In this section:
Overview
The SBC Edge Portfolio is certified to offer Microsoft Teams Direct Routing services, and used to connect any Teams client to:
- A PSTN trunk, whether based on TDM (e.g. PRI, BRI, etc.), CAS, or SIP
- 3rd-party, non-Teams-certified SIP/TDM based PBXs, analog devices, and SIP clients
These instructions detail how to connect the SBC Edge Portfolio for Enterprise's migration from Skype for Business (SfB) On Premises to Microsoft Phone System (Teams).
Network Topology - Skype for Business Server On-Premises Migration to Microsoft Phone System (Teams) Deployment
An enterprise may choose to deploy Teams Phone System services to clients using Skype for Business Server on-premises enterprise voice services. Two migrations scenarios exist:
- Uniquely On-Premises deployment only
- Hybrid On-Premises deployment
Pre-Migration Uniquely On-Premises Deployment
All Skype for Business clients are homed to the On-Premises Skype for Business Server for voice services. No cloud-based VoIP services from Microsoft are used. A Ribbon SBC Edge Portfolio device qualified for Skype for Business is deployed on the customer premises to support connectivity with the PSTN and legacy clients.
Enterprise Voice Network with Skype for Business Server On-Premises Services, Before Teams Direct Routing Migration
NOTE: The Ribbon SBC may be also deployed in an enterprise branch office and may feature a Skype for Business Survivable Branch Appliance (SBA) application (not shown).
Pre-Migration Hybrid On-Premises Deployment
Skype for Business clients are homed to the Cloud PBX for voice services. No Skype for Business is deployed; the Skype for Business Server provides services analogous to those provided by Skype for Business. A Ribbon SBC Edge Portfolio device qualified for Skype for Business and the Skype for Business Server (deployed on premises) to support connectivity with the PSTN and legacy clients.
Enterprise Voice Network with "Hybrid" Skype for Business Server On-Premises Services, Before Teams Direct Routing Migration
Post Migration - Hybrid and Uniquely On Premises Deployment
Following configuration, the Ribbon SBC Edge Portfolio device offers certified Teams Phone System Direct Routing services to enterprise clients.
Enterprise Voice Network After Migration to Teams Direct Routing, Away From Skype for Business Server
Step 1: Install SBC Edge Portfolio
These instructions assume the SBC Edge Portfolio product ( SBC SWe Edge , SBC 1000/2000) is installed and running. If the product is not installed, refer to the links below. Installation Requirements SBC SWe Edge On KVM: Installing SBC SWe Edge on KVM Hypervisor On VMware ESXi: Installing SBC SWe Edge on VMware ESXi On Hyper-V: Installing SBC SWe Edge on Microsoft Hyper-VProduct Installation SBC 1000 Installing the SBC 1000 Hardware SBC 2000
Step 2: Review Prerequisites for Microsoft Teams Direct Routing
Consult the Microsoft documentation for detailed information on Direct Routing interface configuration guidelines, including the RFC standards and the syntax of SIP messages.
SBC Edge Software
Ensure you are running the latest version of SBC software:
- To locate the SBC Edge software current running, refer to: Viewing the Software Version and Hardware ID.
- To download and upgrade a new version of SBC Edge software, refer to: Installing and Commissioning the SBC Edge Portfolio.
Obtain IP Address and FQDN
Requirements for configuring the SBC Edge in support of Teams Direct Routing include:
SBC Edge Requirements
Requirement | How it is Used |
---|---|
Public IP address of NAT device (must be Static)* Private IP address of the SBC | Required for SBC Behind the NAT deployment. |
Public IP address of SBC | Required for SBC with Public IP deployment. |
Public FQDN | The Public FQDN must point to the Public IP Address. |
*NAT translates a public IP address to a Private IP address.
Domain Name
For the SBC Edge to pair with Microsoft Teams, the SBC FQDN domain name must match a name registered in both the Domains and DomainUrlMap fields of the Tenant. Verify the correct domain name is configured for the Tenant as follows:
- On the Microsoft Teams Tenant side, execute Get-CsTenant.
- Review the output.
