Page History
| Panel | ||||
|---|---|---|---|---|
In this section:
|
Add_workflow_for_techpubs AUTH1 UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} JIRAIDAUTH CHOR-4084 REV5 UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} REV6 UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} REV3 UserResourceIdentifier{userKey=8a00a0c856ed5c6701572cb23680000b, userName='null'} REV1 UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc5207f0, userName='null'} REV2 UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c91d01f9, userName='null'}
Overview
The Direct Routing Survivable Branch Appliance (SBA) is a Ribbon Communications
| Spacevars | ||
|---|---|---|
|
| Caption | ||||
|---|---|---|---|---|
| ||||
Direct Routing SBA - Quick Facts
| Info | ||||||||
|---|---|---|---|---|---|---|---|---|
Direct Routing SBA is available on Contact your authorized Ribbon sales representative/partner for more information regarding approved |
| Direct Routing SBA Facts | Details | ||||
|---|---|---|---|---|---|
| Platforms Supported | The Direct Routing SBA is available in select
| ||||
| How SBA is Offered | The Direct Routing SBA is offered in a physical appliance format; the SBA is not available within the | ||||
| SBA Deployment | The Direct Routing SBA should be deployed on the same site as an SBC connected to Direct Routing | ||||
| SBA Services | The following services are available to Teams clients from the SBA
| ||||
| Local Media/Media |
|
Prerequisites
Direct Routing
- The Direct Routing SBA must have access to Azure AD, which must be created and enabled on Azure prior to SBA deployment
The Microsoft Teams Tenant should be configured for Direct Routing. Refer to https://docs.microsoft.com/en-us/microsoftteams/direct-routing-configure for more information;
The Microsoft Teams Tenant should be configured for Direct Routing SBA. Refer to: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-landing-page.
Direct Routing SBA requires an Internet link to connect the Teams tenant.
Direct Routing SBA (capable of SBC 1000 or SBC 2000)
Hardware and License
Please confirm:
Licenses for the following features must be activated prior to deployment:
SIP sessions
Direct Routing SBA
SBC and SBC Communication service must be on Ribbon
Release 9.0.1.Spacevars 0 product The ASM must feature a licensed copy of Windows Server 2012 R2. Refer to the upgrade instructions to confirm the Windows Server OS found in your Direct Routing SBA-capable
is correct.Spacevars 0 longproduct The ASM should be loaded with the following ASM images: directrouting-ws2012r2-901b560-2020-11-23.
| Note | ||
|---|---|---|
| ||
Please take the following actions to convert a Lync 2013/Skype for Business 2015 related ASM to support the Direct Routing SBA:
Do not apply an ASM_Teams_update.pkg until the SBA is fully deployed. |
Name resolution
Public or Private FQDN that point Direct Routing SBA IP. No Public IP is required for the Direct Routing SBA.
Direct Routing SBA should resolve SBC Public FQDN with an address it can access; this is completed automatically for the SBC that hosts the ASM.
| Warning | ||
|---|---|---|
| ||
If you use a Private FQDN for Direct Routing SBA:
|
Encryption-Related Certificates
Microsoft requires a SHA256 certificate for Direct Routing SBA in order to establish TLS connection with SBC. There are several options:
Shared SBC Public certificate (recommended). This is only possible if your SBC certificate is matching one of the next 2 options:Anchor shared shared SBC Certificate is a Wildcard certificate
i.e.: SBC Certificate Common Name "CN: *.mydomain.com" or SBC Certificate Subject Alternative Name "SAN: *.mydomain.com".
SBC Certificate have a SAN for Direct Routing SBA
i.e.: SBC Certificate Common Name "CN: sbc.mydomain.com" and SBC Certificate Subject Alternative Name "SAN: sba.mydomain.com".
Use an existing Public or Private Certificate that cover Direct Routing SBA FQDN.
