This section outlines the high availability (HA) solution in Azure.

Note

The screen captures in this section are example configurations.

The following example implements an SBC SWe Lite HA solution in Azure. This system interconnects Microsoft Teams Direct Routing with a SIP Trunk that does not have a load sharing solution.

Azure HA Solution

 


To implement the HA solution in Azure, you must perform the following procedures:

  1. Configure the Azure HA Solution
  2. Load Balancing Microsoft Teams Direct Routing
  3. Load balancing SIP Trunk using Azure Load Balancer
  4. SBC SWe Lite Configuration
  5. SIP Trunk Configuration

Elimination of Single Points of Failure

In an on-premise deployment, single points of failure are eliminated to ensure the same outage does not impact the different elements of a HA solution. Microsoft Azure uses the following resources to support this capability:

Azure Availability Sets (Intra-Datacenter Redundancy)

An availability set is a logical grouping of Virtual Machines (VMs) within a single datacenter that makes Azure understand how to build the VM's implantation with redundancy and availability. In an availability set, VMs automatically distribute across fault and update domains in a single datacenter. An availability set limits the impact of potential Azure maintenance, physical hardware failures, network outages, and power interruptions. To use an availability set, the VMs must be on the same resource group.

Note

Fault domains: A logical group of underlying hardware that shares a common power source and network switch, similar to a rack within the datacenter of an on-premise deployment.

Update domains: A logical group of underlying hardware that can undergo Microsoft Azure maintenance. Azure can reboot all VMs in a single update domain at the same time for maintenance, but two different update domains will never reboot at the same time.


Azure Availability Set

 


Azure availability sets offer a 99.95% service level agreement (SLA).

Azure Availability Zone (Inter-Datacenter Redundancy)

An availability zone is an HA offering that protects a VM from complete datacenter failures. An availability zone provides the same level of redundancy and availability as an availability set.

Azure availability zones offer a 99.99% SLA.

Azure Availability Zone


Reliable Crossover and Failure Detection

In redundant systems, the crossover point (which allows switching between the two VMs) is often a single point of failure. The SBC uses load balancing to provide reliable crossover and detect failures as they occur. The sender or receiver manage load balancing.

Load Balancing Managed by Sender

The SBC supports sharing loads between several destination endpoints (refer to Creating and Modifying Entries in SIP Server Tables).

Load Balancing Managed by Receiver

If you do not control the remote endpoint to implement load balancing or if the remote endpoint does not support load balancing, you can implement an Azure load balancer that shares the load between the elements of your HA solution.

A load balancer maps the IP addresses and ports of incoming traffic to the private IP addresses and ports of the VMs in the HA solution. For response traffic from the VM, a load balancer maps the private IP addresses and ports of the VMs to the IP addresses and ports of incoming traffic in the HA solution. You can apply load balancing rules to distribute specific types of traffic across multiple VMs or services. For example, you can spread the SIP request traffic across multiple SBC SWe Lites.

Azure Load Balancer

 


The following are the Azure load balance types:

  • Public Load Balancer: The Azure infrastructure maps the public IP addresses and ports of the incoming traffic to the private IP addresses and ports of the VM. The media directly establishes on the SBC SWe Lite public IP address.
  • Internal Load Balancer: The Azure infrastructure restricts the access of load-balanced IP addresses to a virtual network. The SBC SWe Lite never directly exposes the load balancer IP addresses and virtual networks to an internet endpoint.

Configure the Azure HA Solution

Use one of the following procedures to configure the Azure HA solution:

Azure Availability Sets

This section outlines how to configure and validate the Azure availability sets.

Configure an Azure Availability Set

Use the following procedure to configure an Azure availability set.

  1. Use the preceding availability set to create the first SBC SWe Lite element. To create an SBC SWe Lite element, refer to Deploying an SBC SWe Lite via Azure Marketplace.
    1. In the Create a virtual machine Basics screen,
      1. you must use the same Resource group and Region created in the availability set.
      2. set the Availability options field to Availability set.
      3. set the Availability set field to the Availability set created in the previous step.


