Planning for Direct Routing in Microsoft Teams

Planning for Direct Routing in Microsoft Teams

SUBTITLE'S INFO:

Language: English

Type: Robot

Number of phrases: 1885

Number of words: 13127

Number of symbols: 59437

DOWNLOAD SUBTITLES:

DOWNLOAD AUDIO AND VIDEO:

SUBTITLES:

Subtitles generated by robot
00:00
welcome to our team's IT Pro Academy training this is a multi-part series on direct routing in this lesson we'll be talking about planning for direct routing with Microsoft teams in addition to this training you can find other I - Pro Academy trainings at our a kms for / teams Academy link if you have feedback that you'd like to provide on this session you can see the links and instructions noted on the slide here if you have feedback on the product itself make sure that you follow our a kms / teams feedback link you can
00:33
see at the bottom of the slide the current version of this presentation now some of the key learnings that we're going to cover in this session direct routing allows you to connect your existing a phone infrastructure to the Microsoft team service director adding itself will require a certified session border controller now we'll cover what those are as we go throughout the presentation we will also cover the configuration for direct routing in detail during the session but we do also have it clearly documented on our Doc's
01:03
portal let's take a look at the full agenda for the multi-part training on direct routing the first lesson will cover what is direct routing when to use it and how to properly plan for direct routing the second lesson will cover configuring direct routing and managing director adding and the third lesson will cover migrating to direct routing the lesson that you're currently taking is highlighted on this slide so let's begin with what is direct routing and when should we use it
01:36
when we look at enterprise voice in the cloud from the Microsoft Office 365 standpoint we do of course leverage the Microsoft teams stack for the enterprise voice feature set from a marketing standpoint this is also known as phone system and in the traditional world you might have referred to this as a PBX or a private branch exchange is what PBX stood for it's an old-school telephony moniker that we used to use in the service though we've evolved this into
02:08
the world of phone system and when we deal with phone system this is analogous to the various features and functions that you can do with your particular client like I can make a phone call I can answer the phone I can put a call on hold and so forth but in order for me to be able to fully realize that I have to be able to connect my phone system to the rest of the world right and by the rest of the world we typically mean the public switched telephone network or the PSTN as we call it you'll also hear this referred to as dial tone right being
02:40
able to not just talk to people within your organization but be able to utilize your phone to call users and organizations that are outside of your environment now there are two distinct ways that we can support this in the team's world the first option that you see here on the left is what we call Microsoft calling plans Microsoft calling plans allow Microsoft to beat your telephony provider so we provide the phone numbers to you where you provide the phone service to you much like if you were to go to say you know a cellular carrier like Verizon or
03:11
something he would get phone from them you can get the service from them as well that would be the idea of Microsoft calling plans now that's not currently the focus of this training but you can certainly go to the link you see in the upper right a kms slash teams Academy to learn more about the Microsoft calling plans and phone system in general where we're going to focus in is this box on the right hand side here which is direct routing in teams now this particular mechanism allows the customers to bring their own provider to our service so
03:43
when you look at calling plans for example we only offer that in about a dozen countries today but with direct routing you can take an organization that has an existing carrier from basically anywhere and bring that into the office 365 platform phone system when paired with calling plans and direct routing can provide this full enterprise calling experience for all office 365 users on a global scale now let's dig a little bit deeper into the architecture we'll start over
04:17
here on the left hand side with our PSTN or public switched telephone network this is analogous to an existing telco or telephony provider today and oftentimes these providers will provide their service through a mechanism such as a PSTN trunk this trunk here could be over IP right so it could be a SIP trunk or it can be a what we call a TDM or a time division multiplex type trunk like a t1 or an e1 or what we would call a PRI or a primary rate interface as we look at the architecture here the
04:49
connectivity between the PSTN service on the left and Microsoft teams phone system on the right is controlled by this certified session border controller the session border controller is the component that allows for the connectivity between the telephony environment and the microsoft office 365 service now the session border controller can also connect to other phone environments such as a third party
05:19
PBX right perhaps this is a cisco call manager or anivia platform the session border controllers can also connect into what we call a TAS or analog telephony adapters which would allow us to hook up or wire up analog devices into the Microsoft Teams platform the session border controller is central to the implementation of direct routing in teams so what are some of the key benefits of direct routing well as we saw on the last slide one of the key things that can give us is the ability to interrupt
05:51
or interconnect with third party systems so if I am performing a migration from a legacy platform a legacy PBX I can use this direct routing environment to provide an interconnect path for example maybe I'm not going to migrate all of my users all in one shot this would allow for some users that are on teams to be able to communicate with some users that are still on the legacy PBX this also gives us an opportunity as you see in the second box to leverage any existing contracts we might have with our service
06:22
providers a lot of times when you sign up with a telco they are multi-year contracts and they are very difficult to exit so if you have a three-year contract with your telephony provider and you still have two years left on it you can't just walk away from it so being able to switch out your old PBX for Microsoft teams while still leveraging your existing service provider is a huge benefit for direct routing now each user will get their own D ID or what we call direct inward dial that's their actual phone number and direct routing gives us this capability
06:53
of leveraging this experience even in geographies where Microsoft doesn't offer our calling plan service so as I mentioned before there is only a certain number of geographies that Microsoft provides calling plans in and if you're not in that particular geography well what would you do what you would use direct routing now if you are in a country that has calling plans you could leverage direct route in addition to the calling plans environments and we'll talk a little bit later about how that can be beneficial and why you would want
07:24
to do that and first best scenario here at the at the end is there is less of a hardware footprint because it's literally just the session border controller that we have to deal with for those of you that are coming from the Skype for business world you probably will remember a concept that we had called cloud connector Edition or CC II which was a much heavier Hardware footprint that was required to be able to do something similar to what we're doing here with direct routing now there are a few considerations to be aware of with regards to direct routing
07:59
first year I want to talk about is what we call service numbers now in the Microsoft world a service number is a number that is designed to handle a higher concurrency of calls contrast that say to a user number write a phone number that you would assign to an individual user generally individual users don't get a high volume of calls all at once right but when you look at say an auto attendant write an organizational auto attendant or dial and conferencing or things of that nature those are phone numbers that typically
08:30
get a much higher concurrency of calls in the Microsoft world we call those service numbers now if you are utilizing call queues or what we used to call hunk groups right back in the day or the organizational auto-attendant it is supported to bring those phone numbers in through the direct routing environment so the phone number that you use for your organization your 1-800 by organization what have you you can bring that in through the direct routing environment and into the office 365 service conferencing on the other hand