Create a new Public or Private Certificate that cover Direct Routing SBA FQDN. In this case, a Public or Private Certificate Authority must be ready to sign the certificate for Direct Routing SBA.Anchor new cert new cert
Step 1: Configure SBC 1000/SBC 2000
Run Easy Configuration Wizard
Follow the instructions for your specific scenario; both are listed below:
SCENARIO 1: If your SBC is not yet configured to connected Direct Routing (Greenfield), follow this section: SBC is not yet configured to configured to connected Direct Routing (Greenfield)
SCENARIO 2: If your SBC is already configured to connected Direct Routing (Upgrade from Standalone Direct Routing), follow this section: SBC is already configured to connected Direct Routing (Upgrade from Standalone Direct Routing) .
| Anchor | ||||
|---|---|---|---|---|
|
| Note | ||
|---|---|---|
| ||
Direct Routing SBA is not capable of offering Local Media Optimization (LMO) features, such as:
|
OPTION 1: To connect Direct Routing with a SIP Trunk, refer to: Configure SIP Trunk with Microsoft Teams.
On Step 2, be sure to set Configure Direct Routing SBA as True and enter the Direct Routing SBA FQDN.
OPTION 2: To connect Direct Routing with a ISDN PSTN, refer to: Configure ISDN PSTN with Microsoft Teams.
On Step 2, be sure to set Configure Direct Routing SBA as True and enter the Direct Routing SBA FQDN.
Caption 0 Figure 1 Sample Easy Configuration Screen
| Note | ||
|---|---|---|
| ||
After creating the new configuration, update the existing routing table to fork the call between the Signaling Group Direct Routing and Direct Routing SBA instead of Skype for Business. |
| Anchor | ||||
|---|---|---|---|---|
|
Follow the steps on this page: Configure Single Leg Endpoint for Microsoft Teams. On Step 2, configure Configure Direct Routing SBA as True and enter the Direct Routing SBA FQDN.
Remap the call routing Direct Routing SBA Signaling Group:
In the WebUI, click the Settings tab.
From the left navigation pane, under Signaling Groups, select the Office 365 Direct Routing SBA SIP Signaling Group.
Modify the Call Routing Table to select the From Microsoft Teams Direct Routing call routing table previously used on your device.
Caption 0 Figure 1 Select Signaling Group
Enable Forking to Direct Routing Server:
From the left navigation pane, select Call Routing > Call Routing Table. Select the From SIP Trunk call routing table.
Select the existing entry with First Signaling Group set to Teams Direct Routing.
Set the Fork Call to Yes.
Click Apply.
Caption 0 Figure 1 Enable Forking
Add a call route entry for Direct Routing SBA:
From the left navigation page, select Call Routing > Call Routing Table.
Select From SIP Trunk table.
Click the (
).
Configure the parameters as shown below. Leave all other parameters as default.
Click OK.
Caption 0 Table 1 Routing Entry - Example Values Parameter
Value
Description
To Office 365 Direct Routing SBA
Number/Name Transformation Table
From SIP Trunk: Passthrough
Destination Signaling Groups
Office 365 Direct Routing SBA
Caption 0 Figure 1 Create Call Route Entry
Delete unused resources:
From the left navigation pane, select Signaling Groups.
Delete the SIP Signaling Group called Teams Direct Routing that has been created by the last Easy Config Wizard.
Note title Signaling Group Accuracy If you receive an error that a route entry is using this resource, you may have attempted to delete the wrong Signaling Group.
Caption 0 Figure 1 Delete Signaling Group From the left panel, select Call Routing > Call Routing Table and delete the Call Routing Table From Microsoft Teams Direct Routing created by the most recent use of the Easy Configuration Wizard.
Note title SIP Signaling Group Error If you receive an error that the SIP_SG entry is using this resource, you may have attempted to delete the wrong Call Routing Table.
