In this section:
The SBC Edge is certified to offer Microsoft Teams Direct Routing services; the SBC Edge can be used to connect any Teams client to:
These instructions detail how to configure the SBC Edge (SBC 1000/2000 and SBC SWe Lite) deployed with a Microsoft partner (sells telephony services delivered to Microsoft Teams) to connect Microsoft Teams Direct Routing services for multiple independent enterprise customers (Tenants). A tenant is used within the Microsoft environment as a single independent enterprise that has subscribed to Office 365 services; through this tenant, administrators manage projects, users, and roles. Refer to Configure a Session Border Controller for multiple tenants for Microsoft partner requirements in support of multiple tenants.
The network diagram below shows an SBC Edge device deployed at the Microsoft partner data center, including communication between:
Ribbon SBC Edge at Microsoft Partner Data Center Supporting Multiple Tenants
Each Microsoft Teams Tenant requires a dedicated Egress SIP Signaling Group configured with a SIP Profile to match the Microsoft Online PSTN Gateway created on the Microsoft Teams Tenant. This Signaling Group is only used for call traffic directed to Microsoft Teams, and specifically configured not to accept incoming SIP Requests.
Call traffic from Microsoft Teams to the SBC Edge is aggregated onto single Ingress SIP Signaling Group for all Tenants. The Call Routing Table associated with this Ingress SIP Signaling Group is configured to distribute the traffic to specific ITSP, based on the call parameters (such as the Called Address/Number).
Multi-Tenant Routing Call Routes
These instructions assume the SBC Edge product (SBC SWe Lite, SBC 1000/2000) is installed and running. If the product is not installed, refer to the links below. Installation Requirements On KVM: Installing SBC SWe Lite on KVM HypervisorProduct Installation SBC SWe Lite SBC 1000 Installing the SBC 1000 Hardware SBC 2000
Consult the Microsoft documentation for detailed information on Direct Routing interface configuration guidelines, including the RFC standards and the syntax of SIP messages.
Ensure you are running the latest version of SBC software:
Requirements for configuring the SBC Edge in support of Teams Direct Routing include:
SBC Edge Requirements
Requirement | How it is Used |
---|---|
Public IP address of NAT device (must be Static)* Private IP address of the SBC | Required for SBC Behind the NAT deployment. |
Public IP address of SBC | Required for SBC with Public IP deployment. |
Public FQDN | The Public FQDN must point to the Public IP Address. |
*NAT translates a public IP address to a Private IP address.
For the SBC Edge to pair with Microsoft Teams, the SBC FQDN domain name must match a name registered in both the Domains and DomainUrlMap fields of the Tenant. Verify the correct domain name is configured for the Tenant as follows:
Users may be from any SIP domain registered for the tenant. For example, you can configure user user@SonusMS01.com with the SBC FQDN name sbc1.hybridvoice.org, as long as both names are registered for the tenant.
Domain Name Examples
Domain Name* | Use for SBC FQDN? | FQDN Names - Examples |
---|---|---|
SonusMS01.com | Valid names:
| |
hybridvoice.org | Valid names:
Non-Valid name: sbc1.europe.hybridvoice.org (requires registering domain name europe. hybridvoice.org in “Domains” first) |
*Do not use the *.onmicrosoft.com tenant for the domain name.
Configure Domain Names - Example
The Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
Refer to Microsoft documentation for the supported CAs.
Ribbon recommends the deployment of the SBC Edge product behind a firewall, within the DMZ, regardless of the assignment of a public IP to the SBC in question. Refer to SBC Edge Security Hardening Checklist for more information about the SBC and firewalls.
This section lists the ports, protocols and services for firewalls that are in the path of the SBC connecting to Teams Direct Routing.
Microsoft Teams Direct Routing in support of multiple tenants requires wildcard certificate support to protect the Microsoft partner's SBC FQDN and Tenant's SBC FQDN (i.e., SAN=myMicrosoftPartner.com, SAN=*.myMicrosoftPartner.com). The SBC Edge products fully support wildcard certificates.
These instructions assume the SBC Edge has been configured for Microsoft Teams Direct Routing through the Easy Configuration wizard.
OR
The SBC Easy Configuration wizard configures the SBC Edge for one Tenant; additional Tenants subscribed to Microsoft Office 365 services (Microsoft Teams Direct Routing) must be configured manually with the configuration items below. For documentation purposes, the following terms are used in the configuration examples.
Configuration Used in This Document
Configuration | Example used in this document |
---|---|
SBC FQDN for Microsoft partner | myMicrosoftPartner.com |
SBC FQDN for Tenant | tenant1.myMicrosoftPartner.com |
Microsoft description | Microsoft Phone System |
Tenant Name | Microsoft Phone System Tenant 1 |
You must access the SBC Edge's WebUI to configure the items below. To access the WebUI, refer to: Logging into the SBC Edge.
The SIP Profile controls how the SBC Edge communicates with SIP devices; the profiles control important characteristics such as: session timers, SIP header customization, SIP timers, MIME payloads, and option tags. The SIP Profile must match the information in the Microsoft Online PSTN Gateway created on the Microsoft Teams Tenant.
