In analyzing these differences, Table 3: Comparing Technological and Operational benefits of IPv6-based SSL and IPv4-based IPSec VPNS, was created. Starting first with the client access options, IPv6-based SSL can support a clientless interface through its browser at longer address lengths, support for semi-clientless through Java and ActiveX clients developed in AJAX, and also in a full client configuration. This flexibility in use of the IPv6-based SSL protocol is leading to significantly higher levels of adoption overall. IPv4-based IPSec has a single client access option that needs to be pre-installed on every system. Requiring a full client software application translates into higher levels of it maintenance, yet at the same time greater flexibility in creating highly customized security parameters. Another significant technological difference between IPv6 and IPv4', specifically from an it standpoint, is the client-side security integration possible using IPv4 versus IPv6. The fact that IPv6 can specifically integrate with a variety of web-based applications and provide security and authentication through the use of digital certificates has lead to its adoption throughout many areas it wasn't initially designed for. In effect the breadths of integration options for IPv6-based SSL VPNs are creating entirely new classes of users. Another factor that leads it departments to favor IPv6-based SSL over IPv4-based IPSec is the support for auto-updates through configuration, and the fact there is very little it support required to keep a secured IPv6-based SSL-based network up and running from the client side. Conversely, there is often a significant level of it administration and support required for IPSec-based configurations.

Table 3: Comparing Technological and Operational benefits of SSL and IPSec VPNS

Technological Benefit

Category

IPv6-based SSL VPNs

IPv4-based IPSec VPNs

Client Access Options

Three options:

Clientless (browser)

Semi-clientless (auto downloadable Java or ActiveX agent)

Full Client (statically installed)

One option: full client (statically installed) for network-level connection

Access Control

Very granular - per use and per application

Very little granularity - typically permit or deny

Client-side security

Tight integration with a wide variety of client types

Tight integration with only PCs

Operational Benefit

Installation

Often doesn't require installation

Requires installation on every client machine

Client configuration

Native abilities to auto-update

Requires third-party software to facilitate auto-updates

Evaluating the differences between IPv4 and IPv6 it's valuable to consider the various user segments and their uses of these protocols for their specific needs and requirements. The needs of those employees who are traveling the majority of time, often working with customers and in sales and sales support roles are often called road warriors, and have significantly different needs than it administrators and field engineers. Table 4: Comparing the Use of IPv4 versus IPv6 VPNs by Type of User, presents an analysis of the needs of road warriors, channel partners and executives, in addition to field engineers and it administrators regarding their application requirements including typical applications used, remote access frequency, and selection of IPv4 versus IPv6.

Power users are those types of users who require VPNs over 70% of the time to do their jobs.

Table 4: Comparing the Use of IPv6 versus IPv4 VPNs by Type of User

Type of User Power User? (meaning using VPNs 70% or more of the time on their jobs) Typical Applications Relative number of employees Remote access frequency IPv4 or IPv6 Comments Road Warriors

E-mail and front-office suites including CRM and ERP applications including order management

Many

Very Often (over 80% of the time)

IPv6

SSL used extensively in this area as it negates firewall traversal; works will from locations that may block IPSec sessions and queries from clients (hotels, convention centers)

Partners

Extranet portals; ERP and supply chain applications; pricing and order status access

Many

IPv6; previous generation applications support IPv4 through legacy applications

IPSec legacy systems required partners to get login and password; administratively difficult to complete; SSL easier to administer; strong integration with portals

Executives

E-mail and front office suites of applications; multimedia

Very Few

IPv6

Ease of configuration and use; SSL typically has a less intrusive interface.

Table 4: Comparing the Use of IPv6 versus IPv4 VPNs by Type of User (continued)

Type of User Power User? (meaning using VPNs 70% or more of the time on their jobs) Typical Applications Relative number of employees Remote access frequency IPv4 or IPv6 Comments Field engineers

CAD/CAM and engineering applications; inventory and ERP queries only sporadically

Few

Not Often

IPv4 (IPv6 becoming more used in this are)

Bandwidth-intensive applications work best in Level 3 operation (OSI Model).