Caption 0 Figure 1 Delete Call Route Table Note title Migration from for Lync 2013 SBA/Skype for Business 2015 SBA Migrating from for Lync / Skype for Business SBA?
After creating the new configuration, update the existing routing table to fork the call between the Signaling Group Direct Routing and Direct Routing SBA, instead of Skype for Business.
Step 2: Configure Sharing Trusted Certificate Authority Information
| Warning |
|---|
These steps are required only if the Direct Routing SBA does not share the SBC Public certificate. |
The Trusted Certificate Authority information associated with the SBC and the Direct Routing SBA must be shared within the platform.
Export the SBC's Certificate Authority Information to the Direct Routing SBA:
In the WebUI, click the Tasks tab.
Under the SBC Easy Setup, select Certificates.
From the Trusted CAs tab, select the certificate and click Export Trusted CA Certificate.
Save the file on your PC. Repeat the step 3 and 4 for each CA certificate in the table. (These are the SBC CA Certificate used later per Import SBC CA in Direct Routing SBA.)
Import the Direct Routing SBA's Certificate Authority Information to the SBC:
Export the Root and Intermediate Certificate of the Certificate Authority (Public or Private) that as/will generate the Direct Routing SBA certificate.
In the WebUI, click the Tasks tab.
Under SBC Easy Setup, select Certificates.
From the Trusted CAs tab, select Import Trusted CA Certificate.
Select the right format (Copy and Paste or File Upload) and click OK. Repeat step 4 and 5 for each CA certificate.
Step 3: Re-inititalize the ASM on the Teams SBA Image
Re-initializing the ASM on the Teams SBA Image restores the ASM to an unconfigured state. Follow the steps in Re-initializing the ASM and return to Step 4.
Step 4: Install SBC COMMs
To ensure the SBC 1000/2000 can communicate with the ASM, install the latest SBC Communication Service. Following the steps in Upgrading the SBC Communication Service Version and return to Step 5.
Step 5: Setup the Office 365 Direct Routing SBA
Setting up the Office 365 Direct Routing SBA consists of four steps. See below for each step.
- ASM Configuration
- Generate CSR
- Manage Certificates
- Configure Office 365 Direct Routing SBA
Configure ASM for Direct Routing SBA
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365 Direct Routing SBA > Setup.
Click the ASM Config tab and configure/verify the Network and IP settings of your ASM.
From the Remote Desktop Enabled drop down list, select Yes (to enable Remote Desktop) or No (to disable Remote Desktop). Recommended setting is No).
From the Windows Firewall Enabled drop down list, select Yes (to enable Windows Firewall) or No (to disable Windows Firewall). Recommended setting is Yes).
From the Proxy Enabled drop down list, select Yes (enables use of the Proxy Server on the ASM) or No (disables Proxy Server).
Configure/verify the Network and IP settings of your ASM.
Click Apply.
Caption 0 Figure 1 ASM Configuration
Generate CSR
| Warning |
|---|
These steps are required only if you need to create a new Public or Private Certificate that covers Direct Routing SBA FQDN. |
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365 Direct Routing SBA > Setup.
Click the Generate CSR tab.
Generate the CSR as shown below. To ensure creating a valid CSR for Direct Routing SBA usage, see Certificate requirements.
Copy the CSR from the lower pane of the Generate CSR page and save it as a .txt file.
After the CSR is signed by the Certificate Authority, you receive the PKCS7 Certificate file.
| Caption | ||||
|---|---|---|---|---|
| ||||
Manage Certificates
| Anchor | ||||
|---|---|---|---|---|
|
| Warning |
|---|
These steps are required only if Direct Routing SBA does not share the SBC Public certificate. |
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365 Direct Routing SBA > Setup.
Click the Manage Certificate tab.
Click the Action drop-down list and select Import X.509 Signed Certificate.
Paste the SBC CA certificate in the window and click OK.
