implementations including web servers | Users | Sales, Marketing, Executives, Customers, and Partners | Human Resources, Finance, IT Staff, Engineering, Operations | Accessibility | Casual access to broadly distributed databases are commonplace | Formal access with well-defined and controller user base authentication | Cost | High fixed cost implementations and low variable costs | Moderate fixed costs and high variable costs as client software is required | Complexity | Moderate Levels | High Levels | Ease of Use | Very High – SSL integrates directly with Web Browsers | Moderate – Requires users to launch and get the application connected | Scalability | High – the SSL protocol can be easily deployed once tight levels of integration are in place. | Very High – IPSec works at the protocol level, independent of applications, therefore scalability is best-in-class |

Comparing the technological and operational edges, specifically in the areas of shopper access options, access management, client-side security, installation, and shopper configuration highlight just how differentiated the IPv4-based IPsec versus IPv6 –based SSL protocols square measure from each other. In analyzing these variations, Table 3: examination Technological and Operational edges of IPv6-based SSL and IPv4-based IPsec VPNS, was created. Starting first with the shopper access options, IPv6-based SSL can support a clientless interface through its browser at longer address lengths, support for semi-clientless through Java and ActiveX shoppers developed in mythical being, and conjointly in a full shopper configuration. This flexibility in use of the IPv6-based SSL protocol is resulting in considerably higher levels of adoption overall. IPv4-based IPsec encompasses a single shopper access possibility that must be pre-installed on every system. Requiring a full shopper computer code application translates into higher levels of IT maintenance, nonetheless, at the identical time bigger flexibility in creating extremely made-to-order security parameters.
Another significant technological difference between IPv6 and IPv4, specifically from associate degree IT viewpoint, is the client-side security integration doable victimization IPv4 versus IPv6. The very fact that IPv6 can specifically integrate with a variety of web-based applications and provide security and authentication through the utilization of digital certificates must result in its adoption throughout several areas it wasn’t at first designed for. In effect, the breadths of integration options for IPv6-based SSL VPNs square measure creating entirely new categories of users. Another issue that leads IT departments to favor IPv6-based SSL over IPv4-based IPsec is the support for auto-updates through configuration, and therefore, the fact, there's little or no IT support required to keep a secured IPv6-based SSL-based network up and running from the shopper facet. Conversely, there's often a major level of IT administration and support required for IPsec-based configurations.
Table 3: Comparing Technological and Operational benefits of SSL and IPSec Technological Benefit | Category | IPv6-based SSL VPNs | IPv4-based IPSec VPNs | | Client Access Options | Three options: * Clientless (browser) * Semi-clientless (auto downloadable Java or ActiveX agent) * Full Client (statically installed) | One option: full client (statically installed) for network-level connection | | Access Control | Very granular – per use and per application | Very little granularity – typically permit or deny | | Client-side security | Tight integration with a wide variety of client types | Tight integration with only PCs | Operational Benefit | Installation | Often doesn’t require installation | Requires installation on every client machine | | Client configuration | Native abilities to auto-update | Requires third-party software to facilitate auto-updates |

Evaluating the variations between IPv4 and IPv6 it’s valuable to consider the varied user segments and their uses of those protocols for their specific desires and requirements. The needs of those worker's World Health Organization area unit traveling the majority of times, typically operating with customers and in sales and sales support, role's area unit typically called road warriors, and have considerably been completely different desires than IT administrators and field engineers. Table 4: scrutiny the use of IPv4 versus IPv6 VPNs by form of User, presents an analysis to the needs of road warriors, channel partners and executives, in addition to field engineers and IT administrators regarding their application requirements, together with typical applications used, remote access frequency, and choice of IPv4 versus IPv6. Power user's area unit those types of user's World Health Organization require VPNs over seventieth of the time to try to their jobs.
Table 4: Comparing the Use of IPv6 versus IPv4 VPNs by Type of User Type of User | Power User? (meaning using VPNs 70% or more of the time on their jobs) | Typical Applications | Relative number of employees | Remote access frequency | IPv4 or IPv6 | Comments | Road Warriors | Yes | E-mail and front-office suites including CRM and ERP applications including order management | Many | Very Often (over 80% of the time) | IPv6 | SSL used extensively in this area as it negates firewall traversal; works will from locations that may block IPSec sessions and queries from clients (hotels, convention centers) | Partners | Yes | Extranet portals; ERP and supply chain applications; pricing and order status access | Many | Often | IPv6; previous generation applications support IPv4 through legacy applications | IPSec legacy systems required partners to get login and password; administratively difficult to complete; SSL easier to administer; strong integration with portals | Executives | No | E-mail and front office suites of applications; multimedia | Very Few | Often | IPv6 | Ease of configuration and use; SSL typically has a less intrusive interface. |