- Verify that the Domain Name configured is listed in the Domains and DomainUrlMap attributes for the Tenant. If the Domain Name is incorrect or missing, the SBC will not pair with Microsoft Teams.
Users may be from any SIP domain registered for the tenant. For example, you can configure user user@SonusMS01.com with the SBC FQDN name sbc1.hybridvoice.org, as long as both names are registered for the tenant.
Domain Name Examples
Domain Name* | Use for SBC FQDN? | FQDN Names - Examples |
---|---|---|
SonusMS01.com | Valid names: | |
Valid names:
Non-Valid name: sbc1.europe.hybridvoice.org (requires registering domain name europe. hybridvoice.org in “Domains” first) |
*Do not use the *.onmicrosoft.com tenant for the domain name.
Configure Domain Names - Example
Obtain Certificate
Public Certificate
The Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
Refer to Microsoft documentation for certificate information.
Refer to CCADB Documentation for the comprehensive list of supported CAs.
- Refer to Domain Name for certificate formats.
Configure and Generate Certificates on the SBC
Firewall Rules
Ribbon recommends the deployment of the SBC Edge product behind a firewall, within the DMZ, regardless of the assignment of a public IP to the SBC in question. Refer to SBC Edge Portfolio Security Hardening Checklist for more information about the SBC and firewalls.
This section lists the ports, protocols and services for firewalls that are in the path of the SBC connecting to Teams Direct Routing.
Basic Firewall Rules for All Call Flows
Firewall Rules for the SBC with Media Bypass
Step 3: Configure Direct Routing
These instructions configure the Tenant to connect (pair) the SBC to the Microsoft Direct Routing Interface.
- Access PowerShell. Refer to the PowerShell documentation.
- Connect to the Tenant via Powershell.
Configure the Microsoft Phone system Voice routing. As part of this process, use the following command to create an Online PSTN Gateway that points to the SBC:
New-CsOnlinePSTNGateway -Fqdn <SBC FQDN> -SipSignallingPort <SBC SIP Port> -MaxConcurrentSessions <Max Concurrent Session which SBC capable handling> -Enabled $true
Configure the Teams usage for the user:
Get-CsOnlineUser -Identity user1@domain.com Grant-CsOnlineVoiceRoutingPolicy -PolicyName "GeneralVRP" -Identity user1@domain.com Grant-CsTeamsCallingPolicy -PolicyName AllowCalling -Identity user1@domain.com Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity user1@domain.com
Step 4: Configure TCP and TLS between SBC Edge Portfolio and Skype for Business Server
For configuring TCP and TLS between the SBC Edge Portfolio and Skype for Business server, there are two migration types:
- Migration from Hybrid On-Premises Deployment
- Migration from Uniquely On-Premises Deployment
See below for which migration applies to your network.
Migration from Hybrid On-Premises Deployments
These instructions apply to enterprises with a Hybrid On-Premises for Skype for Business on-premises deployment.
Using TCP between SBC and Skype for Business Server
Follow instructions posted below for basic Teams configuration (Step 5).
For a successful migration, if the SBC is deployed with a private FQDN into Skype for Business On-Premises, do not change the SBC Hostname and Domain. Use the Public FQDN on the new SIP profile only.
Using TLS between SBC and Skype for Business Server
When you configure the SBC Edge Portfolio for Microsoft Teams Direct Routing and use TLS between SfB and the SBC, do not configure the Node-Level Settings because SfB uses the SBC default FQDN.
When you create the SIP Profile for the SBC Edge Portfolio for Microsoft Teams Direct Routing and use TLS between SfB and the SBC, SfB uses the SBC default FQDN. Since SfB uses the SBC default FQDN, set the FQDN in From Header and FQDN in Contact Header fields to Static and enter the public FQDN used for Microsoft Teams in the Static Host FQDN/IP field.
- For SBC Using Publicly- Owned Domain Name
Follow instructions posted below for basic Teams configuration (Step 5).
If the SBC is deployed with a private FQDN in the Skype for Business Server, do not change the SBC Hostname and Domain. Use the Public FQDN on the new SIP profile only.