09:02
dial-in conferencing that is not able to be brought in through the direct routing environment unless you happen to be in the government the GCC high or the DoD platforms because those platforms don't have any other option available to them for dial-in conferencing but if you're in the commercial clouds or just GCC moderate you are not able to use direct routing to provide dial in numbers for your conferencing services ok if you do perform a dial back from a conference
09:33
write the call me at for example and you have direct routing deployed we will not currently use that direct routing path that will go out through service itself the actual conference bridge will make a dial out from the service and it will not Traverse your direct routing path dynamic emergency calling is another important component also you may have heard this referred to as dynamic or a 9-1-1 in the united states this is available for both calling plans and direct routing and the direct routing
10:04
world it requires us to an additional emergency routing service provider and if you see the a K and this link that I have on the slide here dr - SBC you can see the current certified ers piece that we have for direct routing and gateways that we have for direct running if you want to deeper dive on dynamic emergency calling make sure you go out to our teams academy and we have a dedicated session just on dynamic emergency calling there and last but not least direct routing is only
10:35
supported with Microsoft teams you cannot use direct routing with Skype for business okay let's jump into planning for direct route behind liberal planning steps for direct routing are as follows first as a customer or as an IT pro we need to determine if we're going to self deploy or if we're going to provide or go through a hosting provider for this next we'll look at what licensing is required and what endpoints we're going to leverage then we'll dig into the session border controller aspect we'll talk about the configuration of the session
11:11
border controller itself specific items like FQ DNS right call a fully qualified domain names that we need to use certificates that we're going to need to acquire for the devices IP ranges and ports that we need to open in our firewalls the voice routing components so that we understand how to actually route and properly route calls and optionally if necessary how we can optimize the media flow for direct routing on of self deployed versus a partner hosted
11:44
SBC there is the opportunity today for partners to provide a hosted service for you now you might wonder why why would I want to do that well if you look at the table that we have here on the slide you can see as we map out the benefits the advantages the disadvantages if you go with the self deployed route this will give you as the customer or as the IT administrator absolute control over the session border controller all of the connectivity to the PBX and everything
12:17
that goes along with it which then means you're also now responsible for configuring it right so if you haven't worked in the voice space before or you're not too terribly familiar with some of the terminology we use in voice you may not be comfortable with the configuration aspect of it not to mention if you're self deploying you actually have to acquire the hardware right you need to purchase it you need to maintain it do its updates and so forth right contrast that with a partner hosted model right a number of partners that are out there are offering hosted direct routing services where for a base
12:49
fee you basically purchase a SKU for them and they take care of hosting the SBC configuring the SVC and maintaining the SVC itself now the support model may be a little bit more complex in that world because now you have to work with the carrier that's providing the partner hosted solution and then also together with Microsoft because we provide teams but it could be a viable option for organizations that are maybe not too savvy with voice or don't have an on-site tour any administrator to handle
13:21
the configuration of the SBC now currently we don't have a dedicated certification program for partner hosted solutions right we do certify the session border controllers themselves but we don't actually certify the partner solutions at this time so you do want to make sure if you are a partner and also if you're a you know an end customer as well that you understand what the cost structure of the support process and so forth is going to be standpoint Microsoft side users will need to have the Microsoft phone system
13:56
license the Microsoft teams and Skype for business plan two licenses Skype for business plan - that's if it's included in the license package that they have for example if they have an e SKU or something of that nature it is critically important if that Skype for business plan - license is included in the licensing package that you do not remove Skype for business plan - from the user account even if the user is in teams only mode this is needed for some provisioning as well as some other components that we use on the back end
14:27
for Interop from home do conferencing perspective this one is required if we want our external participant scheduled meetings to have dial and coordinates it's not technically required for direct routing per se but the inclusion of the audio competent license around the user to schedule a meeting and have that meeting include dialing coordinates as well as provide dial out capabilities from the meeting itself now if you don't have the audio comforts of license you are still able to do ad-hoc conferencing
14:59
meaning I can have a one-to-one call and then add another person to it without the other conferencing license that would be initiated through the direct routing environment but if the user has an audio conferencing license then when I add the third person to that ad hoc escalation it would be initiated by the audio conferencing service itself and that's basically what we mean by the bullet ad hoc conferencing behavior dictated by the audio conferencing license from an endpoint support standpoint from a DR functionality we
15:30
basically will support any of the current teams clients we also include common area phones the Skype for business third party IP phones or three pip phones they do work but there are some limitations that you need to be aware of that you can look at based on the link that we have on this slide now let's take a deeper dive into what exactly a session border controller is a lot of times you'll hear the terminology of an SBC or a session border controller but you may not be too terribly familiar with you know what it is and what its
16:04
purpose in life is so a session border controller is a network component a network appliance that is meant to provide a number of services for us number one it's meant to provide connectivity for us so as you can see in the diagram here right smack in the middle here's my session border controller this allows teams which is on the right-hand side here right there's phone system there's our internet connection into our firewall and there's the session border controller right this little leg that we have here this is the direct routing configuration that we're
16:36
talking about so it allows for connectivity between the teams environment which we have here two other voice components right and those other voice components could be simply the public switch telephone network like you see here right this could be a trunk that has come in from you know AT&T for example or a PRI line like a t1 or something of that nature so it provides that connectivity for us to the public switch telephone network it could provide connectivity to an on-premises PBX right this could be anivia or a
17:08
cisco platform it can provide connectivity between teams and the Skype for business on-premises environment right this is our mediation server in Skype for business server so the session border controller provides that mechanism of connectivity for us but it's much more than just connectivity the session border controller also provides a mechanism of security it is essentially for all intents and purposes of firewall for sip traffic sip is the session initiation protocol right and that's the protocol that we use to
17:39
interconnect the team's environment to all of these other telephony components that we're talking about here but it is a security device that's why when we look at an interface like you see here and you see how this is connected to the internet a lot of folks would go oh I don't want to put that thing on the Internet well it actually has firewalling components built into it to provide security for that sip traffic stream that's going to be passing through the session border controller it also provides media services for us including things like
