Private and dedicated lines of IoT communication now available with SORACOM Canal and SORACOM Direct
2016–01–27
Introduction
We launched our IoT platform on 30 September 2015 delivering SORACOM Air and SORACOM Beam to the world. We released a large number of new features for SORACOM Air and Beam thereafter, but customers and partners kept inquiring on when we would release our service “C” and whether we had already done so.
I am very delighted to reveal we have some updates on this front today. We are announcing our private connection service SORACOM Canal and our dedicated connection service SORACOM Direct!
- SORACOM Canal — A private line connection service that connects our customers’ systems in the AWS Tokyo region to SORACOM through the use of Amazon’s VPC-peering feature
- SORACOM Direct — A dedicated line service directly connecting our customers’ systems, established in any environment, to SORACOM through the use of AWS Direct Connect
Both services make “mobile networks without Internet” a reality, for which our customers have made numerous requests. I would like to explain some background as well as the technical details behind the connections.
Background: The need for a closed IoT system
Security is the most important issue when implementing an IoT ecosystem. It is easy to now create a secure IoT ecosystem with SORACOM: through your SIM’s device authentication; safe 3G/LTE transmission route and stateful firewall offered by SORACOM Air. Then there’s SORACOM Beam, which uses encryption and offloads server authentication information management to the cloud. The following points concern issues that we were unable to directly resolve until now.
- The risk of denial-of-service attacks and invasion for endpoints on IoT systems that are open to the Internet
- The risk of information leakage to the server of a third party, or the aiding of such, through malware on devices
It is widely said that as long as you are connected to the Internet, these risks exist and aren’t entirely avoidable. I completely agree and feel creating a closed-network between devices and the back end of an IoT system is the ideal solution.
SORACOM Canal and SORACOM Direct were designed to offer SORACOM Air customers the choice of higher security standards.
SORACOM Canal/Direct connections
The SORACOM Virtual Private Gateway (“VPG”) supports connections and is offered to customers using SORACOM Canal/Direct.
The SORACOM VPG is a virtual gateway that connects devices on SORACOM Air to customer back-end systems using Canal/Direct. It is built on top of the AWS VPC and enables a closed-network connection between your systems and devices by connecting to this VPC through peering or direct connect services.
Private Connections for Your System with SORACOM Canal
Dedicated Line Connections for Your System with SORACOM Direct
Using the SORACOM VPG on devices with SORACOM Air is now just a configuration that can be created for any SIM group. To be precise, in your SORACOM Air group settings, enter a flag indicating whether or not you use the VPG, and the corresponding ID of your VPG.
{
SoracomAir: {
useVpg: true,
vpgId:
}
}
Once configured in the above described manner, the designated VPG will replace your usual Internet gateway and be used from the next time you open a connection, enabling your SIM to directly connect to your system.
It is also possible to use all of SORACOM Air’s features with Beam. So if, for example, you are using the custom DNS option on SORACOM Air for a private name resolution on a DNS server established in a closed network, you can use Beam’s protocol conversion to reduce transmission overhead.
To use SORACOM Canal/Direct
As of January 2016, SORACOM Canal and Direct are being offered with limited preview status. We ask those who would like to use these services to apply with an intended use case explanation on the application page below.
Once your application has been approved, SORACOM will contact you. We would greatly appreciate it if you could let us know your intended use cases.
Conclusion
SORACOM Canal’s private connection service and SORACOM Direct’s dedicated line connection service: So how do these sound to you?
Allow me to let you in on some history. Most of our customers have requested a closed-network connection feature, but there were a number of technical issues that we had to face to make this possible. The VPG concept played a crucial role in solving these issues and making Canal/Direct a reality.
When I think about it, these requirements were thought up before SORACOM was announced, during a post-lunch walk I had with Mr. Matsui and Motoko, with whom we were not yet affiliated. The initial idea for SORACOM Air was devised when drinking with Tamagawa, our CEO. Looking back, our ideas always emerge in the company of friends, when eating or drinking or excitedly discussing technology together; or when communicating with our partners and customers, who look to the future and provide us with honest feedback.
Anyway, I know I always end up concluding my blog posts like this, but SORACOM evolves with feedback from all of our users, so we hope to hear more from you in the future!