For SBC Using Non-Owned Public Domain Name
CautionOne TLS port can be attached to only one TLS profile. If your SfB deployment uses TLS 5061 as the Federated port, you must modify this Federated port to use a port other than 5061. To modify the Federated port, you must update the IP/PSTN Gateway's Listen Port of the SfB On-Premise topology and the Federated port of the SfB signaling group.
If you cannot modify your SfB On-Premise topology, you can modify the port that Microsoft Teams Direct Routing uses. Make sure you update the Firewall, ACL, and Federated port of the Teams Signaling Group and Online PSTN Gateway.
Configure a domain name owned by the enterprise through the basic SBC Edge Portfolio configuration (see Step 5).
Migration from Uniquely On-Premises Deployments
These instructions apply to enterprises with a Uniquely On-Premises for Skype for Business Server deployment.
Enable split domain. For details, refer to: Configure Hybrid connectivity between Skype for Business Server and Office 365.
Move On-Premises users to Skype Online. For details, refer to: Move users between On-Premises and Cloud.
Follow the process related to hybrid on premises deployments as described Migrations from Hybrid On-Premises Deployments.
Step 5: Configure SBC Edge Portfolio for Microsoft Teams Direct Routing
These instructions assume the SBC Edge is installed and running, and is connected to the WebUI.
For the purposes of this documentation, the screens displayed are for an SBC 1000/2000; the interface configuration may vary slightly for the SBC SWe Edge. If configuration is not specified for a field, use the default value.
Access the SBC Edge WebUI
Access the WebUI. Refer to Logging into the SBC Edge Portfolio.
Configure Host Information and DNS
The Host Information and DNS configuration contains system information that is used by the SBC Edge, including host, domain, and NTP server information.
- In the WebUI, click the Settings tab.
In the left navigation page, access System > Node-Level Settings. The Node-Level Settings page is displayed.
Configure the NTP and DNS Servers with network-specific data.
Leave all other parameters as default.
Click Apply.
TLS Configuration - Example ValuesParameter Example Value Host Name aepsite6 Domain Name RibbonMS01.com Use NTP Yes NTP Server Specifies the FQDN, IPv4, or IPv6 address of the NTP server. If the host name is supplied, the SBC uses the DNS to connect to the NTP server. Use Primary DNS Yes Primary Server IP XXX.XXX.XX.XXX Node-level Settings - Example
Configure Logical Interface
The SBC Edge supports system-supported Logical Interfaces, which are used to hold the IP address for each Ethernet port. One of these logical interfaces is assigned an IP address for transporting the VoIP media packets (i.e., RTP, SRTP) and protocol packets (i.e, SIP, RTCP, TLS). In this example, Ethernet 1 is configured for transporting packets for the Microsoft Teams Direct Routing connection.
Ensure the IP Routing Table contains the same information as in the network topology.
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Node Interfaces > Logical Interfaces.
Configure the parameters as shown below (example values are shown in the table; configure as per your network requirements). For details on field descriptions, refer to Configuring and Modifying Logical Interfaces.
- Leave all other parameters as default.
Click Apply.
Logical Interfaces Configuration - Example ValuesParameter Example Value Alias To Microsoft Phone 5 Description
Interface to Interconnect with Microsoft Phone System
Admin Interface
Enable
IP Assign Method
Static
Primary Address
<Public IP of your SBC> (in the example 192.168.211.80)
Primary Netmask
<Mask of Public Interface of your SBC> (in the example 255.255.255.0)
Logical Interfaces - Example
Use Easy Config Wizard
Easy Config Wizard can be used to create all the resource required for Microsoft Teams Direct Routing.
Step 1: Select Microsoft Teams Connection
- In the WebUI, click the Tasks tab.
- In the left navigation panel, go to SBC Easy Setup > Easy Config Wizard.
From the Application drop down list, select Microsoft Teams.
Configure per the field definitions below and click Next.
Configure Scenario Parameters - Field DefinitionsField Description Application Configuration template used: Microsoft Teams. Scenario Description Name to describe the setup. Telephone Country Country in which Microsoft Teams is setup. SIP Sessions Number of simultaneous SIP Sessions. Valid entry: 1 - 960. Teams Connection The Teams connection type used for the network. Valid selections: - Teams Direct Routing
- Teams Downstream SBC
Step 2: Configure Microsoft Teams for Endpoint
Easy Configuration Step 2 includes configuration for the Microsoft Teams endpoint. The configuration items displayed in Step 2 depends on the connection type for the Microsoft Teams leg you configured in Step 1. See below for each type.