Import Direct Routing SBA Certificate
| Note |
|---|
Ensure you import the Root and Intermediate certificate before importing the SBA certificate. To import these certificates, follow the instructions below for Import X.509 Signed Certificate. |
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365 Direct Routing SBA > Setup.
Click the Manage Certificate tab.
Click the Action drop-down list and select one of the following options:
Import X.509 Signed Certificate. This option is used if you generated a Certificate Request (CSR) and this is the initial deployment. Paste the certificate in the window and click OK.
Import PKCS12 Certificate and Key. This options imports a certificate you created. Enter the password, select the file (certificate) to import, and click OK.
Proceed with the next step.
Caption 0 Figure 1 Import Certificate 
Configure Office 365 Direct Routing SBA
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365 Direct Routing SBA > Setup.
Click the Configure Office 365 Direct Routing SBA tab.
Configure the information appropriately for your Direct Routing SBA:
SBA FQDN. Must match the FQDN used to define this Direct Routing SBA in the Teams tenant item Teams Survivable Branch Appliance (New-CsTeamsSurvivableBranchAppliance).
SBC FQDN. Must match theFQDN used to define the SBC that hosts this Direct Routing SBA in the Teams tenant item Online PSTN Gateway (New-CsOnlinePSTNGateway).
Create Azure AD Application. Enables the option to create a new Azure AD Application credentials for this Direct Routing SBA.
If you already created an Azure AD Application credentials, select No and enter the credentials in Application ID and Application Secret.
If you did not previously create the Azure AD Application credentials (or if you are not sure what this means), select Yes and enter the credentials in Azure Administrator Account Name and Azure Administrator Account Password.
Warning title Azure Administrator Account Considerations This Azure Administrator Account account needs Global Administrator, an Application Administrator, or a Cloud Application Administrator role.
Enter a Teams Tenant ID. To locate this information, refer to: https://docs.microsoft.com/en-us/onedrive/find-your-office-365-tenant-id.
Click Apply.
Step 6: Install Teams SBA Package for ASM
Install the Teams SBA latest package, ASM_Teams_xxxx-xx-xx.pkg (e.g., ASM_Teams_2021-01-18.pkg). Follow the instructions per Installing an ASM Package.
| Info |
|---|
Ensure the latest Cumulative Updates are installed on the SBA. For information, refer to Installing Cumulative Updates for the SBA. |
Step 7: Configure Deployments with Additional SBCs (if required)
| Warning | ||
|---|---|---|
| ||
This step is required only for networks with more than one SBC on a Branch Office. |
Enable Remote Desktop on the ASM. Refer to: Enabling and Disabling Remote Desktop on the ASM.
Connect the ASM using Remote Desktop Protocol.
As an administrator, open the file C:\Windows\System32\drivers\etc\hosts
Caption 0 Figure 1 Open Host File Add an entry for all the SBCs on the same Branch Office. The entry must contain the SBC Public FQDN and the Private IP Direct Routing SBA uses to reach this SBC.
Caption 0 Figure 1 Edit Host File Save and close the file.
Step 8: Test the Direct Routing SBA
Complete the following steps to confirm the configuration.
Import Direct Routing SBA Certificate Authority
Navigate to Tasks > Office 365 Direct Routing SBA > Certificate.
Ensure the Certificate Chain is reported as valid.
If the page reports Missing Root or Intermediate CA, return to the Setup / Manage Certificate tab, select Import X.509 Signed Certificate and import all the root and trusted certificate that generate the Certificate of the Direct Routing SBA. Once completed, return to the Certificate tab and ensure the Certificate Chain is reported as valid.
Caption 0 Figure 1 Verify Certificate
Confirm SBA Status
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Application Solution Module > Operational Status.
Confirm the Office 365 Direct Routing SBA Service:
Service Status is reported as Running
Service Information is reported as ready
Caption 0 Figure 1 Direct Routing SBA Service Status
Confirm SIP Option
The signaling groups configured for the Microsoft Teams Direct Routing SBA include counters for SIP request and response messages related to incoming and outgoing options. As the
| Spacevars | ||
|---|---|---|
|
In the WebUI, click the Settings tab.