Table 4: Comparing the Use of IPv6 versus IPv4 VPNs by Type of User (continued) Type of User | Power User? (meaning using VPNs 70% or more of the time on their jobs) | Typical Applications | Relative number of employees | Remote access frequency | IPv4 or IPv6 | Comments | Field engineers | No | CAD/CAM and engineering applications; inventory and ERP queries only sporadically | Few | Not Often | IPv4 (IPv6 becoming more used in this are) | Bandwidth-intensive applications work best in Level 3 operation (OSI Model).IPSec also is backward compatible with many other legacy field applications | IT Administrators | No | Diagnostic and monitoring through the use of VPNS; Extensive use of Telnet sessions to administer systems remotely; database access and queries | Very Few | Not Often | IPv4 (IPv6 is slowly making inroads into this area) | IPv4 running the IPSec VPN protocol is favored by this class of user due to the integration and extension to LANs and more network administration applications;IPv6 running SSL is optimum for configuring IT management portals |

Another helpful analytical approach to evaluating the differences between IPv4-dominated IPsec and the growth of IPv6-based SSL VPNs is in evaluating. However, actual companies these days are exploitation each protocol, and within the case of the industries shown in Table 5. However, they're integrating these protocols together to make sure the highest levels of security by their specific want areas. For money service's companies for instance, as well as the Royal Bank of North American nation, the use of account validation for his or her business accounts. Money services are one in all the key industries that continue using a combined approach to security over VPNs selectively exploitation IPv4 and IPv6 reckoning on the particular business method demand. Money Services is also another trade that is taking a hybrid-based approach to managing security across their VPNs. Within the case of Deloitte, the extensive use of IPv6 for managing business transactions is commonplace. This firm relies upon the use of IPv6-based SSL VPN sessions for sanctionative their consultants and partners UN agency pay the majority of their time traveling, and dealing on clients’ sites. Within the public sector, there is the vital want for making certain about a high level of confidentiality and security in posting and managing tickets, letters of compliance, and the tracking of social control methods. Industries that require a hybrid approach to managing security embody tending, wherever HIPAA reporting needs make it vital to have IPv4 running IPsec-based VPN sessions, whereas outward-bound sales and service personnel want the convenience and security of IPv6 over SSL.
Table 5: Industry-Specific Implementations of IPv4-based IPsec and IPv6-based SSL VPNs | Financial Services | Business Services | Public Sector | Healthcare | Retail and Wholesaler | Manufacturing | Company | Royal Bank of Canada | Deloitte | Arizona Game and Fish | Virtua Health | VF Corporation | Large US auto manufacturer | Business Drivers | Remote Access to non-staff agentsAccommodate flexible work assignmentsCost savings in reducing number of allocated laptops | Remote access from client locations | Enhancing filed agent productivity by providing cost-effective remote access over broadband and dial-up. | Access to non-Web based terminal applications | Providing Web-based e-mail for all employees, including those without laptops | Extranet for suppliers, vendors, and partners | Technology Requirements | Endpoint security Application-level firewalling with predefined rules(Integrates with IPv4for account validation) | Firewall friendly Strong client optionsManaged Service (Integrates with IPv4 for transactions) | Easy set-up and configurationBroad app support using clientless Web browsers(Uploads of tickets and materials via IPv4) | Terminal or “green screen” compatibility Policy for HIPAA compliance(HIPAA compliance uploaded via IPv4) | Detailed configuration optionsStrong Lotus Notes compatibilityInternet Information Server-compatible deployment (Pricing is updated via IPv4) | Managed serviceScalable for future expansion(Extensive use of IPv4for pricing; financial reporting across divisions) | Deployment Size | 100 to 1,000 | 20,000 to 25,000 users | 200 growing to 500 in 2005 | 8,500 growing to 10,000 | 500 growing to 10,000 | 100 growing to 5,000 | Application usage | Moderate; mostly e-mail, Web portal, and terminal services apps | Moderate; mostly e-mail and client/server | Moderate; mostly terminals services, e-mail, file access, and UNIX emulation | Complex; e-mail; client-server; and legacy mainframe applications | Moderate; mostly e-mail and client/server | Moderate variety of clientless applications through the extranet |

Summary
Beginning with an analysis of the configuration, quantifiable and performance aspects of IPv4 versus IPv6-based SSL versus IPv4-based IPsec protocol over networks and VPNs, and progressing into an analysis of how these useful variations square measure processes the utilization of those two various protocols is the foundation of this paper. By far, the best influence on each protocol nowadays is the requirement of compliance to Sarbanes-Oxley, HIPAA and extra governance, risk and compliance reportage and auditing requirements. As more and more publicly traded organizations consider networks as the foundation of their transactions, together with the event of entirely new approaches to collaborating with workers, commerce partners and suppliers, the IPv6 protocol can become more pervasive. The support of wireless communication by this customary will also accelerate its adoption over time. Clientless access, remote access orientation additionally the} IPv6 transport security configuration choices have also been explored. IPv4-based IPsec VPNs square measure the dominant approach IT departments have taken throughout the past, nonetheless, the configuration and security choices available in the IPv6-based SSL VPNs square measure quickly gaining ground. Whereas there square measure several areas in network configurations and topologies where the advantages of IPv6 are often seen, VPNs square measure experiencing the foremost ascension.