- Configure the connection type information.
- Click Next.
The fields below are displayed if you select Teams Direct Routing from the Teams Connection drop down list in Step 1.
Configure Teams Direct Routing
Field | Description |
---|---|
Teams Connection Type - Standalone Direction Connection | |
Signaling/Media Source IP | Click the drop-down arrow to select the external (Internet-facing) IP address of the Microsoft Teams Direct Routing server that handles routing of messages for signaling and media. |
Outbound NAT Traversal | Allows the SBC to be placed behind a NAT device, and uses the IP of the NAT device for all outgoing messages. If this field is set to Enable, the Public IP address field configuration is required. Valid selections: Enable: Network Address Translation is used for the NAT device's Public IP address. Disable: Network Address Translation address translation is not used. NOTE: This field is required when the SBC interface has a private IP and the NAT device is using a public IP. For details on configuring an SBC behind the NAT, refer to Configuring the SBC Edge for NAT Traversal. |
Apply ACL | Specifies whether an ACL (Access Control List) is applied to the Microsoft Teams connection. An ACL provides security to an SBC using a Public IP. Valid selection: True: Applies the ACL. False: Does not apply the ACL. For details on configuring an ACL to be applied to an SBC, refer to Managing Access Control Lists. |
Protocol | Hard-coded value for protocol used with federated FQDN: TLS. |
Server Port Number | Hard-coded value for the port used for TLS: 5061. |
Listening Port Number | Port number used for sending and receiving SIP messages between the SBC and the Border Element Server. |
Step 3: Summary
Easy Configuration Step 3 includes a summary of the information configured in Step 1 and Step 3.
Review the information and click Finish.
See below for an example:
Step 3 Example Screen
Create Transformation Table and Entries
This Transformation Table contains a list of call routes that include routing configuration for calls from Microsoft Teams and SIP Trunk. Two Transformation tables are required:
- For Calls from Microsoft Teams to SIP Trunk
- For Calls from SBC's SIP Trunk to Microsoft Teams
Calls From Microsoft Teams to SBC's SIP Trunk
This Transformation Table contains a list of call routes that include routing configuration for calls from Microsoft Teams to SBC's SIP Trunk.
- In the WebUI, click the Settings tab.
- In the left navigation page, access Call Routing > Transformation
Click Add at the top left corner to add a new Transformation Table.
- For Description, enter From Microsoft Teams
Click OK.
In the left navigation panel, select the new table: Transformation > From Microsoft Teams: Passthrough.
Click Create.
- Configure the parameters as shown below. Leave the default values for all other parameters.
Click OK.
Transformation Entries - Example ValuesParameter
Value
Description From Microsoft Teams: Passthrough Match Type Mandatory (Must Match) Input Field Type: Called Address/Number
Value: (.*)Output Field Type: Called Address Number
Value: \1
Transformation Entry - ExampleTransformation Table - Entry Added
Calls From SBC's SIP Trunk to Microsoft Teams
This Transformation Table contains a list of call routes that include routing configuration for calls from the SBC's SIP Trunk to Microsoft Teams.
- In the WebUI, click the Settings tab.
- In the left navigation page, access Call Routing> Transformation
Click Add at the top left corner to add a new Transformation Table.
- For Description, enter From SIP Trunk.
Click OK.
In the left navigation panel, select the new table: Transformation > From SIP Trunk to Microsoft Teams: Passthrough.
Click Create.
- Configure the parameters as shown below. Leave the default values for all other parameters.
Click OK.
Transformation Entries - Example ValuesParameter
Value
Description
From SIP Trunk: Passthrough
Match Type
Mandatory (Must Match)
Input Field
Type: Called Address/Number
Value: (.*)
Output Field
Type: Called Address Number
Value: \1
Transformation Table Entry
Transformation Table - Entry Added
Create Call Routing entries
Two Call Routing Tables need to be modified for transporting calls between the SBC's SIP Trunk and Microsoft Teams:
- Call Route - Calls from Microsoft Teams to SBC's SIP Trunk
- Call Route - Calls from the SBC's SIP Trunk to Microsoft Teams
From Microsoft Teams to SBC's SIP Trunk
This Call Routing Table routes calls from Microsoft Teams.