18:09
transcoding then the support for voice and for video calls right in the world of SIP we often have what we call and I've noted it here a beat to be UA or a back to back neutral agent right and that's having one session connected here one sip dialogue that's here from teams and then another one that's between the session border controller and you know whatever happens be on the other side whether it's Skype or whether it's this PBX that we have and this gives us the capability of having a bunch of intelligence built into the border
18:39
controller to allow for connectivity of these disparate systems right this might be a legacy PBX that understands very few codecs and does some very limited you know audio codecs for example and the session border controller could transcode that and say well that's fine I can speak that language on this side and then when I go to speak to teams I can speak a more modern language write a more modern codec so the session border controllers are extremely powerful devices that provide at a minimum the
19:12
components that you see here session border controllers to work with Microsoft teams must go through a certification process this process ensures that the devices are validated by a third-party lab they get tested daily in a pre-production environment that we have in our service and this is a process that is done together between not only Microsoft but the vendor or the set sbcu vendor themselves you can see in the middle of the slide I have the
19:45
link to the list of supported SBC's so you can always go to that link and check and see we do not only certify the make and model but there's also a firmware version that we certify and the intent is that it doesn't have to be that exact version but it needs to be at a minimum that particular version major version and all of those details are listed out on that particular site it's also important to note that the session border controllers they don't have to be physical devices of course they can be
20:17
and a lot of times they are physical appliance is that you purchase from the vendors but they also can be virtual devices that you could deploy into Azure or into AWS for example as at the time of this recording Audiocodes has a template built inside of azure where within a couple of clicks you can have a virtual SBC deployed in the azure stack in mere minutes which is pretty awesome so once we acquire a session border controller whether it's physical or virtual the next thing we need to be
20:51
sure of is what's the name of the appliance that we need to use so there are some requirements we have to be aware of with with the fqdn or the fully qualified domain name of the SVC itself first and foremost when you spin up a tenant in the Microsoft 365 world by default we give you this registered domain name of star on Microsoft comm right in this case the company it was contoso so they get contoso on microsoft.com that's the default domain
21:24
that's built into the service you can't use that domain name as part of your session border controllers name so you have to register what we call a vanity domain at least one vanity domain into the office 65 service so here you can see that we've actually registered contoso calm as a DNS domain a vanity domain inside of the service and that means with this DNS suffix I could use any of the valid names that you see here right I could call an SBC one I could give it a geographic name like Europe
21:57
contoso comm or what have you it has to be linked to that DNS suffix as a base though meaning I can't do this SBC one Europe contoso comm because Europe is actually a sub domain Europe condo SOCOM is actually a sub domain I would need to have Europe contoso comm registered as a domain in addition to you contoso comm if I wanted to go down this path right so key thing on this line you do have to register a domain and you cannot use the built in start on
22:30
Microsoft com domain once you have a name you're going to need to acquire a digital certificate for the device now we need the digital certificate because when the service communicates with the session border controller we're going to use em TLS or mutual TLS mutual transport layer security mutual TLS ensures that you know we can validate that identity of the trusted SBC it's not just hey I found its name and resolved it to an IP
23:04
I can connect to it but I'm actually exchanging certificates to ensure that the device is who they say they are and vice-versa from the microsoft service side now we're gonna go buy a certificate well there's a couple of different options that you have now of course if you only have one SBC it's it's pretty straightforward right you just go by one certain you're done but if you have an organization that is deploying multiple session border controllers and you have to buy multiple certificates what do we want to do with this right well one of the options is
23:34
you can use wildcard certificates right that's the first option you here see here to minimize cert cost right I can go and get a wildcard certificate in the subject alternative name or thus and I've got the wildcard entry of star canto SOCOM I could then use this one certificate and import and export it all the way across all of my session border controllers if I so desire now that's helpful from a certain cost standpoint but you know every time you're moving these certs around you're exporting and importing private keys things of that nature is it's always a bit of a
24:06
security risk if you do that but it certainly does help to minimize cost you know on the flip side way over here on the right we could maximize security by simply giving each gateway or each session border controller its own cert and that ensures that we never remove the private key from the device so that's as secure as it's gonna get but that's as costly as it's gonna get to because now if I have 50 session border controllers I have 50 Gateway excuse me 50 certificates that I have to
24:35
purchase that could be quite a bit right you could go somewhere in the middle and balance this out rather than just getting one cert and using them for everything or using one cert per maybe you balance it out where in this instance we have four gateways that we're deploying first and we buy one certificate that includes all four of those names so I can share this one certificate across these four gateways but then when I get my next batch of gateways in maybe I go and buy another certificate and I only share that one
25:07
certificate across the next four right so it's a bit of a balance because that way you're not you know sharing one cert across everything but you're also not moving to the other side of the spectrum you do need to make sure when you acquire certificate take a look at that akms link because you have to ensure that you are using a supported certification authority because we have to trust the issuer of that certificate and there's only a certain set of certificate authorities that the Microsoft Service trusts IP ranges and
25:40
ports are critically important because we need to ensure that the session border controller is able to communicate properly with the service now when I look at the charts that we have here on this slide it's important to understand that the SPC requirements that we're going to talk about here are different from the client requirements that you might have so the IP source and destination ports that we're looking at here are slightly different than what a traditional team's client might use to connect to the service second piece to
26:13
be aware of and I mentioned it in the upper right is this particular slide that we're looking at is applicable to the office 365 commercial as well as the government community cloud the GCC moderate or the standard GCC cloud if you're not familiar with that concept of what GCC even means then trust me you are in commercial but if you are in the government cloud there are different types of government clouds this particular slide applies specifically to the GCC GCC moderate and office 365
26:44
commercial also as you're looking at these ranges and ports double check with your SPC vendor on any guidance that they may have with regards to that or network address translation for you know the public IP address that would be associated with the SPC so we're going to start on the left side here I have two sections of the tables that we look at there's the sip signaling ports and the media ports anytime we're talking about a VoIP style connection there's always two paths that we look at there's a signaling path that we take signaling is what we use to actually establish the
27:16
