Page History

Overview

The SBC Edge is certified to offer Microsoft Teams Direct Routing services; the SBC Edge can be used to connect any Teams client to:

• A PSTN trunk, whether based on TDM (e.g. PRI, BRI, etc.), CAS, or SIP
• 3rd-party, non-Teams-certified SIP/TDM based PBXs, analog devices, and SIP clients

These instructions detail how to configure the SBC Edge (SBC 1000/2000 and SBC SWe Lite) deployed with a Microsoft partner (sells telephony services delivered to Microsoft Teams) to connect Microsoft Teams Direct Routing services for multiple independent enterprise customers (Tenants). A tenant Tenant is used within the Microsoft environment as a single independent enterprise that has subscribed to Office 365 services; through this tenantTenant, administrators manage projects, users, and roles. Refer to Configure a Session Border Controller for multiple tenantsTenants for Microsoft partner requirements in support of multiple tenantsTenants.

Network Topology - SBC Edge Deployed in a Microsoft Partner Network to Connect Microsoft Teams Direct Routing for Multiple Tenants

The network diagram below shows an SBC Edge device deployed at the Microsoft partner data center, including communication between:

• Tenants and the enterprise's legacy PBX based clients, and
• Tenants and the PSTN supported by the Microsoft partner.

• Requires all the Derived Trunks (used by end customer) being a subdomain of the Carrier Trunk.
• Requires all Derived Trunks (used by end customer) to use Carrier Wild card certificate.
• Requires all the Derived Trunk (used by end customer) being configured with the same PSTN Gateway parameter (Codec, Max Call allowed, Media Bypass, and such).

For more information, refer to: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-sbc-multiple-tenants.

How Call Traffic Routes between the SBC Edge and Microsoft Teams Tenants

Each Microsoft Teams Tenant requires a dedicated Egress SIP Signaling Group configured with a SIP Profile to match the Microsoft Online PSTN Gateway created on the Microsoft Teams Tenant. This Signaling Group is only used for call traffic directed to Microsoft Teams, and specifically configured not to accept incoming SIP Requests.

The network topology supported are detailed below.

Topology 1 - ITSP Aggregation for all Teams Tenants

This network topology is referred to as "Microsoft Teams Direct Routing Carrier." This topology enables the partner to offer Microsoft Teams external calling capability to the end customer. Usually the partner owns the ITSP contract. For lower cost routing, the partner can choose to have more than one ITSP; routing is then decided based on destination, time of the day, and such.

Topology 2 - ITSP Segregation per Teams Tenant

This network topology is referred to as "Teams Direct Routing Bring your Own Trunk." This topology enables the partner to offer the SBC management to the end customer. Usually the end customer owns the ITSP contract; only a specific Tenant can use the associated ITSP.

Topology 3 - Teams Tenant Segregation

This network topology splits the inbound Teams traffic. For example, it can be useful to limit the number of sessions allowed per Teams Tenant from the SBC side or use a different certificate per Tenant. This topology requires an SBC configuration that limits the number of Tenants that can be supported on the SBC. Since this implementation requires one signaling port per Tenant, it does not support the Carrier/Derived Trunk capability.

Step 1: Install SBC Edge (if required)

Step 2: Prerequisites

Wildcard Certificate

Microsoft Teams Direct Routing in support of multiple tenants Tenants requires wildcard certificate support to protect the Microsoft partner's SBC FQDN and Tenant's SBC FQDN (i.e.that is, SAN=myMicrosoftPartner.com, SAN=*.myMicrosoftPartner.com). The SBC Edge products fully support wildcard certificates.

SBC Edge Configuration for Microsoft Teams Direct Routing 

• For SBC Edge Not configured for Microsoft Teams Routing: If the SBC Edge has not been configured for Microsoft Teams Direct Routing through the Easy Configuration Wizard, configure the SBC Edge per Connect SBC Edge to Microsoft Teams Direct Routing. Once complete, move to Step 3 below.

OR

• For SBC Edge Previously Configured for Microsoft Teams Direct Routing: Move to Step 3.

Step 3: Configure each Tenant

The SBC Easy Configuration wizard configures the SBC Edge for one Tenant; additional Tenants subscribed to Microsoft Office 365 services (Microsoft Teams Direct Routing) must be configured manually with the configuration items below. For documentation purposes, the following terms are used in the configuration examples.

