In this section:
Overview
This document details the configuration required for an SBC SWe Edge to offer Microsoft Teams Phone System-related Direct Routing services in Microsoft Azure. The SBC SWe Edge can be used to connect an enterprise's Teams clients to:
- Third-party party PBX and subtended clients
SIP trunk from a third-party provider (PSTN)
SBC SWe Edge in Microsoft Azure offering Direct Routing Services to Teams Clients
From the Azure public cloud, the SBC SWe Edge offers the same features offered in an on-premises deployment (based on Microsoft®, Hyper-V®, VMware® vSphere® ESXi, or Linux® KVM) in support of Direct Routing, such as:
- Security: Call encryption/decryption, denial-of-service (DoS)/distributed DoS attack neutralization, and protection from toll fraud.
- Interoperability: Call mediation services to connect Teams certified clients to non-Teams clients, including popular 3rd party SIP trunking and SIP PBX platforms such as the Avaya® Aura® Communication Manager and the Cisco® Unified Communications Manager.
- Survivability: Uninterrupted calling services for SIP clients (including Polycom® and Yealink® phones) through built-in SIP registrar and re-routing around failed routes/proxy servers/destination endpoints.
The SBC SWe Edge is certified for Teams Direct Routing media bypass and non-media bypass services. Please refer to Microsoft Teams Phone System Direct Routing certification page.
Step 1: Deploy SBC SWe Edge via Azure Marketplace
These instructions assume the SBC SWe Edge product is deployed via Microsoft Azure and running. If the product is not installed, refer to Deploying an SBC SWe Edge from the Azure Marketplace.
Step 2: Review Prerequisites for Microsoft Teams Direct Routing
Consult the Microsoft documentation for detailed information on Direct Routing interface configuration guidelines, including the RFC standards and the syntax of SIP messages.
SBC Edge Software
Ensure you are running the latest version of SBC software:
- To locate the SBC Edge software current running, refer to: Viewing the Software Version and Hardware ID.
- To download and upgrade a new version of SBC Edge software, refer to: Installing and Commissioning the SBC Edge Portfolio.
Obtain IP Address and FQDN
Requirements for configuring the SBC Edge in support of Teams Direct Routing include:
SBC Edge Requirements
Requirement | How it is Used |
---|---|
Public IP address of NAT device (must be Static)* Private IP address of the SBC | Required for SBC Behind the NAT deployment. |
Public IP address of SBC | Required for SBC with Public IP deployment. |
Public FQDN | The Public FQDN must point to the Public IP Address. |
*NAT translates a public IP address to a Private IP address.
Domain Name
For the SBC Edge to pair with Microsoft Teams, the SBC FQDN domain name must match a name registered in both the Domains and DomainUrlMap fields of the Tenant. Verify the correct domain name is configured for the Tenant as follows:
- On the Microsoft Teams Tenant side, execute Get-CsTenant.
- Review the output.
- Verify that the Domain Name configured is listed in the Domains and DomainUrlMap attributes for the Tenant. If the Domain Name is incorrect or missing, the SBC will not pair with Microsoft Teams.
Users may be from any SIP domain registered for the tenant. For example, you can configure user user@SonusMS01.com with the SBC FQDN name sbc1.hybridvoice.org, as long as both names are registered for the tenant.
Domain Name Examples
Domain Name* | Use for SBC FQDN? | FQDN Names - Examples |
---|---|---|
SonusMS01.com | Valid names: | |
Valid names:
Non-Valid name: sbc1.europe.hybridvoice.org (requires registering domain name europe. hybridvoice.org in “Domains” first) |
*Do not use the *.onmicrosoft.com tenant for the domain name.
Configure Domain Names - Example
Obtain Certificate
Public Certificate
The Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
Refer to Microsoft documentation for certificate information.
Refer to CCADB Documentation for the comprehensive list of supported CAs.
- Refer to Domain Name for certificate formats.
Configure and Generate Certificates on the SBC
Firewall Rules
Ribbon recommends the deployment of the SBC Edge product behind a firewall, within the DMZ, regardless of the assignment of a public IP to the SBC in question. Refer to SBC Edge Portfolio Security Hardening Checklist for more information about the SBC and firewalls.
This section lists the ports, protocols and services for firewalls that are in the path of the SBC connecting to Teams Direct Routing.
Basic Firewall Rules for All Call Flows
Firewall Rules for the SBC with Media Bypass
Step 3: Configure Azure for Microsoft Teams Direct Routing
Assign a Static Public IP Address on the Media Port
Assign a Static Public IP address on the media interface in Azure for Microsoft Teams Direct Routing.
- Connect to the Azure portal. Refer to portal.azure.com.
- From the left navigation pane, click Virtual Machines.
Click the desired VM to be used for Microsoft Teams Direct Routing.
Under Settings, click Networking to open the media interface.
Click on the network interface.
Under Settings, click IP Configuration.
- Click ipconfig1.
- Enable a Public IP address and create a new Static Public IP address on the media interface through a series of windows:
From the Public IP address settings option, select Enabled.
- Click IP address.
From the Choose public IP address window, click Create new.
From the Create public IP address window and the Assignment options, select Static.
Step 4: Configure SBC SWe Edge for Microsoft Teams Direct Routing
Run the Easy Configuration Wizard to configure Microsoft Teams Direct Routing:
- Access the WebUI. Refer to Logging into the SBC Edge.
- Click on the Tasks tab.
- From the left side menu, click SBC Easy Setup > Easy Config Wizard.
From the Application drop down box, select the relevant Easy Configuration wizard. Depending on your network, follow a relevant Easy Configuration wizard. Refer to the table below for guidance.
Easy Configuration - Microsoft Teams Direct Routing ConfigurationDeployment Type Refer to Configuration: SBC Connects to Microsoft Teams via SIP Trunk SIP trunks ↔ Microsoft Phone System Direct Routing SBC connects to Microsoft Teams via IP PBX IP PBX ↔ Microsoft Phone System Direct Routing - The Configuration Wizard is complete
Step 5: Complete SBC SWe Edge Configuration for Microsoft Teams Direct Routing in Azure
Configure IP Routing
IP Routing must be customized in the SBC SWe Edge for Microsoft Teams Direct Routing in Azure. Two options are available for configuration:
- Set the Default Route on the Media Interface.
- Add a Static Route for Microsoft Teams Direct Routing traffic to the Media Interface.
Option 1: Set the Default Route on a Media Interface
When using multiple NICs on the SBC SWe Edge, Azure designates the first Network's Interface as the Primary Network Interface. Only the Primary Network Interface receives a network default gateway and routes via DHCP. To assign the Network Default Route on another Subnet, you must designate another Network's Interface as the Primary Network Interface.
To assign the network default route, refer to Change Azure Default Route.
Option 2: Add a Static Route for Microsoft Teams traffic to a Media Interface
Add a static route for the traffic to the following IP address and Mask: 52.112.0.0/14 (52.112.0.0/255.252.0.0).
For details on creating Static Routes, refer to Creating Entries in a Static IP Route Table.
- Access the WebUI and click the Settings tab. Refer to Logging into the SBC Edge.
- In the left navigation pane, go to Protocols > IP > Static Routes.
- Click Create Static IP Route at the top of the Static IP Route Table page.
Add the following Static Route using your media interface:
Destination IP: 52.112.0.0
Mask: 255.252.0.0
Gateway: 10.1.9.1
- Click OK.
Confirm the IP Configuration
For details on IP Interfaces, refer to Managing Logical Interfaces
Ensure that all network interfaces are configured as follows:
- Access the WebUI and click the Settings tab. Refer to Logging into the SBC Edge.
- In the left navigation pane, go to Networking Interfaces > Logical Interfaces.
- Verify the following is configured:
- IP Assign Method: DHCP.
DHCP Options to Use: IP Address and Default Route.
- Update if required.
Step 6: Confirm SBC SWe Links to Microsoft Teams
For troubleshooting steps, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.
Step 7: Place a Test Call
Place a test call as follows: Click OK. Test a Call - Configuration The test call is now complete. For troubleshooting steps, refer to Best Practice - Troubleshoot Issues with Microsoft Teams Direct Routing.
Place a Test Call - ParametersParameter Value Destination Number Number assigned to a Teams user. Origination/Calling Number Number assigned to a Local user Call Routing Table The routing table that handles the call from Local resource.