Transcription
Direct Routing SBAWebinarItzik Mey-TalTraining Manager,AudioCodesErez GabbayR&D Application Manager,AudioCodesRoy WizemanProduct Manager forMicrosoft Solutions,AudioCodesAudioCodes /audiocodes-academy
Session Topics Direct Routing SBA concept SBA Hardware Platforms & Virtual appliance Using the SBA wizard SBA GUI Configure the SBC for having the SBA added2
Main Benefits Overview New! - Available as a virtual appliance Ensure uninterrupted Teams voice calls for HQ and branch offices Secured SIP trunk connectivity with an embedded qualified E-SBC Reduce footprint and power consumption by hosting multiple enterprise applications onone platform PSTN connectivity in parallel and as a fallback to SIP Trunk connectivity Full modularity and interface flexibility, including digital spans, analog ports and BRIinterfaces Fully interoperability with AudioCodes SBCs, supports emergency calling standards,including E911/ ELIN and Local Media Optimization (LMO) User to user calls are supported by dialing extension number or E.164 HA feature supported3
Normal Operation ModeGraph API365sync the User and SBCsettings (routing policies peruser, call blocking rules, callerIDs, trunk normalization rules,ports, PAI headers, HistoryInfo, etc.) to the appliance inorder to be used onceconnection is not availableInternetForked Invite/OptionsMessagesUser oncorporatenetworkDR SBAPOST KeepaliveHTTP REST signalingSIP signalingidentify the users withinthis tenant which areusing this SBACorporateNetworkFirewall withNATCertified Session BorderController(s)ITSPLAN4
Survivability Operation Mode An internet outage365InternetGraph APIForked Invite/OptionsMessagesUser oncorporatenetworkHTTP REST signalingSIP signalingFirewall withNATRegistrationDR SBACertified Session BorderController(s)POST KeepaliveCorporateNetworkITSPLAN5
Signaling in Survivability Operation Mode365The SBA applies therouting policy, caller ID,LBR, normalizationrules, trunk parametersCDR are stored in SBADB are uploaded toOffice 365 once theconnection is backDR SBARegisteredUserUser oncorporatenetworkHTTP REST signalingSIP signalingClient starts sending the“Create Conversation”messages to the SBACorporateNetworkAAD Longlived tokenvalidation(valid for 24hours)InternetFirewall withNATCertified Session BorderController(s)The SBA sends the SIPInvite to the associatedSBCITSPLAN6
Survivability Operation Mode - Entitles Behavior SBA AAD Long lived token validation (valid for 24 hours) When the internet connection is lost for more than 24 hours, PSTN calling capabilitiesare also lost CDR are stored in SBA DB and uploaded to the Office 365 once the connection is back SBC Inbound calls From the time that clients registered to the SBA, the SBA starts accepting the forked incomingInvites, performs translation from SIP to http-based protocol and send it to the client Outbound calls Client starts sending the “Create Conversation” messages to the SBAThe SBA applies the routing policy, caller ID, LBR, trunk normalization rules, trunk parametersThe SBA sends the SIP Invite to the associated SBC7
DR SBA Hardware Platforms Mediant 800B DR-SBA OSN2/OSN4/OSN6 Mediant 800C DR-SBA OSN8/OSN9 ( no VGA connector) Mediant 1000B DR-SBA OSN3B/OSN3C/OSN4/OSN4B8
OSN Server Platforms (1)OSN PlatformOSN3COSN4BOSN6CPUIntel Pentium Processor D15082 Cores, 3M Cache, 2.20GHzMemory8 GBStorage Intel Xeon Processor D15274 Cores , 6M Cache, 2.20GHz16 GBIntel Core i7-5850EQProcessor4 Cores, 6M Cache, 2.7GHz32 GBUp to 2 hard drives(HDMX modules) 500GB HDD or120GB SSD (2 HDD canwork in Raid1)Interfaces 128 GB SSD (or higher, forspecial request) 2 Gigabit Ethernetexternal (rear panel)1 Gigabit Ethernetinternal bus,connected to theMediantUSB 2.0RS-232Graphics2 Gigabit Ethernetexternal (rear panel)1 Gigabit Ethernetinternal bus,connected to theMediant 3 USB 2.0 VGA9
OSN Server Platforms (2)OSN PlatformOSN8OSN9CPUMemory(Denverton)Intel Atom ProcessorC35584 Cores, 2.2 GHz8G RAM(Denverton)Intel Atom ProcessorC37588 Cores, 2.2 GHz8G RAMStorage32G eMMCInterfaces 16G eMMC4 Gigabit EthernetNIC’s1 Gigabit Ethernetinternal bus,connected to theMediant 1 USB 2.0 Console (USB-C) port10