Access the WebUI

You must access the SBC Edge's WebUI to configure the items below. To access the WebUI, refer to: Logging into the SBC Edge.

Create a New SIP Profile for each Tenant

Topology 1 - Configure the SBC for ITSP Aggregation for all Teams Tenants

To implement ITSP Aggregation, the SBC configuration must contain the following:

• Call traffic from the ITSP to Microsoft Teams uses a single SIP Signaling Group to Teams Direct Routing. The destination Tenant is included in the Transformation table; each Microsoft Teams Tenant requires a dedicated Transformation Entry that matches the Microsoft Online PSTN Gateway created on the Microsoft Teams Tenant.
• Call traffic from Microsoft Teams to ITSP uses the default call route to the ITSP.

Create a Transformation entry for the call from ITSP to the new Tenant

In the SBC, configure a Transformation table entry for Teams Direct Routing (Entry #2 on previous diagram). This entry will match the input of the new end customer number and configure the proper Teams Tenant output.

1. In the WebUI, click
2. Access the WebUI. Refer to Logging into the SBC Edge.
3. Click the Settings tab.

4. In the left navigation

   pane

   page, access

    SIP

   Call Routing >

   SIP Profiles. For details on parameter definitions, refer to Creating and Modifying SIP Profiles.
   

5. Click the (Image Removed) icon at the top of left corner and add a new SIP profile.

6. Transformation.
   

7. Select the Transformation Table called From Microsoft Teams: Passthrough (the entry created in the Easy Configuration Wizard).
8. Click the (Image Added) icon.

9. Configure the parameters as shown below. Leave all other parameters as default.

10. Click OK. Configure parameters shown below:
    pagebreak

    Caption
    0 Table 1 SIP Profile Transformation Entry Tenant 2 Configuration - Example Values
    Parameter Example Value Description To Microsoft Phone System Tenant 1 FQDN in From Header Static Static Host <Tenant's SBC FQDN> tenant1.myMicrosoftPartner.com FQDN In Contact Header Static 2 (example name) Match Type Optional Input Type Called Address/Number Input Value <Enter Tenant 2 Phone Number > (\+151048512\d{2}) Output Type SIP: Contact Domain Output Value tenant2 Origin Field name <Tenant's SBC FQDN> tenant1.myMicrosoftPartner.com

    Caption
    0 Figure 1 SIP Profile Transformaton Entry Tenant 1 2 - Example
    Image Removed

Create a New Transformation Table for each Tenant

1. Image Added

   
   

Topology 2 - Configure the SBC for ITSP Segregation per Teams Tenant

To implement ITSP Segregation, the SBC configuration must contain the following:

• Call traffic from the ITSP to Microsoft Teams uses the single SIP Signaling Group to Teams Direct Routing. The destination Tenant is used in the Transformation table. Each Microsoft Teams Tenant requires a dedicated Transformation Entry that matches the Microsoft Online PSTN Gateway created on the Microsoft Teams Tenant.
• Call traffic from Microsoft Teams to the SBC Edge is aggregated onto the single SIP Signaling Group for all Tenants. The Call Routing Table associated with this SIP Signaling Group is configured to distribute the traffic to a specific ITSP, based on the original tenant (SIP: R-URI Domain).

Create a Transformation entry for the call from ITSP to the new Tenant

1. In the WebUI, click the Settings tab.

2. In the left navigation page, access Call Routing > Transformation.
   

3. Click on the Transformation Table > From SIP Trunk 2: Passthrough (the entry created when you added your ITSP 2 configurationTransformation Table - Example Values

   Parameter	Example Value
   Row ID	Assigned by the system
   Description	Microsoft Phone System Tenant 1

   Caption
   0 Figure 1 Create Transformation Table
   Image Removed

   From the left navigation pane, click on the Transformation Table> Microsoft Phone System Tenant 1 (the entry created in the last step).
4. Click the (Image Modified) icon.