In the left navigation pane, click Signaling Groups.
From the signaling group configured for Microsoft Teams Direct Routing SBA, click Counters.
Check for an increasing message count in Outgoing Options.
Check for an increasing message count in Incoming 2xx.
If not, check the following: Ensure the Sip Server Entry for the Direct Routing SBA matches the cases of the Certificate CN or SAN used by Direct Routing SBA.
- If you just completed the deployment of SBA, a restart of the SBA service may be required before you see the 200 OK increasing message count.
Check for an increasing message count in Incoming Options.
Check the message count in Outgoing 2xx. If the number is increasing, changes you made during validation have resolved the integration issue(s).
Caption 0 Figure 1 Signaling Group Counters
Confirm Teams Client Connection to SBA
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365™ Direct Routing SBA >Teams Client Connected.
Confirm that your Teams client is reported.
Caption 0 Figure 1 Confirm Teams Client Connection to SBA
Confirm Teams Client Can Run in Offline Mode
- Remove the Internet link between the Branch Office and the Microsoft Teams cloud.
Open the Teams client. A banner is displayed, which indicates that the Teams client will ONLY use the SBA to make/receive calls when it is in offline mode.
Caption 0 Figure 1 Confirm Teams Client Can Run in Offline Mode
Step 9: Place Test Call
Complete the following steps to place a test call:
In the WebUI, click the Diagnostics tab.
In the left navigation pane, click Test a Call.
Caption 0 Figure 1 Test a Call Parameters in WebUI Configure the parameters for test calls as follows:
Caption 0 Table 1 Values for Test Call Parameters Parameter
Value
Destination Number
Type a telephone number assigned to a Teams user.
Origination/Calling Number
Type a telephone number assigned to a Local (SIP Trunk or PSTN) user.
Call Routing Table
Select the routing table that handles the calls from Local resources (From PSTN or From SIP Trunk).
Click OK; the call should ring the Teams Client.
Caption 0 Figure 1 Active Call Example If the test call does not ring the Teams client:
Check that the SBC IP routing is properly configured.
Check whether you can place a call from Teams to the SBC.
If the call does not reach the SBC, then complete the following:
Confirm that the firewall is properly configured to allow incoming SIP TLS messages.
Confirm that the federated IP addresses are properly configured.
If the call is Anonymous, refer to Configuring SBC Edge for Select Microsoft Teams Direct Routing Related Migration Scenarios for more details.
If the call from the SBC to Teams does not connect due to a SIP 488 "Not Acceptable Here" coming from Teams with the reason "IceCandidatesAbsent", disable Media Bypass on Teams or enable ICE Lite on the SBC. For details, refer to Configuring SBC Edge for Select Microsoft Teams Direct Routing Related Migration Scenarios.
Step 10: Access Logs
Login to the WebUI of the
.Spacevars 0 product Navigate to Diagnostics> Teams Direct Routing > SBA logs.
From the Log Level drop down level, select the desired log level for the Direct Routing SBA.
Caption 0 Figure 1 Set log lever for Direct Routing SBA Use the table on the same page to view or Download the Direct Routing SBA log files.
Caption 0 Figure 1 Display Direct Routing SBA logs
Step 11: Restart Services
Login to the WebUI of the
.Spacevars 0 product Navigate to Tasks > Office 365 Direct Routing SBA > Start/stop Services.
From the Service Action drop down list, select Stop Service, in Teams Server as the Service Name, and click OK.
Wait for the action to complete.
From the Service Action drop down list, select Start Service, in Service Name select Teams Server, and click OK.
Wait for the action to succeed.
| Caption | ||||
|---|---|---|---|---|
| ||||
Overview
Content Tools