call to do call set up and then there's the actual media path and media is where we would send the audio and/or video traffic and in this case this would be audio traffic so I'm going to start with the signaling side of the house this is the signaling that we do over TLS and sip you'll notice that when I look at the tables here it's going to indicate the components that we're talking from and the component that we're talking to as well as the corresponding source and destination port so starting on the left side here with signaling the from IP
27:49
this is the service our sip proxy in the service when it is talking to your SBC's public IP address will use basically any source port that you see in this range here the destination port will be the port that you have defined when you configure the session border controller itself now generally this might be port 5060 75068 but technically you could make this really any port that you want as long as you make sure to tell the service about it which you would do when you register you know the SBC with office 365 now in the opposite direction
28:21
your SBC's public IP you know talking to the service talking to our sip proxy well again the source port is going to be that port that you've defined on your SBC but the destination port here needs to be 50 61 because that is specifically the port that service is listening on for signaling traffic when it comes to media media happens as VP we have our media processors in the service and when they are talking to your s pcs public IP will use the defined port range that you
28:53
see here as our source ports and again the destination port will be the range that you define on your session border controller and then you can see the opposite pathway here from the SBC to the service itself now when we look at these port ranges it is recommended to have at least two ports per concurrent call for the SBC so if the SBC is expected to have you know a thousand concurrent calls then there should be at least a range that includes two thousand ports so just keep that in
29:24
mind if you're defining your own custom port ranges for this now the table on the right summarizes the fqdn s that we talk to as well as the respective IP ranges that we talk to the fqdn connection points that we have start with sip PSTN hub Microsoft comm this is our globally routable fkn and this one must be tried first as the sip two and sip three entries that you see here are our secondary and tertiary fqdn these
29:54
particular fqdn tier will resolve to one of the IPS that you see in the list here CEO of course need to make sure that you are allowing your SBC to be able to make connections into that particular range and then lastly when we look at the media processors themselves right which is what we're dealing with over here right media process - the SBC the media processors are going to be within the ranges that you see on this slide this slide for IP ranges and ports is adapted specifically to the GCC high
30:29
environment as you can see in the upper right so if you are not attendant that is in GCC high then you can just ignore this right if you are a tenant that is in the GCC high cloud then take a peek at the specific sip signaling ports media ports and fqdn ranges that we use here these are different from the commercial ranges right so there's a few call-outs here you can see our destination ports are restricted right
31:00
the service is going to connect your SBC but you can only pick either 50 61 or 62 the connection point here is different and the IP ranges are different so you need to make sure that you pay special attention to this if you are in GCC hi likewise for IP ports and ranges for GCC in the DoD or the Department of Defense clown this is the IP ranges and ports and connection points that you will use for the Department of Defense again like we mentioned before if your tenant is
31:35
not in the DoD cloud then just ignore this don't worry about it but if your tenant is in the DoD cloud again keep in mind we have some restrictions on the ports that we can use we have a different connection point that we use specific to DoD and different IP addresses that you see here that are specific to the DoD cloud the next part of planning involves discussing voice routing before we dive deeper into the voice routing concept I wanted to step up a level and talk about all the various
32:09
voice configuration objects that we have related to voice routing on the left side of this slide you'll see three items our voice routing policy our usages and our routes these components are the anchors that we use to configure the actual voice routing component and we'll talk about that more on the next couple of slides but these pieces together are going to encompass what we commonly refer to as class of service and class of restriction which basically
32:41
means I may have a set of users that are allowed to dial like any number that's out there I might have a different set of users that can only dial domestic or maybe only local numbers and maybe I have a lobby phone that's sitting out in my corporate Lobby and I want it to only dial you know a few distinct numbers and that's it all of those behaviors are going to be able to be controlled through the three components that we see on the left side on the right side we have other configuration objects at play
33:10
here one is what we call dial plans the dial plans help us to define the users habits for dialing maybe they're used to dialing five digits for an extension or they do a ten digit dial or what have you so dial plans are a way for us to codify that user's dialing behavior through number patterns and then we have the concept of the Gateway right in our last section we talked about the session border controller and what its purpose is the Gateway is effectively a
33:42
representation of that session border controller in the service you may also hear this referred to as a trunk so you'll hear us say you know gateways trunks SBC's they're all effectively the same from a logical standpoint and you'll see as we go throughout this and other training sessions that the Gateway is also where we can configure translations of numbers as well as various features like dynamic emergency calling or location-based routing now usages are an interesting creature
34:17
because a usage by itself fili doesn't do much right the definition of a usage is the pstn usage specifies the class of the call and oftentimes will make that something like internal local long distance international that can be made by various users or groups of users and it's leveraged by being associated to a voice routing policy and a voice route so if you just build a usage that's only
34:49
gonna give you this middle section that's like nothing it's literally just a text value but for this to be usable by a user will take this PSTN usage maybe this is a local only usage will associate it with a voice routing policy this then gets assigned to a user right so now my user Alice has a routing policy which says she is allowed to make a local call that's great but then the usage also has to get assigned to a
35:19
voice route because the voice route itself is assigned to a gateway or a session border controller right so that lets us see the end to end of here's Alice Alice has a voice routing policy that has a usage that says she's allowed to make local calls which are allowed to traverse this route to go out this gateway to get out to the service the order of these usages because as you can see here one policy could have many usages in it right this guy here actually has
35:50
three usages the order in which the usages are listed is critical because once we find a match through this usage route combination we don't validate or evaluate any of the other usages so it could have unintended consequences if you have these ordered differently you might expect a call to go out SBC one and the call actually ends up going out SBC two or you know you end up having the user making a class of call but you
36:20
didn't expect them to be able to make let's take a look an example here in this example the requirement that we have is for our users to be able to only make calls to us numbers and Canada numbers specifically when that user is calling the seattle slash redmond range which are numbers that start with 425 or 206 there are a specific set of session border controllers that we want them to use so the user dials plus 145 or plus 1
36:51
206 I would like them to go to SBC's 1 and 2 and then any other number that they call in the US or Canada I would like them to go to SBC's 3 & 4 so this is what this looks like here you can see on the left hand side this is going to account for that specific Redman slash Seattle range use case right here's my usage PSTN usage of us lat underscore Canada the usage by itself does nothing but I take this usage and I associate it
37:25
with this voice round notice what the voice route which is titled red + 1 there's my number pattern then I'm gonna match so that's the numbers that go to the Redman range 4 to 5 or 206 and these are the session border controllers that are tied to that route you can see them right here online gateway lists SBC 1 & 2 so this route uses these SPC's for numbers that start with this number pattern because the route is linked to this usage this usage is linked to this