5. Configure the parameters as shown below. Leave all other parameters as default.

6. Click OK. 

   Caption
   0 FigureTable 1 Transformation Entry Tenant 1 2 Configuration - Example
   Parameter Example Value Description From ITSP 2 To Microsoft Phone System Tenant 1 2 (example name) Match Type MandatoryOptional Input Type Called Address/Number Input Value <Enter Tenant 1 Phone Number > (\+151048512\d{2}(.*) Output Type Called Address/Number SIP: Contact Domain Output Value \1

   pagebreak

   tenant2.myMicrosoftPartner.com

   Caption
   0 Figure 1 Transformation Entry Tenant 12 - Example
   Image Added  Image Removed

Create a New

Two Signaling Group types are required for call traffic between Teams and the SBC's SIP Trunk:

Transformation Table for the call from the new Tenant to ITSP 2

Egress Signaling Group (For Calls from the PSTN SIP Trunk to a Tenant). Each Microsoft Teams Tenant requires a dedicated egress SIP Signaling Group. This Signaling Group is used only for call traffic directed to Microsoft Teams; this Signaling Group is configured not to accept incoming SIP requests. The calls are then distributed by the Call Routing Table to the specific Tenant. The maximum number of tenants is limited to the maximum number of signaling groups (this assumes one signaling group per tenant). This signaling group must be created new for each Tenant.

Create the egress Signaling Group as follows:

1. In the WebUI, click the Settings tab.
2. In the left navigation page, access Signaling Groups.
   Call Routing > Transformation.
   

3. Click the (Image Added) icon at the top left corner to add a new Transformation TableFrom the Create Signaling Group drop down box, select SIP Signaling Group.
   

4. Configure the parameters as shown below . Leave the default values for all other parameters. and click OK. For details on parameter definitions, refer to Creating and Modifying SIP Signaling GroupsTransformation Tables..Click OK. 

   Caption
   0 Table 1 Signaling Group Tenant 1 Configuration Transformation Table - Example Values
   ParameterParameter Example Value Row ID Assigned by the system Description From Microsoft Phone System Tenant 2 To ITSP 2

   Caption
   0 Figure 1	SIP Profile	Create Transformation Table
   Image Added

5. From the left navigation pane, click on the Transformation > From Microsoft Phone System Tenant 1 (2 To ITSP 2 (the entry created in previous stepsthe last step)

   Media List ID

   SIP Trunk Routing List (automatically created in Easy Configuration)

   Signaling Media/Source IP

   Ethernet 1 (example, pick the interface which faces the Microsoft Phone System)

   SIP server table

   SIP Trunk Server (automatically created in Easy Configuration) 

   Load Balancing

   Priority: Register All

   Call Routing Table

   From SIP Trunk (automatically created in Easy Configuration)  

   Outbound NAT Traversal*

   Static NAT

   NAT Public IP*

   Example: X.XX.XX.X (Only required if Outbound NAT Traversal is selected)Federated IP/FQDNThis field must stay empty.
   NOTE: In Easy Configuration, the signaling Group from From Teams (Calls from Teams Signaling Group to PSTN SIP Trunk) generates sip-all.pstnhub.microsoft.com as the Federated IP/FQDN. This FQDN accepts all IP addresses from Teams Signaling Group. As a result, all incoming traffic from Teams is accepted..
6. Click the (Image Added) icon.

7. Configure the parameters as shown below. Leave all other parameters as default.

8. Click OK. 

   Caption
   0 Table 1 Transformation Entry Tenant 1 Configuration - Example
   Parameter Example Value Description To ITSP 2 (example name) Match Type Mandatory Input Type SIP: R-URI Domain Input Value (tenant2.myMicrosoftPartner.com):5061 Output Type SIP: R-URI Domain Output Value \1

   *Outbound NAT Traversal and the NAT Public IP is required when the SBC is behind a NAT (the pubic IP address of NAT device is required when the SBC has Private IP). The Public IP address specified in the screen graphic is an example only

   Caption
   0 Figure 1

   Signaling Group

   Transformation Entry Tenant

   1

   2 - Example

   Image Added

   Image Removed

Add

New Routing Table Entry for the Call from the new Tenant to ITSP 2

The Easy Configuration process (used for initial configuration) creates the first connection to Teams Direct Routing. This configuration also creates two Call Routing Tables for transporting calls between the SBC's SIP Trunk and Microsoft Teams:

From SIP Trunk