Click the (
) icon at the top of left corner and add a new SIP profile.Configure parameters shown below:
SIP Profile Configuration - Example Values
Parameter | Example Value |
---|---|
Description | Microsoft Phone System Tenant 1 |
FQDN in From Header | Static |
Static Host | <Tenant's SBC FQDN> tenant1.myMicrosoftPartner.com |
FQDN In Contact Header | Static |
Origin Field name | <Tenant's SBC FQDN> tenant1.myMicrosoftPartner.com |
SIP Profile Tenant 1 - Example
Click the
Configure the parameters as shown below and click OK. For details on parameter definitions, refer to Creating and Modifying Transformation Tables.
Transformation Table - Example Values
Parameter | Example Value |
---|---|
Row ID | Assigned by the system |
Description | Microsoft Phone System Tenant 1 |
Create Transformation Table
Configure the parameters as shown below. Leave all other parameters as default.
Click OK.
Transformation Entry Tenant 1 Configuration - Example
Parameter | Example Value |
---|---|
Description | To Microsoft Phone System Tenant 1 (example name) |
Match Type | Mandatory |
Input Type | Called Address/Number |
Input Value | <Enter Tenant 1 Phone Number > (\+151048512\d{2}) |
Output Type | Called Address/Number |
Output Value | \1 |
Transformation Entry Tenant 1- Example
Two Signaling Group types are required for call traffic between Teams and the SBC's SIP Trunk:
Ingress Signaling Group (For Calls From Teams). Calls are routed on a Single ingress SIP Signaling Group for all Tenants. Calls are then distributed by the Call Routing Table to the specific ITSP. The From Microsoft Teams Signaling Group is created during Easy Configuration.
Egress Signaling Group (For Calls from the PSTN SIP Trunk to a Tenant). Each Microsoft Teams Tenant requires a dedicated egress SIP Signaling Group. This Signaling Group is used only for call traffic directed to Microsoft Teams; this Signaling Group is configured not to accept incoming SIP requests. The calls are then distributed by the Call Routing Table to the specific Tenant. The maximum number of tenants is limited to the maximum number of signaling groups (this assumes one signaling group per tenant). This signaling group must be created new for each Tenant.
Create the egress Signaling Group as follows:
From the Create Signaling Group drop down box, select SIP Signaling Group.
Configure the parameters as shown below. Leave the default values for all other parameters. For details on parameter definitions, refer to Creating and Modifying SIP Signaling Groups.
Click OK.
Signaling Group Tenant 1 Configuration - Example Values
Parameter | Example Value |
---|---|
Description | Microsoft Phone System Tenant 1 |
SIP Profile | Microsoft Phone System Tenant 1 (created in previous steps) |
Media List ID | SIP Trunk Routing List (automatically created in Easy Configuration) |
Signaling Media/Source IP | Ethernet 1 (example, pick the interface which faces the Microsoft Phone System) |
SIP server table | SIP Trunk Server (automatically created in Easy Configuration) |
Load Balancing | Priority: Register All |
Call Routing Table | From SIP Trunk (automatically created in Easy Configuration) |
Outbound NAT Traversal* | Static NAT |
NAT Public IP* | Example: X.XX.XX.X (Only required if Outbound NAT Traversal is selected) |
Federated IP/FQDN | This field must stay empty. NOTE: In Easy Configuration, the signaling Group from From Teams (Calls from Teams Signaling Group to PSTN SIP Trunk) generates sip-all.pstnhub.microsoft.com as the Federated IP/FQDN. This FQDN accepts all IP addresses from Teams Signaling Group. As a result, all incoming traffic from Teams is accepted. |
*Outbound NAT Traversal and the NAT Public IP is required when the SBC is behind a NAT (the pubic IP address of NAT device is required when the SBC has Private IP). The Public IP address specified in the screen graphic is an example only
Signaling Group Tenant 1 - Example
The Easy Configuration process creates two Call Routing Tables for transporting calls between the SBC's SIP Trunk and Microsoft Teams: From SIP Trunk (Calls from SIP Trunk to Teams) and From Microsoft Teams (Calls from Teams to SIP Trunk). For calls to be routed properly from the SIP Trunk from the SIP Trunk to an individual Tenant, an entry must be added to the From SIP Trunk Routing table (this Routing Table was created as part of Easy Configuration) for each Tenant.
Add an entry in the Call Routing table for each Tenant as follows:
From the left navigation pane, click on the Call Routing. Click on the From SIP Trunk Call Routing Table.
Configure the parameters as shown below. Leave all other parameters as default. For details on parameter definitions, refer to Creating and Modifying Entries to Call Routing Tables.
Click OK.
Call Routing Tenant 1 - Routing Table configuration
Parameter | Example Value |
---|---|
Description | From Microsoft Phone System Tenant 1 |
Number/Name Transformation Table | Microsoft Phone System Tenant 1 |
Destination Signaling Groups | Microsoft Phone System Tenant 1 (from the previous steps) NOTE: This is the dedicated egress Signaling Group created above; the Routing Table must have a corresponding entry for each dedicated egress Signaling Group created for each Tenant. |
Call Routing Table - Example
For troubleshooting steps, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.
Place a test call as follows: Access the WebUI. Refer to Logging into the SBC Edge. In the WebUI, click the Diagnostics tab. In the left navigation pane, click Test a Call. Configure the parameters as shown below. Click OK. Place a Test Call - Parameters Parameter Value Destination Number Number assigned to a Teams user. Origination/Calling Number Number assigned to a Local user. Call Routing Table The routing table that handles the call from Microsoft Teams. Test a Call - Configuration Place a Test Call - Example The test call is now complete. For troubleshooting steps, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.