37:55
voice policy and this voice routing policy is assigned to this user when this user dials plus 145 or plus 1 206 numbers the call is going to route to either SBC 1 or 2 because they're both listed in the same route we'll just randomly pick one so that solves this second piece here but what about the first piece the user can only make calls to us in Canada well the US and Canada numbers are more than just 45 and 206 how do I handle the rest of that well take a look over here the only
38:26
difference is I've added a new route the new route here is called US and Canada it has a more broad number pattern that we match plus one followed by ten digits right so standard eleven digit dial for the north american numbering plan but you notice it has a different set of gateways SBC three and four the route ordered list is important right because this has a priority one this has a priority to route ordering is very much like PSTN
38:58
usage ordering right where the order matters right because if I were to flip the order of these routes and a user dials plus 145 it would match this pattern first and go out these s pcs and that would be bad I don't want that so I have to make sure the routes are in the right priority here just like if I were using multiple usages I would want to make sure that those are in the right order as well let's talk about dial plans for a moment the idea of a dial plan is to effectively codify a user's dialing
39:32
habits it's a set of what we call normalization rules that will translate a dial string to a full unique number you can see in the screenshot here I have a number of examples of an organization that was using a three digit dial plan so they were used to in their old PBX if they wanted to call another user they just knew that person's three digit extension and in Boston for example there are three digit extensions all started with two - one or
40:04
two - and they would just go and dial the three digits and the person's phone on the other end would ring sweet well how do we replicate that kind of behavior in teams well we can do that through a normalization rule in this instance typically when I do my normalization rules I want to ensure that I convert my numbers into what we call the e dot 164 format the e dot 164 format is an international dialing standard which is designed to ensure that the number that you produce is a
40:35
unique number throughout the globe all right so you don't end up with overlap of numbers and it's done based on it typically will be prefixed with a plus sign followed by a country code followed by after that it's usually dependent on you know the country itself it may be for example in the US plus one and then an area code or NPA and then an X X right so something of that nature typically we will want to take our normalization rules and convert them
41:08
into e.164 so as an example here with my friends in Boston when they put in a three digit extension I prepend it with +1 the NPA the area code is 6 1 7 the N X X is 5 5 5 and then 0 and then the dollar sign 1 is the 3 digits so this three-digit Boston extension if I dialed you know an extension of 2 1 1 would turn into plus 1 6 1 7 5 5 5 0 two-one-one you can see on the bottom
41:40
right here this is not going to be a class on normalization rules but there's some tips there for you on how to build out normalization rules it's just done through standard regular expressions there is a limit to the maximum number of dial plans that you can have in a tenant as noted here and there is a limit to the maximum number of normalization rules that you can have per dial plan as noted here on the slide the dial plans are all about manipulating dial habits and normal is it with normalization rules now just
42:13
because the habit was done a certain way in the legacy PBX doesn't necessarily mean we have to do it the same way inside of teams you can see here this is a simple slide that shows the paradigm shift in teams we focus more on contacting a person write it name based dialing so if I want to go and contact one of my colleagues you know honestly I couldn't even tell you what one of my colleagues extensions is because I have
42:45
no clue I just know that when I want to talk to one of my colleagues like Bob I just go find Bob and I start a team's call with Bob where as following this over here to the right back in the legacy PBX days if I wanted to call Bob I maybe had to take my phone off the hook and dial Bob's extension don't know hey I got a call Bob and boom away we go right you could choose if you're migrating from team to teams from a legacy PBX you could choose to copy the
43:15
legacy PBX behavior right and take all of those legacy dial habits and bring them into teams that's a complex set up pretty high effort is supported but I mean technically it might be challenging from an admin standpoint these are some pretty big negatives for copying this I mean for the user they're happy because it's a great experience nothing changes right but to be honest when you're deploying teams that's a paradigm shift in and of itself so now might be the great time to shift us over here maybe
43:47
start training your users from an adoption campaign perspective to break that habit of digit dialing and things of that nature and bring them into the world of name dialing right that's a lot easier on the IT admin but it's big change for the user right and of course you still have old phones that are out there like analog devices that don't have the luxury of being able to do name-based island usually what I found is most organizations fall somewhere in the middle of the spectrum right they don't completely copy the legacy PBX but they also have the luxury of being able to just
44:19
discard all of it and go to name guiley only so you usually have to find a happy medium when we go to do tile plans in teams there are three different types of dial plans available the first type is what we call a service dial plan these are assigned based on the service country that is assigned to the user when you create them in the admin portal right that's not the team's I've been portal that's just the regular portal Microsoft comm alright when you go and create a
44:52
brand new user you have to tell us that users location we're gonna use that location to determine the surface country that they're in and we will then assign a service level dial plan for that particular user as an IT administrator though you also have the option of creating tenant based dial plans they can be customized whereas the service country one cannot be changed right that's maintained by us and the service the tenant level wants can and there's a global tenant dial plan which would apply as you would expect globally
45:23
to your entire org but there's also a user level dial plan where you could create this and then go and assign that particular dial plan to specific users now there is a hierarchy that's involved with these three different plan types and it's important to understand that this dial plan scope or this hierarchy works different when you introduce the tenant dial plans themselves if you have done nothing in the service and you've just simply created some users enabled
45:54
some users and then you went and configured direct routing and that was it you're gonna be in the first bucket on the left-hand side here you will be using the dial plan that we have built for your service country itself if you have gone ahead and mucked around with the global dial an and you've created a few normalization rules and there but you haven't you know created your own user level dial plan then you're going to be in this middle bucket here the difference here is we actually will
46:24
merge together the service country dial plan with the tenant global dial and right so it's there's not an order of precedence here we actually merge them together and then apply it to the user likewise on the right inside if I have the service country dial plan and then I create a dial plan for a specific user we will merge together the tenant user dial plan with the service country dial plan this
46:56
differs if you've come from the Skype for business world this is different than how we used to do it with on-premises dial plans before in the Skype for business world they were based on a hierarchy we had this concept of global site pooled user and it was always the most specific one that would apply that's not so in teams in teams it's always merging together whatever dial plan you've built whether it's user level or global with the service country dial plan so now we understand a little bit about
47:28