Virtual Appliance DR-SBA Virtual DR-SBA Specifications CPU 4 Cores RAM 8 Gb Storage 50Gb11
Preparing SBA at Datacenter An existing and operational Teams Direct Routing system Media Bypass should be enabled DR-SBA FQDN and Certification Should be trusted by the end points that host the Teams client and by the SBC Azure AD Application Registration Create App Registration in Azure AD and note applicationId and appSecret for the laterinstallation stages Customers can either use the same Azure App Registration for all the SBAs in the Tenantor create a specific App Registration per DR-SBA12
Azure AD Application Registration Sign-in to Azure portal with tenant administrator user and create new AppregistrationRegistering your application establishes a trustrelationship between your app and the Microsoftidentity platform. The trust is unidirectional: yourapp trusts the Microsoft identity platform, and notthe other way around.Enter a Name for your application. Users of yourapp might see this name. You can change it laterSelect this option if you're building anapplication for use only by users (or guests) inyour tenant.Often called a line-of-business (LOB)application, this app is a single-tenantapplication in the Microsoft identity platform13
Application ID and Tenant IDApplication ID also calledthe client ID, this valueuniquely identifies yourapplication in theMicrosoft identityplatform. The ID is usedas part of validating thesecurity tokens it receivesfrom the identityplatform.Copy the application IDfor the SBA set up process14
Configure platform settings15
Adding URIA redirect URI, or reply URL, is the location where theauthorization server sends the user once the app has beensuccessfully authorized and granted an authorization code oraccess token. The authorization server sends the code ortoken to the redirect URI, so it's important you register thecorrect location as part of the app registration processSearch box16
Adding a PermissionApplication permissions are for service- or daemon-typeapplications that need to access a web API as themselves,without user interaction for sign-in or consent17
Permission AchievedAfter adding permissions to yourAPI, you should see the selectedpermissions under Configuredpermissions.Granted for SBA TrainingGranted for SBA TrainingGranted for SBA TrainingGranted for SBA Training18
Application Secret19
Application Secret Select either never or in 1 year or in 2 years for expiration time and descriptionThe client secret is alsoknown as an applicationpassword. It's a string valueyour app can use in place ofa certificate to identityitself. The client secret isthe easier of the twocredential types to use. It'soften used duringdevelopment, but it'sconsidered less secure thana certificate.Copy the new secret valuefor the SBA set up process20
Login Login Via Web Browser to the DR- SBA IP with the following default credentials: User – Administrator Password – Pass12321
DR-SBA Virtual Appliance Initial Page Upon initial login you are prompted to enter the Virtual Edition license The license is mandatory to install Without the license you will not be able to proceed to the next setup wizard page22
Software License Activation Tool Open AudioCodes Web-based Software License Activation tool athttp://www.audiocodes.com/swactivation23
Welcome Page24
Disabling NIC’s Example25
Direct Routing SBA LAN Setup26
Changing the Local Administrator PasswordThe default password is “Pass123”which is recommended to change.You can skip this step if you wish toretain the old password.27
Setting Date and TimeSet the correct date/time/time zone –be sure that you have access to NTP .You can skip this step if the date/timeare already set28
Joining to DomainYou can join to the domain if its required – theTeams SBA can run in Workgroup mode as well.This step is optional.29