      Create a Virtual Machine Basics with Availability Set

    2. In the Create a virtual machine Networking screen, you must use a Public IP with a Standard SKU if you plan to use an Azure load balancer.

      Create a Virtual Machine Networking with Availability Set

    3. When you perform the Create/Assign Signaling Network Interface on SBC SWe Lite procedure, assign a network security group that allows HTTP, HTTPS, and Teams Traffic on the PKT0.

      Inbound Port Rules

  2. Use the preceding availability set to create the second SBC SWe Lite element. To create an SBC SWe Lite element, refer to Deploying an SBC SWe Lite via Azure Marketplace.
    1. In the Create a virtual machine Basics screen,
      1. you must use the same Resource group and Region created in the availability set.
      2. set the Availability options field to Availability set.
      3. set the Availability set field to the Availability set created in the previous step.
    2. In the Create a virtual machine Networking screen, you must use a Public IP with a Standard SKU and use the same Virtual network as your first SBC SWe Lite element if you plan to use an Azure load balancer.

      Create a Virtual Machine Networking with Availability Set - Second SWe Lite

    3. When you perform the Create/Assign Signaling Network Interface on SBC SWe Lite procedure, assign a network security group that allows HTTP, HTTPS, and Teams Traffic on the PKT0.

Validate an Azure Availability Set

Use the following procedure to validate an Azure availability set.

Note

Before you validate an Azure availability set, you must configure an Azure availability set.

  1. Connect to the Azure portal. Refer to http://portal.azure.com.
  2. From the left navigation pane, click All services.
  3. Select Compute > Availability sets.

  4. Select the availability set you created in the Configure an Azure Availability Set procedure.

    Availability Sets

  5. In the Overview screen, confirm that the SBC SWe Lite instances are on different fault and update domains.

    Review SWe Lite Instances

Azure Availability Zones

This section outlines how to configure and validate the Azure availability zone.

Configure an Azure Availability Zone

Use the following procedure to configure an Azure availability zone.

  1. Use an availability zone to create the first SBC SWe Lite element. To create an SBC SWe Lite element, refer to Deploying an SBC SWe Lite via Azure Marketplace.
  2. Use an availability zone to create the second SBC SWe Lite element. To create an SBC SWe Lite element, refer to Deploying an SBC SWe Lite via Azure Marketplace.
    1. In the Create a virtual machine Basics screen,
      1. you must use the same Region created in the first SBC SWe Lite element.
      2. set the Availability options field to Availability zone.
      3. set the Availability zone field to an Availability zone (different than the zone used for the first SBC SWe Lite element).
    2. In the Create a virtual machine Networking screen, you must use the same Virtual network as your first SBC SWe Lite element if you plan to use an Azure load balancer.

      Note

      The following are possible Public IP addresses:

      • Zone redundant: All zones can use this public IP address. This public IP address helps manually redirect the flow of your network.
      • Zone dependent: Only a single zone can use this public IP address.


      Create a Virtual Machine Networking with Availability Zone - Second SWe Lite

Validate an Azure Availability Zone

Use the following procedure to validate an Azure availability zone.

Note

Before you validate an Azure availability zone, you must configure an Azure availability zone.

  1. Connect to the Azure portal. Refer to http://portal.azure.com.
  2. From the left navigation pane, click All services.
  3. Select Compute > Virtual machines.
  4. Select the VM you created in the Configure an Azure Availability Zone procedure.

    Virtual Machines

  5. In the Overview screen, confirm that the SBC SWe Lite instances are on different availability zones.

    Review SWe Lite 1 Instance

    Review SWe Lite 2 Instance

Load Balancing Microsoft Teams Direct Routing

To implement Microsoft Teams Direct Routing, refer to https://docs.microsoft.com/en-us/microsoftteams/direct-routing-configure.