what Dyle plans are I don't even know if we need them right well that's the first step of this process you need to decide if there are any additional rules that you need because remember we give you a service level dial plan by default that means you can go out in PowerShell and use a command like get cs effective tenant dial plan and that will show you for this user the set of normalization rules that we already give you by default in the US for example we automatically give you 10 digit dial and 11 digit dial and so forth so maybe the
48:00
rules that are there are good enough and you don't need to do a thing that's ideal right but maybe you look at the default rules and you go yeah you know what I have a particular site where I have to do this four digit dial thing or this three digit dial thing okay well step two if you've decided that you do need to create your own normalization rules for your environment great what dial plan type are you going to build are these rules that apply to everybody in the organization because if they are then you can just modify the global dial
48:31
and if they're not and they're specific to maybe a department or they're specific to a building or what have you then you're probably gonna have to build a tenant user dial plan put the rules in that and then go ahead and assign that to the individual user once you determine what type of dial plan step three allows us to identify valid number patterns for each plant right again we want to make sure that only the number of patterns that are not defined in the service level country plan are in
49:03
our custom one because remember we're gonna merge them together right so there's no reason to duplicate what's in the service level dial plan step four critical piece as well maintain some consistency in your dial plant names you should come up with a naming strategy that you use so that it's not just called dial plan one and then you have no idea what it has to do with right if it is a dial plan that you're doing three digit extensions in Atlanta come up with a naming convention that's easy for you to recognize by name but this is
49:35
Oh for the Atlanta office for three digit dial okay let's look at the end-to-end voice routing basics and let's bring all of this together with all these various pieces that we've just talked about so here's my scenario I have a user that's using teams this user is located in the Netherlands and they are attempting to make a call to one of our Redmond offices plus one forty five five five five one two one two when the user goes
50:11
to make this call first thing we're going to do is check to see if they have been assigned a voice routing policy because if they haven't been assigned a voice routing policy we don't have any way to route the call through direct routing right because that's what we've looked at earlier the voice routing policy is that anchor point for us that's going to help define class the service class restriction can they make this call well if they don't have a voice routing policy assigned okay they can't make this call through direct
50:42
routing now that doesn't mean the call fails right because the next thing we can check to see is well has the user been assigned a calling plan through Microsoft because remember organizations can use both right an individual user could have both direct routing and calling plans assigned to them so in this instance I go wow they don't have a voice route do they have a calling plan way up they don't have a calling plan then we're toast look a call is gonna fail at that point but if the user does have a calling plan assigned the next
51:13
thing we'll check to see is is that calling plan inclusive of domestic or domestic and international now because the user here is in the Netherlands and they are calling a plus one number that's the north american numbering plan that would be an international call from the netherlands well if this person only has domestic they're not allowed to dial international the call will fail if they do have an international calling plan
51:45
assigned then they'll be able to successfully complete this call via microsoft calling plan now if we step back a bit here to this voice routing policy if the voice routing policy does in fact exist that means that they have been additionally configured for direct routing well now we're gonna go look at the voice routing policy we're gonna go look at the usages in order and we're gonna look at the routes that are associated with those usages to see if we can find a match if
52:18
we can't find a match well that's gonna send us back through the flow of do they have a calling plan because if we couldn't find a match that means there wasn't any way for them to route this call through direct routing and if there's no match and they have no calling plan and the rest of that flow you know you only end up with either to call failed or success through the Microsoft calling plan but if we do have a match right so they have a voice routing policy yep we looked through the usages that are associated with this
52:50
policy that are associated with a route and we found a match we're gonna send that out by the SBC that's defined in the route if that SBC is online success the call is completed via direct routing if the SBC is not functional or all of the SPC is defined on that route are not functional then the call will fail you can leverage multiple SBC's if you so desire to allow for not only load
53:23
distribution but also for availability purposes multiple SBC's can be grouped together in a single voice route like we saw in the example earlier where I used you know SBC 1 and SBC 2 for the routes that were going to my friends in Seattle and Redman depending on the SBC vendor sometimes the SPC's can be combined into a cluster so it might actually be to physical session border controllers but it's tied together as a virtual entity and teams would then only see it as one
53:56
SBC but you know the devices themselves would be able to provide availability and little distribution between themselves but teams would only see it as one right that's all depending on how the SBC vendor sets these things up you can also build high availability in with backup routes because when we look at the ramps they do have priorities assigned if you think back to the example we gave earlier I had a priority one route which was for my plus 145 and plus one 206 numbers that went out SBC's
54:28
1 & 2 but if those 2's pcs went down for whatever reason I could continue processing my voice routes because I'm in that same usage and I would find the next match which was a plus 1 which went to SBC's 3 & 4 that would give me the ability to use the backup routes because I had set that as a lower priority right the lower priority route would only be used if there's no SVC and a higher priority route that was available you can also utilize multiple SBC's for dr
55:00
for disaster recovery purposes right the voice routing policies can be used to only allow certain users to use specific routes but you could make it such that if we lost all the s pcs in the u.s. maybe a subset of Europe of the users could place calls to the US but maybe make them go out of Europe gateway and do some translations there which would result in international but hey and you're in a disaster you could use this multiple SPC world to be able to provide disaster recovery there are of course some caveat
55:31
with doing that specifically around you know is it the same carrier in two locations or not because often if it's not the same carrier you won't be able to just route numbers out you know another carrier when they don't own you know the the calling number so some things to think about there let's talk about optimizing media indirect routing now while we don't actually cover the depth of media flows in this particular
56:02
session it is critically important to understand how to properly plan for media bypass with direct routing now at a high level effectively what media bypass means is rather than having the media flow from the team's user which if you take a look on the screenshot that I have on the left rather than having the media flow from the team's user up into the service which would be basically hitting one of our media processors were transferred relays and then back over to the session border controller itself media bypass basically means well let's
56:33
bypass the cloud and allow the team's user to be able to send media directly to the session border controller itself now depending on how you have implemented media bypass determines how we actually connect from the team's client to the various session border controllers and what I mean by that is if you have simply turned on the media bypass flag right there's an on/off switch essentially for video bypass for the session border controller config the user will need to have access to the
57:05
