SORACOM Canal ("Canal") is a private network connection service that directly connects your AWS-based Virtual Private Cloud environment to the SORACOM platform.

* We provide Canal as a Public Beta service.

Features of Canal

Private Connection Service

The SORACOM platform is built on AWS’s Virtual Private Cloud (hereafter referred to as VPC). By using a feature called “VPC peering”, which connects VPCs, we can connect SORACOM’s VPC to your VPC inside a closed environment on AWS.


If you set up a server inside your VPC, it can make connections without using the Internet, so you can securely upload highly sensitive data from your device to the server.

In addition, since only SIM cards with access enabled by SORACOM can access the VPC connected by Canal, the network is suitable not only for IoT systems, but also for enterprise use.

3G/LTE communications authenticate and encrypt connections based on information registered in SIM cards. Such a system is effective for enterprise networks as well. If your company’s system is already based on AWS, you can just connect with Canal to enable closed-network connections from smartphones, tablets, and other devices.

Many companies already have systems allowing them to use VPN connections to connect to company networks. However, steps such as the initial configuration and entering of one-time passwords for each use take time and effort. In an environment built using Air SIMs and Canal, SORACOM takes care of these steps for you.

Virtual Private Gateway

Canal provides Virtual Private Gateways (hereafter referred to as VPG).
Each VPG is used for peering with a specific VPC. You can also set each VPG individually to enable Internet routing or to enable peering only.

The VPG also lets you optimize access to SORACOM Beam and NAT processing depending on individual use situations. For example, Beam can be set to reduce throttling (feature that limits the number of simultaneous connections).

VPG fixed global IP address option

With our new VPG option setting, you can now configure the fixed source IP address going out to the Internet
This allows you to easily configure access control on IoT backend systems by adding IP address based rules. When Accessing from an Air SIM in a given group with VPG and this option enabled, it always communicates through one of the two global IP addresses as its source IP address. Even if the number of Air SIMs in the same Air SIM group increase, all of the traffic from this group still goes out from the same two source IP addresses. This makes your access control against your Air SIM group extremely easier.

Also, if you are using SORACOM Beam, the source IP address from Beam will also be from this IP address. This way, you know where Beam traffic comes from and can also make it easier to write an access rule against it. (This does not apply to Beam source IP address with Air for LoRaWAN or Air for Sigfox.)

SORACOM services »

Please contact us if you have any questions.