Load Balancing SIP Trunk using Azure Load Balancer

This section outlines how to load balance the SIP Trunk.

Load Balance SIP Trunk using Load Balancer

Use the following procedure to load balance the SIP Trunk using the Azure load balancer.

  1. Connect to the Azure portal. Refer to http://portal.azure.com.
  2. Create the Azure load balancer.
    1. From the left navigation pane, click All services.
    2. Select Networking > Load balancers.

      Load Balancers

    3. Click + Add.

      Add Load Balancer

    4. Configure the load balancer.

      Create Load Balancer


      The following table outlines some of the fields you must configure.

      Create Load Balancer Fields

      FieldDescription
      TypeSelect Internal if you can use the virtual network to access all remote devices that send you the load, which means no remote device requires a public IP. For other scenarios, select Public.
      SKUSelect one of the following SKUs:
      • Basic: Supports only availability sets
      • Standard: Supports availability sets and availability zones
      Availability zoneSelect Zone-redundant.

    5. Click Review + create to review the configuration of the availability set.
    6. Click Create.
  3. Add the SBC SWe Lite HA solution as a backend pool.
    1. From the left navigation pane, click All services.
    2. Select Networking > Load balancers.
    3. Select the Azure load balancer you created in the previous step.

      Load Balancers

    4. Under Settings, click Backend pools.

      Backend Pools

    5. Click + Add.
    6. Configure the backend pool.

      Note

      Make sure you select the media interface that you want to receive the load.


      Add Backend Pool

    7. Click Add.
  4. Configure the health probes.
    1. Under Settings, click Health probes.

      Health Probes

    2. Click + Add.
    3. Configure the health probe.

      Add Health Probe


      The following table outlines some of the fields you must configure.

      Add Health Probe Fields

      FieldDescription
      ProtocolSelect TCP.
      Port
      Select the port used for signaling on the SBC SWe Lite.

    4. Click OK.
  5. Configure the load balancing rules.
    1. Under Settings, click Load balancing rules.

      Load Balancing Rules

    2. Click + Add.
    3. Configure the load balancing rule.

      Add Load Balancing Rule


      The following table outlines some of the fields you must configure.

      Add Load Balancing Rule Fields

      FieldDescription
      Protocol

      Select the protocol used for signaling on the SBC SWe Lite.

      If you select UDP, you must allow TCP and UDP in the Federated port of the SBC signaling group and make sure the SBC can accept the probes.

      Port
      Select the port used for signaling on the SBC SWe Lite.
      Backend port
      Select the port used for signaling on the SBC SWe Lite.

    4. Click OK.

SBC SWe Lite Configuration

For the SBC SWe Lite configuration, make sure

  1. the Microsoft Teams tenant is configured (refer to Deploying an SBC SWe Lite via Azure Marketplace).
  2. all SBC SWe Lites are running.
  3. the initial setup for each SBC SWe Lite is complete (refer to Connect SEC SWe Lite to Microsoft Teams Direct Routing Deployed in Azure).

    1. use a Standard SKU when you create the public IP address in Step 3: Configure Azure for Microsoft Teams Direct Routing.
    2. use the SIP Trunk IP address or FQDN (not the load balancer IP) when you configure the SIP Trunk information in Step 4: Configure SWe Lite for Microsoft Teams Direct Routing.
    3. after you finish using the Easy Configuration wizard, configure the SIP Trunk signaling group to use the outbound NAT and make sure the SIP Trunk's SIP Profile has Session Timer enabled. You must configure the Session Timer with a value less than the idle timeout (25 minutes) of the load balancing rule (that is, 300).

SIP Trunk Configuration

You must configure your SIP Trunk to send signaling to the Azure load balancer IP. See the following screen capture for an example.

Note

The SIP Trunk must have Connection Reuse disabled.


SIP Trunk Configuration