IPSec also is backward compatible with many other legacy field applications

IT Administrators

Diagnostic and monitoring through the use of VPNS; Extensive use of Telnet sessions to administer systems remotely; database access and queries

Very Few

Not Often

IPv4 (IPv6 is slowly making inroads into this area)

IPv4 running the IPSec VPN protocol is favored by this class of user due to the integration and extension to LANs and more network administration applications;

IPv6 running SSL is optimum for configuring it management portals

Another useful analytical approach to evaluating the differences...

For financial services firms for example, including the Royal Bank of Canada, the use of account validation for their commercial accounts. Financial Services are one of the key industries that continue using a combined approach to security over VPNs selectively using IPv4 and IPv6 depending on the specific business process requirement. Financial Services is also another industry that is taking a hybrid-based approach to managing security across their VPNs. In the case of Deloitte, the extensive use of IPv6 for managing commercial transactions is commonplace. This consulting firm relies on the use of IPv6-based SSL VPN sessions for enabling their consultants and partners who spend the majority of their time traveling, and working on clients' sites. In the public sector there is the critical need for ensuring a high level of confidentiality and security in posting and managing tickets, letters of compliance, and the tracking of enforcement strategies. Industries that require a hybrid approach to managing security include healthcare, where HIPAA reporting requirements make it critical to have IPv4 running IPSec-based VPN sessions, while outbound sales and service personnel need the convenience and security of IPv6 over SSL.
Financial Services Business Services Public Sector Healthcare Retail and Wholesaler Manufacturing Company

Royal Bank of Canada

Deloitte

Arizona Game and Fish

Virtua Health

VF Corporation

Large U.S. auto manufacturer

Business Drivers

Remote Access to non-staff agents

Accommodate flexible work assignments

Cost savings in reducing number of allocated laptops

Remote access from client locations

Enhancing filed agent productivity by providing cost-effective remote access over broadband and dial-up.

Access to non-Web-based terminal applications

Providing Web-based e-mail for all employees, including those without laptops

Extranet for suppliers, vendors, and partners

Technology Requirements

Endpoint security

Application-level firewalling with predefined rules

Integrates with IPv4for account validation)

Firewall friendly

Strong client options

Managed Service

Integrates with IPv4 for transactions)

Easy set-up and configuration

Broad app support using clientless Web browsers

Uploads of tickets and materials via IPv4)

Terminal or "green screen" compatibility

Policy for HIPAA compliance

HIPAA compliance uploaded via IPv4)

Detailed configuration options

Strong Lotus Notes compatibility

Internet Information Server-compatible deployment

Pricing is updated via IPv4)

Managed service

Scalable for future expansion

Extensive use of IPv4for pricing; financial reporting across divisions)

Deployment Size

100 to 1,000

20,000 to 25,000 users

200 growing to 500 in 2005

8,500 growing to 10,000

500 growing to 10,000

100 growing to 5,000

Application usage

Moderate; mostly e-mail, Web portal, and terminal services apps

Moderate; mostly e-mail and client/server

Moderate; mostly terminals services, e-mail, file access, and UNIX emulation

Complex; e-mail; client-server; and legacy mainframe applications

Moderate; mostly e-mail and client/server

Moderate variety of clientless applications through the extranet

Table 5: Industry-Specific Implementations of IPv4-based IPSec and IPv6-based SSL VPNs

Summary

Beginning with an analysis of the configuration, scalability and performance aspects of IPv4 versus IPv6-based SSL vs. IPv4-based IPSec protocol over networks and VPNs, and progressing into an analysis of how these functional differences are defining the use of these two respective protocols is the foundation of this paper. By far the greatest influence on both protocols today is the requirement of compliance to Sarbanes-Oxley, HIPAA and additional governance, risk and compliance reporting and auditing requirements. As more and more publicly traded organizations rely on networks as the foundation of their transactions, including the development of entirely new approaches to collaborating with employees, trading partners and suppliers, the IPv6 protocol will become more pervasive. The support of wireless communication by this standard will also accelerate its adoption over time. Clientless access, remote access orientation and the IPv6 transport security configuration options have also been explored. IPv4-based IPSec VPNs are the dominant approach it departments have taken in the past, yet the configuration and security options available in IPv6-based SSL VPNs are quickly gaining ground. While there are many areas in network configurations and topologies where the advantages of IPv6 can be seen, VPNs are experiencing the most rapid growth.