Tenant CredentialsYou can alternatively supply Tenant IDinstead Teams Admin credentialsIn case you enter tenant Admin/Password,click Login credentials (this may take sometime). Once successfully logged in, a shortmessage notification that you have loggedin successfully is displayed and tenantinformation is displayed in “Last Logintenant information” section30
FQDN SettingIn case you logged in without supplying theTeams admin username and password you willneed to enter the FQDN manually without theoption to add/select directly from the tenantIn case you wish to select the Teams SBA FQDN thathas already been defined on Teams directly via thePowerShell.31
Teams DR-SBA Certificate The CA that is used must be trusted by the Teams clients and the SBC In case a Private CA is used, you need to verify that its CA is installed on the DR SBA Certificate must include the SBA FQDN in the certificate CN and in the SAN You can assign a Wildcard certificate32
Import Certificate33
Assign certificate34
Application ID and Application Secret Enter the Application ID and application secret received during the App Registrationpreviously defined on Azure AD35
DR-SBA is Ready36
SBA Application Initial pageMenu barAccess to SBC(not applicable onVirtual edition).General DR SBA DetailsDR SBA computer name (definedwhen joining the domain). Ifclicked, a pop-up appearsdisplaying system information.Navigation paneDisplays the currentlylogged-in username.LogoutOpens AudioCodes website, displaying apage with additional DR SBA applications (FaxServer and Auto Attendant IVR).37
SETUP Menu (1)change the login password of theadministrator who is currently loggedinto the SBA Management Interface.configure the SBA server'sdate and time.configure SNMP-based communicationbetween the DR SBA and AudioCodesOne Voice Operations Center (OVOC).38
SETUP Menu (2)configure the DR SBA certificate.Pay attention to which IP address/subnet you specify. You can accidently block access to the SBA. If thisoccurs, use the screen and keyboard to connect to the SBA locally and open the Web interface locallyto fix the access list.By default, any IP address can accessthe Web and RDP (Any option)39
Viewing General SBA Server Statistics40
Restarting SBA Server Stopping and Starting SBA Services41
Configuring Syslog Enable logs to sent to a Syslog server42
Restoring SBA to Factory Defaults Remotely You can restore the DR SBA to factory defaults by using the DR SBA ManagementInterface to remotely soft-burn the image of the SBA (instead using the USB) By default the image on the D:\ partition will be used If you want to burn a different DR SBA image need to have the existing .wim filereplaced43
SBC Setup (for common Enterprise topology) Setup the SBC for Teams Direct Routing support with media bypass and validatethat it works for incoming and outgoing calls before modifying the following tables Proxy Set IP Group IP profile (same profile as used for Teams IP Group) IP to IP routing Add IP-to-IP Routing entry - from Teams SBA to PSTN Add Forking entries for incoming PSTN calls to Teams and to Teams SBA(configure the group policy as Forking)44
Migrating from Skype for Business to TeamsAudioCodes offers a migration path from Skype for Business SBAs and CCE devices toDR SBA (device dependent) Early Bird Promotion - special prices for: New Direct Routing SBA customers Existing Skype for Business SBA or CCE customers looking to upgrade to DR SBA Contact your AudioCodes representative for detailsNew Teams SBA Customers15% discount off SBA hardwareand software, includingprofessional servicesValid until 31 July 2021T&Cs applyExisting SBA/CCE Customers25% discount off SBA upgradepackage, including professionalservices45
46
Thank YouStay in the loop
Training Manager, AudioCodes. Erez Gabbay. R&D Application Manager, AudioCodes. Roy Wizeman. Product Manager for . Microsoft Solutions, AudioCodes. 2. Session Topics Direct Routing SBA concept SBA Hardware Platforms & Virtual appliance Using the SBA wizard SBA GUI
