Overview
Azure Communication Services are cloud-based services with REST APIs and client library SDKs available to help the user integrate communication into your applications.
For more details related to ACS, visit: https://docs.microsoft.com/en-us/azure/communication-services/
ACS will use Microsoft Direct Routing Signaling Framework for the telephony services with configured SBCs. Prior Direct Routing knowledge is helpful for the understanding of call flows.
The Ribbon SBC Edge was tested with ACS direct routing along with web calling sdk client "version :4.46.0 ".
Prerequisites
The following prerequisites apply to the configuration:
The FQDN should not be registered onto the Office 365 network.
- The TLS certificate should be occupied by Microsoft verified CA which will be used for pairing of the SBC to ACS direct routing.
Ensure you are running version at least 9.0.3 of the SBC software:
- To locate the SBC Edge software current running, refer to: Viewing the Software Version and Hardware ID.
- To download and upgrade a new version of SBC Edge software, refer to: Installing and Commissioning the SBC Edge Portfolio
- To install SBC Edge, refer to Install SBC Edge.
Step 1: Install SBC Edge
These instructions assume the SBC Edge is installed and running. If the product is not installed, refer to the links below.
Step 2: Configure Azure Communication Service Configuration on the Azure Portal
To register a Session Border Controller with Azure Communication Service:
- Login to the Azure portal at portal.azure.com
- Search for Communication Services and then click Create as shown below.
Use the required active subscription and resource group, give a resource name, and click Review+Create.
Once the deployment and creation is successful, go to the created communication resource as shown in the following image.
Click the Direct Routing option to pair the SBC with Azure Communication Service.
Click Configure.
Once the configure direct routing page appears, configure the SBC FQDN and signaling port, and click Next.
Enter the Voice Route Name and Number pattern to be used for landing the call onto the SBC and select the created SBC from the dropdown.
Click Save.
The above images are example results of successful ACS direct routing configuration.
Step 3: Configure SBC Edge for ACS Direct Routing
Only outbound calls from the ACS client to the SBC are currently supported.
Obtain Certificate
Public Certificate
The Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
- Refer to Microsoft documentation for certificate information.
- Refer to CCADB Documentation for the comprehensive list of supported CAs.
- See Domain Name for certificate formats.
Configure and Generate Certificates on the SBC
ACS Direct Routing allows only TLS connections from the SBC for SIP traffic with a certificate signed by one of the trusted certification authorities.
Request a certificate for the SBC External interface and configure it based on the example using GlobalSign as follows:
- Generate a Certificate Signing Request (CSR) and obtain the certificate from a supported Certification Authority.
- Import the Public CA Root/Intermediate Certificate on the SBC.
- Import the Microsoft CA Certificate on the SBC.
- Import the SBC Certificate.
The certificate is obtained through the Certificate Signing Request (instructions below). The Trusted Root and Intermediary Signing Certificates are obtained from your certification authority.
Step 1: Generate a Certificate Signing Request and obtain the certificate from a supported Certification Authority (CA)
Many CA's do not support a private key with a length of 1024 bits. Validate with your CA requirements and select the appropriate length of the key.
- Access the WebUI.
- Access Settings > Security > SBC Certificates.
Click Generate SBC Edge CSR.
Enter data in the required fields.
Click OK. After the Certificate Signing request finishes generating, copy the result to the clipboard.
Figure Generate Certificate Signing Request
Use the generated CSR text from the clipboard to obtain the certificate.
Step 2: Deploy the SBC and Root/Intermediate Certificates on the SBC
After receiving the certificates from the certification authority, install the SBC Certificate and Root/Intermediate Certificates as follows:
- Obtain Trusted Root and Intermediary signing certificates from your certification authority.
- Access the WebUI.
- To install Trusted Root Certificates, click Settings > Security > SBC Certificates > Trusted Root Certificates.
- Click Import and select the trusted root certificates.
- To install the SBC certificate, open Settings > Security > SBC Certificates > SBC Primary Certificate.
Validate the certificate is installed correctly.
Figure Validate Certificate
- Click Import and select X.509 Signed Certificate.
Validate the certificate is installed correctly.
Figure Validate Certificate
- To install the Baltimore CyberTrust Root Certificate, click Settings > Security > SBC Certificates > Trusted Root Certificates.
Click Import and select Baltimore CyberTrust Root Certificate.
Validate the certificate is installed correctly.
For certificate-related errors, refer to Common Troubleshooting Issues with Certificates in SBC Edge.
Configure SBC Edge for ACS Direct Routing via Easy Configuration Wizard
The SBC Edge is configured via the Easy Configuration Wizard.
- Access the WebUI. Refer to Logging into the SBC Edge.
- Click on the Tasks tab.
- From the left side menu, click SBC Easy Setup > Easy Config Wizard.
From the Application drop down box, select the SIP Trunk ↔ Microsoft Teams Easy Configuration Wizard. Depending on your network, follow a relevant Easy Configuration wizard. Refer to the table below for guidance.
Deployment Type
Refer to Configuration:
SBC Connects to Microsoft Teams via SIP Trunk SIP Trunk ↔ Microsoft Teams - On the signaling group, under RTCP Multiplexing, select Disable.
- On the signaling group, under ICE Support, select Disabled.
Step 4: Verify SBC Pairing with ACS Direct Routing
Access the WebUI. Refer to Logging into the SBC Edge.
In the WebUI, click Monitor.
- Under each newly created Signaling Group (created for each tenant), confirm the channels are green. For details on channel status, refer to Monitoring Real Time Status.
Once SBC is paired successfully with ACS direct routing, you can begin making calls from the ACS client. Currently, only outbound calls are supported.
For troubleshooting steps, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.
References
- ACS – For a list of Ribbon SBC products supported for ACS, refer to the following page on Microsoft's website: https://docs.microsoft.com/en-us/azure/communication-services/concepts/telephony-sms/certified-session-border-controllers.
- Ribbon – For more information, refer to: https://ribboncommunications.com/solutions/enterprise-solutions/microsoft-solutions.