This article is applicable to those organisations with Direct Routing chosen as their PSTN (Public Switched Telephone Network) connection strategy. This article will detail the necessary prerequisites and steps for setting up and configuring your Session Border Controllers (SBCs) for Direct Routing.
SBCs must be configured before external calls can be made by Direct Routing, via PSTN and Microsoft Teams Phone System. SBCs can be configured in the NHSmail Phone System PowerApp. For more information on how to access the Phone System application, please visit Onboarding.
This article will cover:
- SBC Prerequisites
- Guidance on configuring SBCs in the NHSmail Phone System PowerApp
- Additional Information (further use cases)
NHSmail Teams Phone System is only be supported by Microsoft if a certified SBC(s) is connected through Direct Routing. For a list of Certified SBC vendors, please visit Microsoft – Direct Routing Session Border Controllers.
It is the responsibility of organisations to install their SBCs, in line with Certified SBC vendor setup guidance for Teams Direct Routing. Once an SBC has been successfully installed with Public IP addresses for Teams Direct Routing and for Service Provider interfaces, organisations are required to make a note of the SBC assigned Public Interface IP Address for Teams Direct Routing (also note the default SBC FQDN if provisioned via Azure marketplace – this will be required for DNS CNAME record later).
SBC Configuration in NHSmail Phone System PowerApp
1. Once you have logged into the Phone System Application, navigate to the Homepage and select ‘Configure SBCs (Direct Routing)’ under ‘Getting Started’.
2. You will be directed to the SBCs landing page. This page will display a list of the SBCs you have created, with the functionality to add/edit/delete. An SBC summary box will be featured, detailing the total numbers of SBCs, voice routes and number of SBCs with issues (i.e., SBCs which are not enabled).
Important Note: If your SBCs have not loaded, click the ‘Refresh’ button.
4. You will be directed to a page outlining a checklist with 4 essential steps to follow when configuring SBCs. All 4 Steps outlined below should be followed in chronological for a successful SBC Configuration:
• Step 1: Add your SBC endpoints
• Step 2: View the added SBCs and upload your Certificate Signing Requests (CSR) to obtain your subdomain certificates. You will be notified via email to deploy to your SBCs
• Step 3: Provide the Public IPs / Aliases for each of the FQDNs for your SBCs, to manage DNS records.
• Step 4: Once your SBCs are configured, you can proceed with outstanding Direct Routing onboarding configuration, such as uploading numbers, creating dial plans, voice routes, voice routing policies and assigning numbers and policies to users.
Step 1 | Add your SBC endpoints
Step 1 to successfully configure SBCs is to add your SBC endpoints.
3. On this page, you will be able to add the Name for the SBC. The Fully Qualified Domain Name (FQDN) for the SBC will be automatically generated, following the naming convention ‘ODSCodeSBCNAME’ as a prefix to the subdomain (voice.nhs.net).
4. Under ‘SBC Settings’ you will be able to choose whether to enable or disabled the SBC and make specific changes to that SBC. Complete all the required fields (i.e., SIP signaling port, Forward call history, Media Bypass etc.). For more information and guidance on these settings and possible values, please visit Microsoft’s guidance here.
6. On the success screen, you will have the option to click ‘Back to checklist’ to view the 4 steps to successfully configure SBCs.
Step 2 | View your SBCs and upload your Certificate Signing Requests (CSR) to obtain your subdomain certificates
Step 2 allows you to view the SBCs endpoints that were added in the previous step and upload your Certificate Signing Requests (CSR) to obtain your subdomain (SSL) certificates.
Important note: For every SBC you are adding, you will need to generate and upload a Certificate Signing Request (CSR) for each. Each certificate will be limited to one SBC as per the SBC FQDN.
1. Navigate back to the SBC landing page and select the identified SBC (e.g., the SBC endpoint you created in step 1) and then select the ‘+ Upload Certificate Signing Request (CSR)’ to be directed to a Certificate request page.
4. After submitting the certificate request, you will be directed to a page informing you that ‘Your request has been sent’. You will receive a confirmation email that your request has been received along with a reference for the request.
5. Once the certificate has been generated, you will be contacted via email with the certificate.
6. The certificate can then be deployed to your SBC, as per your SBC provider instructions.
7. Once your certificate request has been fulfilled, your request will be closed, and you will receive an email confirmation.
Step 3 | Public IPs / Aliases and FQDNs to manage DNS records
Step 3 involves providing the Public IPs/Aliases to manage the DNS records
1. Navigate back to the SBC landing page and select the identified SBC (e.g., the SBC endpoint you created in step 1) and then select the identified SBC from the list, and then select ‘Add/Edit DNS’ to be directed to a IP Address/Aliases page.
2. Depending on the DNS Type of your SBC, here you will have the option to add a DNS A (or CNAME) record that maps the SBC FQDN (i.e., ODSSBC.voice.nhs.net) to the Public IP Address (or Alias) assigned to the SBC interface for Microsoft Teams Direct Routing.
Important note: For Physical SBCs and Cloud edition SBCs, a DNS A Record will be required, whereas the Virtual Edition deployment of SBC will require a CNAME record. If you are not sure, please consult with your SME before requesting the DNS records.
3. Upon completing these fields, click ‘Submit’ to process all options you have selected. You will be directed to a page informing you that ‘your Public IPs / Aliases for the FQDN have been updated and your DNS records have been automatically configured’.
Important Note: It can take up to 1 hour for this to be replicated and for changes to take place.
4. To validate if the DNS record changes have taken place, organisations can perform a DNS status check (i.e., Via Command prompt, run command <nslookup “Fqdn of the SBC”>).
5. Configure SBC connectivity to SIP provider for PSTN access (this will vary depending on your organisation requirements and your chosen provider).
Step 4 | Proceed with Direct Routing onboarding configuration
After the configuration of your SBCs, you can now proceed with the outstanding Direct Routing onboarding configuration, such as uploading numbers, creating dial plans, voice routes, voice routing policies and assigning numbers and policies to users.
The below table provides some additional guidance on scenarios relating to SIP provider and SBC changes. It is recommended that organisations undergoing any connection changes should validate and test on a spare SBC to minimise the risk of disruption to live service.
|Changing SIP provider (but using existing/same SBC)||
|Same SIP provider, but changing from an existing SBC to a new/different SBC (no change to voice routes/voice routing policies)||
|Changing SIP provider and changing SBC||