public IP address of the spc now this is regardless of whether the user is inside the network or outside the network a way that you can deal with that is to utilize what we call local media optimization which I'll talk about in a little bit in this session in general media bypass is recommended whenever the user is in the same physical building or the same well connected network as the session border controller itself now this is specific to media hence why we call it media bypass so signaling itself
57:36
is not affected that always goes through the cloud but this is specifically about optimizing media inside of teams talking to the session border controller itself so as we embark on planning for media bypass one of the first things to look at is make sure that we understand which endpoints are supported and from the teams perspective our teams desktop clients that's the PC and Mac clients as well as our teams following devices that includes our teams phones or teams mobile applications things of that
58:08
nature those are supported endpoints for media bypass any other endpoint that we use if it attempts to make a call over a media bypass bypass leg will automatically convert that to a non bypass call for you this is automatic the administrator doesn't have to take any action for this to happen it'll just simply work and this is important to realize for downlevel clients like the Skype for business third-party IP phones or three pip
58:38
phones the team's web clients such as the new edge Google Chrome Mozilla Firefox write those particular endpoints don't support media bypass and if they attempt to make a call and we want to set that up as a bypass call of course that wouldn't work since they don't support it but will fall back to a non bypass call so that the call will still complete you do want to make sure that you check the list of supported SPC's that we have in the link on this page to ensure that they do support media bypass
59:09
in their configuration as we talked about earlier in this presentation there is a defined set of IP ranges and ports that we configure between the session border controllers and the service itself when we're implementing media bypass there are a few additional considerations that we need to take into account first and foremost let's understand that signaling itself doesn't change this is all about optimizing the media path but the signaling path will still traverse the service and back now when we have users that are inside the
59:42
network the behavior is going to depend on how we've actually configured media bypass itself by default the users that are inside of the network will need to be able to connect to the public IP address of the session border controller that means that the networking folks are typically going to need to configure what's called a hair right which means that the team's client that's inside your network sends its traffic out and then back in to be able to hit the public IP address of the respective SBC if that's not a desirable
01:00:13
configuration for you there is an alternative configuration that we're going to talk about in a little bit here and that's called local media optimization local media optimization would allow us to configure it such that the teams client that is inside your network would be able to talk to the internal IP address of the session border controller rather than its external IP media processors are still need to be considered as part of the media bypass discussion and you might be thinking well why we're gonna bypass media right yeah but they're always in
01:00:46
the path for our various voice apps and specifically for clients that don't support media bypass right like those web clients or the three pip phones that we talked about from an external SBC requirement we have to keep in mind that there's a few additional things to be aware of right when we looked at that IP range and port lists before we were always talking directly to media processors but in this case we also have to be able to talk to transport relates as you can see on the charts that we
01:01:17
have on the right-hand side the IP ranges really haven't changed from the previous slide that we saw before the media port range of course we do have to keep in mind that if we are going to allow the team's client to talk directly to the public IP of the SBC then we have to make sure that we allow the source ports that we use for audio which is the range that you see here by default to be able to talk to the SBC's public IP and then we have to make sure that we allow the media ports to be able to be open
01:01:48
between the session border controller and the transport relays as well as the media processors right we had seen these media processors before but now we have the ability to have these session border controllers and transport relays to be able to talk so let's take a little deeper into this concept of local media optimization the idea of local media optimization is to allow us to control how the media traffic flows between the teams client and the customers session border controllers rather than simply being
01:02:21
locked in to what we have to talk to the public IP we can now get a little bit more granular as to how we control that media traffic flow this allows organizations to keep the media local and within the boundaries of their corporate network subnets so that we don't end up having traffic egress the network if it's not desirable the other cool thing about local media optimization is a allows us to have media streams between our teams clients and session border controllers even if those SBC's are behind a corporate
01:02:53
firewall with a private IP and not actually visible to Microsoft directly so with local media optimization we are not required to have a public IP address on the particular SBC that we want to be able to talk to on the internal network so what are some of the use cases for local media optimization well of course as mentioned before this is all about the desire to keep the media local and within the boundaries of our corporate network in turn this means it would give us the opportunity to
01:03:26
connect to the internal or the private IP address of the SBC rather than having to you know hair pin out to the public IP address this also again opens the opportunity for branch offices that maybe have an SBC but they don't have an internet break out with a public IP that they could assign to the SBC they probably have trunks there maybe they're old TDM trunks that are connected to the SBC this would open up the opportunity for teams clients to be able to connect directly to that private IP address of the SBC and then utilize the TDM trunks
01:03:58
that are established in that particular branch office now you might be wondering but what about the quote unquote traditional media bypass or you know how we started this discussion well that that traditional media by a pass really was just more of an on/off switch for the particular SBC itself right and when that media bypass switch was turned on great we could talk to the SBC directly but we can only talk directly to its public IP this opportunity for local media optimization allows us to be a
01:04:28
little bit more granular as to how we optimize this media now if your tenant is totally fine with connecting to the public IP of the SPC's maybe that's how you have it configured today that's fine there's no need to change it is not mandatory to move to this idea of local media optimization it just gives us another tool in our toolkit to be able to further optimize that media traffic between our teams clients and our local session border controllers so let's
01:04:59
cover some terminology in relation to local media optimization there's this concept of a proxy SBC and a downstream SBC so when we look at this conceptually the proxy SBC is always going to have a public IP address it is effectively the session border controller that we'll be connecting to and talking with the service it's deployed the same way that we've talked about deploying s pcs throughout this whole session it's planned the same
01:05:30
way it's configured the same way it's basically deployed as any other SPC would be for direct routing and it could be a target of our online voice routes so if we look at the image here right here is the office 365 service on the right here's our proxy SBC right this guy happens to be in the Singapore site he actually has a public IP address assigned to him right on his public interface here that's this 172 address he does actually have an internal IP address assigned to them as well and again this is registered with the
01:05:59
service as normal right the downstream SBC this is an SP see that we've configured in another site this is a branch office right this branch office has PSTN connectivity right maybe this is a TDM you know type trunk pri or something of that nature so this SBC doesn't actually have a public IP address we call it a downstream SBC because it becomes associated with the upstream with a proxy SBC that means
01:06:30