References
AMR Research (2005)- SOX Spending for 2006 to Exceed $6B. John Hagerty and Fenella Sirkisoon. Tuesday November 29, 2005. Retrieved from the Internet on September, 19, 2012: http://www.amrresearch.com/Content/View.asp?pmillid=18967
Chou, W (2002). “Inside SSL: Accelerating Secure Transactions.” IT Professional. Sep/Oct. 2002: 37- 41.
Ciampa, Mark (2005). Security+ Guide to Network Security Fundamentals. 2nd Edition Massachusetts: Thomson Course Technology, 2005
Cisco, (2007) IPv6 Introduction. Retrieved June 2, 2008 from Cisco Systems IPv6 Introduction Web site: http://www.cisco.com/en/US/products/ps6553/products_ios_technology_home.html
Cisco Tutorial (2007). Basics of the OSI Model and associated documents. Retrieved from the Internet on September, 19, 2012 from location: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introint.htm
Cisco Systems (2007) White Paper on Security. Retrieved from the Internet on September, 19, 2012 from location: http://www.cisco.com/en/US/docs/security/pix/pix62/configuration/guide/config.html
Columbus and Murphy (2002) - Re-orienting Your Content and Knowledge Management Strategies. AMR Research. Boston, MA. Report and research findings published October 2002. Retrieved from the Internet on September, 19, 2012: http://www.lwcresearch.com/filesfordownloads/ReorientingYourContentandKnowledgeMgmtStrategy.pdf
Economist (2006) - Virtual champions. Economist Magazine. June 1, 2006. Retrieved from the Internet on September, 19, 2012: http://www.economist.com/surveys/PrinterFriendly.cfm?story_id=6969722
Fink , Robert (1999). IPv6—What and Where It Is. The Internet Protocol Journal, 2, number 1, Retrieved from the Internet on September, 19, 2012 http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_2-1/ipv6.html
Gartner (2005) - Compliance Has Many Faces. Bace, Leskela, Rozwell. Industry Research Brief G00125885. Gartner Group. January 31, 2005.
Green, J.H (2001). The Irwin Handbook of Telecommunications Management. New York: McGraw Hill.
Hagerty (2006) – Lowering SOX Costs through Scope Reduction. Alert by John Hagerty. AMR Research. Boston, MA. Thursday May 18, 2006. Retrieved from the Internet on September, 20, 2012 from location: http://www.amrresearch.com/Content/View.asp?pmillid=19469

Hickman, Kipp (2007). The SSL Protocol. Netscape Communications Corp. 29 Nov. 1994. 23 Mar. 2007. Retrieved from the Internet on September, 19, 2012 from location: http://www.llnl.gov/atp/papers/HRM/references/ssl.html>.
IPSec VPNs: Conformance & Performance Testing. 12 Jan. 2003. White Papers Ixia. 11 Apr. 2007. Retrieved from the Internet on September, 20, 2012 from location: http://www.ixiacom.com/library/white_papers/display?skey=ipsec
Lehtovirta, J (2006). Transition from IPv4 to IPv6. White Paper, 1 Retrieved from the Internet on September, 19, 2012 from http://www.tascomm.fi/~jlv/ngtrans/
Kent, S. Security Architecture for the Security Protocol (2007). Network Working Group. Nov. 1998. Javvin Network Managing & Security. 05 Apr. 2007. Retrieved from the Internet on September, 19, 2012 from location: http://www.javvin.com/protocol/rfc2401.pdf
OpenReach (2002) IPSec vs. SSL: Why Choose?. Jan. 2002. Open Reach. Security Tech Net. 20 Mar. 2007. Accessed from the Internet on September, 20, 2012 from location: http://www.securitytechnet.com/resource/rsc-center/vendor-wp/openreach/IPSec_vs_SSL.pdf
Opus One (2007). Selected content on SSL configurations obtained through analysis of the content at this consultancy’s’ site. Accessed from the Internet on September, 21, 2012 from location: http://www.opus1.com/o/index.html
Whitman, Michael and Herbert Mattord (2005). Principles of Information Security. 2nd Edition. Massachusetts: Thomson Course Technology, 2005.