- In the WebUI, click the Settings tab.
From the left navigation pane, click on the Call Routing > Call Routing table.
Select From Microsoft Teams (the entry you just created).
- Click Add.
Configure the parameters as shown below. Leave all other parameters as default.
Click OK.
Call Routing Table Configuration - ExampleParameter
Value
Description
To SIP Trunk (Passthrough)
Number/Name Transformation Table
From Microsoft Teams: Passthrough (select Transformation Table you created above)
Destination Signaling Groups
Choose the Signaling Group of a local equipment.
Call Routing Table - Example
From SBC's SIP Trunk to Microsoft Teams
This Call Routing Table routes calls from the SBC's SIP Trunk and sent to Microsoft Teams.
To add and configure a new Call Routing Table:
- In the WebUI, click the Settings tab.
From the left navigation pane, click on the Call Routing > Call Routing table.
Select From SIP Trunk, this table already contains an entry to route the calls to Skype for Business.
- Select the existing entry where First Signaling Group is Skype for Business.
- Set the Admin State to Disabled.
- Click OK.
From the left navigation pane, click on the Call Routing > Call Routing table.
Select From SIP Trunk, this table already contains an entry to route the calls to Skype for Business.
- Click Add.
Configure the parameters as shown below. Leave all other parameters as default.
Click OK.
Call Routing Table Configuration - ExampleParameter
Value
Description
To Microsoft Teams (Passthrough)
Number/Name Transformation Table
From SIP Trunk to Microsoft Teams: Passthrough (select Transformation Table you created above)
Destination Signaling Groups
Choose the Signaling Group for Microsoft Teams Direct Routing
Call Routing Table - Example
Step 6: Configure SBC Edge Portfolio when Microsoft Teams is in Media Bypass Mode and Non-Media Bypass Mode
For Media Bypass, the following is supported:
- Deployment on a Public IP address
- Deployment behind NAT
Configure Signaling Group
Before configuring Outbound NAT Traversal, obtain the Public IP address for your network (the Public IP address specified in the screen graphic is an example only); configuration for NAT is required only if deployment is behind NAT.
- In the WebUI, click the Settings tab.
- In the left navigation page, access Signaling Groups
From the Create Signaling Group drop down box, select SIP Signaling Group.
Configure the parameters as shown below. Leave the default values for all other parameters.
Click OK.
Signaling Group Configuration - Example ValuesParameter
Value
RTCP Multiplexing Enable ICE Support Enabled ICE Mode Lite Outbound NAT Traversal* Static NAT NAT Public IP (Signaling/Media)* Public Address for the NAT device assigned on the media port for your network Static NAT Inbound Disabled *Outbound NAT Traversal and the NAT Public IP is required when the SBC is behind a NAT (the public IP address of the NAT device is required when the SBC has a Private IP).
The peer endpoint must support the a=rtcp-mux exchange in order for the RTP and RTCP ports to be multiplexed into one data port.
SIP Signaling Group - Example
Step 7: Confirm the Configuration
Validate SIP Option
- In the WebUI, click the Settings tab.
- In the left navigation pane, access Signaling Groups.
- For the signaling group configured for Microsoft Teams Direct Routing, click Counters.
- Confirm the number of Incoming and Outgoing SIP Options.
- Confirm the number of Incoming and Outgoing 2xx responses.
Step 8: Place a Test Call
Place a test call as follows: Access the WebUI. Refer to Logging into the SBC Edge. In the WebUI, click the Diagnostics tab. In the left navigation pane, click Test a Call. Configure the parameters as shown below. Click OK. Parameter Value Destination Number Number assigned to a Teams user. Origination/Calling Number Number assigned to a Local user. Call Routing Table The routing table that handles the call from Microsoft Teams. Test a Call - Configuration The test call is now complete. For troubleshooting steps, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.
Place a Test Call - Parameters
Place a Test Call - Example