from a signaling perspective this guy can go through the proxy SBC and up to us and vice versa right that also means that this particular downstream SBC can become known to the service and we can target it with a voice route and the service would then know hey if you need to send a call to this particular session border controller you have to go through this one because that's the proxy SBC let's
01:07:01
put the context with the story we have a customer contoso contoso has two regions they have their Europe region and they have the APEC region on the left the Europe region has about 30 countries with offices and each of these offices have their own PBX we've done an analysis we've determined that the trunks for all of these respective offices can be centralized into one location and that location we've chosen is Amsterdam so we've deployed a session border
01:07:31
controller in Amsterdam with enough bandwidth for all the calls from all of the various countries to be able to be served through this central location that means all the countries in Europe would be served by the Amsterdam location for inbound and outbound calling contrast that with the APEC region in APEC this company has multiple offices in different countries but many of those countries can't switch to sip maybe the SIP connectivity is not
01:08:00
available maybe those particular offices already have contracts with the telco but for whatever reason they can't switch over to sip so we don't have this opportunity to centralize these trunks over sip and there's many TDM or time division multiplexing trunks that exist at these respective local branches on top of that there's more than 50 branch offices across this region there's hundreds of gateways and session border controllers all throughout the environment as a result we can't actually pair all of these gateways
01:08:31
directly to the service because we don't have that many public IP addresses available for those respective SBC's on top of that we may not even have the proper internet connectivity that's necessary at that branch office to be able to support a public IP address for that particular SBC in some cases there's a need for local PSTN connectivity due to the regulatory requirements in some of these specific countries so based on these two regions that we have we're going to kind of dive a little deeper now and look at the
01:09:03
scenarios that will support these regions and effectively the scenarios are for Europe we're going to look at the centralization of trunk scenario for a pack we're going to look at the virtual topology of SBC's scenario so let's double-click a bit on the scenarios that we talked about in that last example let's take the Europe region the Europe region we're talking about doing the centralization of all local trunks so in that scenario essentially we're going to have a
01:09:34
centralized SBC deployment so as you can see here's my Amsterdam location here's my central SBC and I have my trunks coming in from my provider and these trunks are gonna service all 30 or so of those countries I've only drawn a couple on here right Germany and France but you can imagine there's a bunch of these countries that are there they're all being serviced by this central SBC this SBC gets registered into the service just like we had seen before when the user is inside the network they will be
01:10:05
able to connect to the inside IP address of the session border controller when the user is outside the network as you see here they'll be able to connect to the public IP address of the session border controller now if you want more detail on the media flow itself and all the different nuances that we have for this go out to our teams Academy site with the link that you see there and check out our updated media flow module for further details now if we dive a little deeper the APAC scenario with the APAC scenario
01:10:38
we were looking at building a virtual network topology of SPC's building a virtual network topology basically means we're going to let the service know that there are proxy and downstream SBC's in the environment so if you remember that scenario we had some sites that had the capability of being able to be converted to sip but not all so here I have my Singapore site right in my Singapore site I actually have my public internet
01:11:08
connection with the ability to provide a public IP address so this guy becomes my candidate as my proxy SBC right here is his public IP he's registered to the service and life is good we have other sites like Vietnam and Indonesia here that have SBC's in them they have TDM connections potentially to the PSTN Network but they don't have an internet connection that allows for a public IP to be assigned to this
01:11:40
particular session border controller itself so as a result we can configure this particular session border controller as a downstream SBC to the proxy SBC that's in Singapore thus media will stay local when possible so if my user is inside the Vietnam site here they'll be able to send their media directly to this SBC and out to the PSTN and vice versa with an incoming call we'll be able to send that directly into this user when they're in this site even
01:12:10
though this particular SBC is not publicly exposed to the Internet now what happens if that user leaves the corporate network right well when that users outside well of course they can't talk to this Vietnam SBC directly because it has no public IP address but they would send their media through the proxy right so their media would go to the public IP address of the proxy SBC and the proxy SBC would as its name would imply a proxy right the media over
01:12:40
to this downstream SBC which would then send the media on its way to the PSTN Network now to be able to implement local media optimization there's a couple of components that we need to plan for first and foremost we need to configure what we call the network configuration components right we have to build a wire map that effectively educates the service about what our corporate network looks like these are the same components that we would use if we had configured location-based routing and if we have configured a dynamic emergency calling
01:13:14
so you might already have some of these components configured if you do you can just simply reuse them with local media optimization these components include the region's sites subnets and most importantly the trusted IP addresses right the trusted IP addresses are those addresses that your corporate users would expose to the service you know when they browse the internet so that we know that you are actually on a corporate network you want more detail on that one check out the dynamic emergency calling session that I did on
01:13:45
the teams Academy site there will be SBC specific configurations that need to be done for local media optimization so make sure that you check with your SBC vendor and get the updated documentation from them to properly configure local media optimization there are two modes that we can select from on a per SPC per gateway setting for media optimization mode one is what we call the always bypass mode always bypass is recommended when connectivity is good between your
01:14:19
branch offices and your SPC's so think about that Europe scenario right with Amsterdam we centralized all of the SIP trunks well that means the LAN connectivity from all 30 of those sites to get to Amsterdam must be pretty good in that case I would set that mode to always bypass that means a user that's in any one of those sites would be able to talk to the inside or private IP address of that SBC MOTU on the other hand is called only for local users this is recommended when the connection between the local branches isn't so
01:14:50
great right the local branch and the regional office meaning the connection between the downstream SBC and the proxy SBC that's got to be a good connection there is media that can flow through that especially for users that are outside the network but you know if you have users in different sites like Indonesia and Vietnam and those sites don't have great connectivity well then you might turn on mode 2 which is the only for local users which means that you know if a user that's in the Vietnam site wants to talk to the SBC that's in
01:15:22
Vietnam they're in the same site great they can talk but if the users in Indonesia well they're not in the same site as that downstream SBC so they'll have to send their media through the proxy SPC instead there are no additional external firewall ports or IP range updates that you need to make here because it's all basically the same as what we had looked at before when we were looking at the base configuration for media bypass let's summarize what we've talked about in our direct routing sessions
01:15:55
in this lesson we covered the first two items of what direct routing is when to use it and how to properly plan for direct routing now that you've completed the planning session the next listen you should move to is configuring and managing director outing

DOWNLOAD SUBTITLES: