Using an Edgemarc for Direct Routing with Microsoft Teams and CloudCo Partner SIP Trunks

This guide will go over the setup process on an Edgemarc, to utilize it with CloudCo Partner SIP trunks as a direct routing device for Microsoft Teams. This article will not go over Teams side setup and will assume that you have gone through the steps to define your SBC in Teams and setup your users for calling in Teams. You can reference the attached document VOSDOC158, which goes over this process.

1) You'll need to ensure that you are on firmware release 15.6.0 at a minimum. If you are using these devices with Edgeview 15, all firmware updates are available through the portal. If not, please reference this article to get your unit up to date.

https://support.cloudcopartner.com/article/342-latest-edgemarc-firmware

2) You will need to provide a valid SSL cert for your domain that will be used for the SBC. Generally this will require you to use something such as *.FQDN.com as Microsoft Teams does not allow for a straight domain to be used and it has to tie into the domain you are using for Office 365.

To upload certificates, navigate to Security --> Certificates on your Edgemarc.

You will also need a few other CA certificates loaded onto your Edgemarc. It is best if you add the root/intermediate certs for your SSL cert. These need to be uploaded to the unit as a CA certificate. Second, for communication with MS Teams you will need the Microsoft Teams Baltimore certificate, this is attached to the article below and will need to be added as a CA Certificate.

Once complete you should have 2 to 3 CA certificates and one SSL certificate loaded to your device.

3) Navigate to the VOIP page on your unit. You will need to set several parameters on this page for Teams support.

• Enable B2BUA Routing
• Enable Microsoft Feature
• Enable SRTP on Media Security
• Enable MKI Support
• Strip G.729 from Calls

4) Next navigate to Voip --> SIP on your unit. We need to define a specific SDP modification to work with teams correctly. This is located under SDP Modifications

• SDP Codec Operation: Only Allow given codecs
• SDP Section that will be modified: audio
• Codecs: PCMU, PCMA, CN, telephone-event
• Strip Matched Expressions: 

\ba=candidate:.*\b a=rtcp-mux \ba=ice-.*\b

5) On the same page, we will also need to setup our TLS configuration. Depending upon what port you setup in Microsoft Teams for TLS, we will need to match that here. The default is 5061.

• Choose the TLS Protocol Version: TLS 1.2
• Under the WAN: section, choose your uploaded SSL cert and for Policy select Verify if provided.

6) Navigate to VoIP --> SIP --> B2BUA. We now need to define the Teams PBX Trunking Devices on this page.

• Add the Primary, Secondary and Tertiary Teams PBX servers to your Trunking device list. These are as follows

sip.pstnhub.microsoft.com sip2.pstnhub.microsoft.com sip3.pstnhub.microsoft.com

•  PBX model for reach will be Microsoft Teams
• SRTP: Mandatory
• Transport: TLS
• Source FQDN: This needs to be filled in with your Edgemarc's FQDN that you setup

While here we are also going to do the first part of our CloudCo Partner SIP trunk setup. Our trunks have 2 IP addresses for signaling so we are going to add them both on this page.

• Name: Your Choice
• Address: 67.231.8.195 and 67.231.4.195
• Model: Generic PBX
• Transport: UDP

7) Navigate to VoIP --> SIP --> Trunking Group Availability

We are going to be creating 2 Trunking Groups, 1 for our Teams Group and one for our SIP Trunking Group.

• Select the 3 Teams trunking devices and name them as desired, I would recommend TEAMS_GROUP or something similar

• Once added you will want to enable Keep-Alive's, Enable Invite Failover and Enable the Trust Enabled settings under that routing group in your existing routing group list. Finally define your Trusted List address as 

sip-all.pstnhub.microsoft.com

• Create another Routing Group, this time select your 2 trunking devices for your SIP trunk that we added. Name it something simple such as TRUNKING_GROUP. We do not need to set any other settings for our CloudCo Trunks.

8) Navigate back to VoIP --> SIP --> B2BUA

In order to have proper communication with MS Teams we do need to created some Header Manipulation Rules. These may need to be adjusted for your application, but these are what were successful for my implementation with our trunks and MS Teams.

Request-URI 'sip:+' + $to.uri.user + '@sip.pstnhub.microsoft.com' + $env.target_port + ';user=phone' To $to.dispname + ' <sip:+' + $to.uri.user + '@sip.pstnhub.microsoft.com' + $env.target_port + ';user=phone>' From '<sip:' + $from.uri.user + '@sbc01.yourfqdn.com:' + $env.target_port + ' ;user=phone>' Contact '<sip:' + $from.uri.user + '@sbc01.yourfqdn.com:' + $env.out_intf_port + ';transport=TLS>' + $contact.parameter

While here we are also going to add the according actions to send calls to our trunk. No HMR rules were required for our implementation. Ensure you select the routing group you created for the SIP trunk as your trunking device. We also selected the Refer to Re-INVITE setting here.

9) On the same page we will now define our route match rules

• to Teams route
  • Direction: Redirect
  • Mode: BothModes
  • Pattern: Called
  • Called Party: matches --- .
  • Source: Any
  • Action: toTeams

• to SIP Trunk Route
  • Direction: Redirect
  • Mode: BothModes
  • Pattern: Called
  • Called Party: matches --- .
  • Source: TEAMS_Group
  • Action: toSIPTrunk

10) Finally navigate to VoIP --> SIP. We are going to need to define a few settings here to calls to and from the SIP trunk are recognized by the Edgemarc. These settings are as follows.

• SIP Server Address: 67.231.8.195
• SIP Server Port: 5060
• SIP Server Transport: UDP
• Enable Transparent Proxy Mode: Checked
• Limit Outbound to listed SIP Servers: Checked
• Limit Inbound to listed SIP Servers: Checked
• All other settings default
• Also create a list of SIP servers and define the alternate address 67.231.4.195

11) Finally, I would disable all SIP Registration Control related settings under Voip --> Survivability.

With any luck you should see your SBC as active on the Teams Admin Center

All setup is quite dependent upon having your routes created correctly on Teams. We do not go over Teams side setup. In general for our trunks you'll need simple 10 digit and 11 digit dial plans and ensure your users that are setup for direct routing are using the proper routes.

As a reminder Teams is very dependent upon having the proper certs in place and will fail if certs are incorrect or your ports are mismatched on one end.