Sonus SBC SIP Trunk Config (Registration Mode)

I have recently been tasked with the deployment of a new SIP trunk for an office in Hong Kong, working with a relatively new SIP trunking provider in this region.

The deployment topology itself is straight forward; centralised SfB 2015 pools deployed to central sites, with local gateways servicing local PSTN connections at each geographically dispersed office location, a distributed SIP trunking topology. Each of the local site gateways was provisioned with SBA functionality. The local gateway being provisioned was a Ribbon SBC1000, very familiar technology.

Our SIP circuit was a registration mode trunk, meaning that a registration process must be completed with the trunk to authenticate and then subsequently, each outbound call would also need to respond to a challenge request.

This was the first trunk I had encountered using this mode so I thought it would make a good blog entry. This post, won’t go into the depths of the initial configuration of the gateway and SIP circuit, but will focus on what is needed that is different to the typical SIP trunk configuration.

From here, I assume you have deployed the following:

  • The initial SBC configuration, networking, hostname and SBC certificate
    A signalling group has been created representing the PSTN provider (we will apply additional config here)
  • A signalling group has been created representing an SfB Pool / SBA / STD Edition server
  • Call routing tables have been created
  • Call transformation tables have been created

If you do need some advice on the above, the following blog article but my friend Mark Vale is a great multi-part walk-through:

https://blog.valeconsulting.co.uk/2016/02/29/skype-for-business-and-sonus-part-1-getting-started/

So assuming the above is all in place, the very first thing to configure are the Contact Registrant and Remote Authorisation tables which can be found under the SIP configuration node. I have seen references to configuration guides that state, that only the Contact Registrant table is required, certainly in my instance I had to configure both tables.

The Contact Registrant contains information in relation the Realm and User ID used when registering on the trunk and the Remote Authorisation table contains the credentials. This was my first hurdle and it purely came down to a language translation barrier so one word of advice would be really to clarify that you have all of the information required and in a supported format for the SBC1000.

The following settings were applied across my tables:

Contact Registrant Table:

Contact Registrant Table

 

 

 

 

Remote Authorisation:

Remote Authorisation Table

 

 

 

 

 

 

To confirm that you have successfully registered, the easiest way is to simply view the status of the contact registrant table, for further confirmation you can also monitor the registration request via LX or Wireshark, you will see a 200 OK response for a successful registration. Any failures at this point are likely to be due to the realm, user ID or password across the tables.

 

 

 

 

 

 

 

Once the trunk is registered, like me you will be tempted to make a test call (in my instance I actually believed I had the configuration ready). Now depending on your trunk, these calls may be OK, my test calls were failing and upon viewing an LX trace from the gateway, our provider was immediately responding with 404 User Not Found for a valid local HK telephone number:

404 not found

 

 

 

 

 

 

I went back to the provider and requested [politely demanded] additional configuration information. They responded this time with an internal configuration guide, that, would have been useful at the very start!
Within this guide, the provider stipulated the following:

  • From: DN@sipprovider.com (for example  21111111@sipprovider.com)
  • PAI: PilotDN@sipprovider.com (for example 21111111@sipprovider.com)

This is significant information needed on the trunk for the correct presentation of the call, to the provider before they will accept the call.

To manipulate the FROM header, I initially did a literal replacement of the entire FROM field, resulting in 21111111@sippovider.com being presented using SIP Message Manipulation.

SIP Message Manipulation

 

 

 

 

 

I also did the same for the HOST portion of the PAI field and replaced it with SIPPROVIDER.com

So now, my invites outbound, to the best of my knowledge, should be presented in a format that the provider accepts – boy was I wrong.

Upon sending an invite now, the provider was sending a 401 Challenge Request which was expected, now the issue was that our SBC was simply not responding to the challenge request and re-inviting without any authentication

Invite:
INVITE sip:21111111@sipprovider.com:5060;user=phone SIP/2.O
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, OPTIONS, REFER, REGISTER, INFO, UPDATE, PRACK
call-ID: call-6A941SOO-OOOO-0010-1911-A@10.239.42.81
Contact: <sip:21111111@local-sbc.com:5060;transport=UDP;maddr=1.1.1.1>
Content-Length: 308
Content-Type: application/sdp
cseq: 2 INVITE
From: <sip:22222222@sipprovider.com:5060>
Max-Forwards: 69
Min-SE: 600
P-Asserted-ldentity: <sip:22222222@psipprovider.com:5060>
Session-Expires: 3600
Supported: replaces,update,timer,100rel
To: <sip:21818888@pccwone.com:5060;user=phone>
Via: SIP/2.O/UDP

This one had me stumbled for a couple of hours, I started looking at the logs, line by line and then noticed that the FROM: field, did not contain a ;tag=xxxx;sgid=x, this tag  information is what a UAS uses to determine that a call is not a duplication session (if you want to dig a little deeper https://www.ietf.org/rfc/rfc3261.txt), and which signalling group should manage the connection and without this our SBC was not responding as we would expect it to. It can be found correctly formatted in the image below:

 

 

Confirmation of this theory became apparent when I found the following errors in the SBC log:

LX Error Log

No tag value in FROM header, it then goes on to fail to find a suitable signalling group.

Taking a step back reviewing my options I decided to revert the FROM manipulation and not implement it using SIP Message Manipulation, and use the more simplified SIP profile options to set a static FQDN for both TO and FROM fields:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This did the trick, my call was correctly presenting ALL required ITSP information, calls were not permitted inbound and outbound!! SIp Message Manipulation could have achieved what we needed in this point, but the SIP profile is easier configuration for anyone to pickup and read so we opted for this method.

Additional notes:
We were using EXT prefix in a user Line URI and this was affecting the presentation of the P-Asserted Identity field. To overcome this, within the ITSP SIP Profile, we set the following:

  • Calling Info Source: FROM header
Advertisements

Cloud PBX –  Who, What, Where, When and Why?

It’s no secret that Microsoft have announced that the already feature rich service that is Office 365, will now include “Enterprise Voice” within its Skype for Business Online service.

It has been a long time coming, we dipped our toes in the water in a previous (similar)  iteration that was entitled ‘Hybrid Voice’ – well now it is back and along with additional supported topologies, they are here to stay!

This post is intended to be a ‘living post’; with constant updates as information is released and functionality is unveiled.

Quick Point:

  • Skype for Business Server = On-Premise
  • Skype for Business Online = Cloud
  • Skype for Business Hybrid = integrated On-Premise and Cloud deployment

Today, Skype for Business Server:

So as it stands, anybody wanting to leverage the enterprise grade PBX functionality offered by Skype for Business, must deploy the on premise iteration of the product, Skype for Business Server (or a hosted service via a third party). This enables customers to migrate all telephony functionality into the new on premise infrastructure in a smooth, well structured approach when planned correctly.

There is often reluctance to do this and from experience, this is due to a lack of knowledge of the platform and its eco system partners capabilities.

In a nutshell, yes we can provide support for the following AND more;

  • TDM and analog trunking
  • Multimedia Contact centres
  • Call Billing and Reporting
  • Call Recording (PCI compliance too)

This is just a shortlist of the capabilities, for an overview of all trusted partner applications and supported infrastructure components, the Skype for Business Solutions Catalog is the place to be.

So hopefully, if you did not already, you do have a better understanding of where we are today….

Cloud PBX – What is it and Where are we going?

In line with the ‘New Microsoft’, cloud first, agile software releases etc. the following offerings are being made available;

  • Cloud PBX with PSTN Calling (US only as it stands)
  • Cloud PBX with on premise PSTN connectivity
    • Via an existing Lync/Skype for Business pool
    • Via Cloud Connector Edition
  • Cloud PBX PSTN conferencing

There are also additional programs, but those are out of scope for this post;

  • Android Preview
  • Broadcast Meeting

In addition to the Skype for Business Server offering, Skype for Business Online will now start to offer ‘Enterprise Voice’ functionality in the cloud through your existing tenant service.

It is important to note that initially, the service will not provide all the functionality that on premise counter part does, the following table shows the functionality announced today:

Office 365 Express Route

In my opinion, taking into consideration the nature of real time UC traffic, versus the more static content, in say Exchanged Server, network connectivity has been one of the reasons many organizations have not yet adopted Skype for Business Online.

Microsoft have now accounted for this in the form of Office 365 Express which is now Generally Available.

This service allows organizations to leverage a managed connection, from their local on premise infrastructure into the Office 365 data centre, adhering to the Quality of Service DSCP markings recommended for Skype for Business.

Again, in my opinion, whilst not mandated, I would recommend looking at adopting Office 365 Express Route within your network to ensure end user quality can be guaranteed, as opposed to best effort traversing the internet.

Cloud PBX with PSTN calling

I strongly believe, this is where everything is going. As you will see, each of the methods to achieve voice in the cloud, ultimately leads to this topology.

  • At the moment, this is an option available to the US only with plans for expansion CY16.
  • This offering allows customers, to utilise Microsoft as their sole telephony provider.
  • As it stands, this service is currently only available to US tenants, with a further geographical reach aimed for CY16.
  • Either acquire new telephone number ranges for organisation, or port your existing telephone numbers into the service and have no dependencies for on premise server infrastructure to deliver your telephony services.
  • User accounts are homed in the cloud, telephony services are hosted in the cloud, under a financially backed SLA. A summary of the topology may look like the following:

For customers interested, it is perfectly viable to pilot the service, acquiring telephone numbers for users and allowing for evaluation of the service in line with preview program updates. This is a clean, non disruptive way of testin out the Cloud PBX with PSTN calling functionality.

Whilst there is not feature parity with th, to account for this Microsoft have presented several ways for customers to achieve the Cloud PBX functionality, each of those will be discussed now.

To enable a user, you must;

  • Own an Enterprise Office 365 tenant that contains E5 licenses
    • OR E1/E3 + Purchase of the Cloud PBX License
  • Acquire new or port existing telephone numbers
  • Assign Office 365 E5 to the users in question
  • Assign on of two calling plans (current offerings)
    • Domestic only – which includes all 50 US states
    • Domestic and International – exactly as it states on the tin
  • Assign a telephone number to the user

It is a simple as that, there are additional considerations to be taken into account, Office 365 AADSync, ADFS dependent upon your requirements, but again out of scope for this post.

Cloud PBX with on Premise PSTN

Falling in line with the hybrid topologies, that allow organizations to transition services over time, Skype for Business Online Cloud PBX now supports this platform topology.

As stated earlier, the current cloud PBX service from Microsoft does not provide all of the functionality that is available from  an on premise deployment. To account for this, Microsoft allow for the retention of existing telephony carrier relationships and  on premise deployment applications such as contact centres, through the hybrid topology.

For those users that require corporate telephony, home them in the cloud, for users requiring access to custom ISV applications, they can remain on premise, whilst the organisation continues to integrate new functionality as it arrives within the online service.

This offering breaks down into two further offerings;

  • Cloud PBX with on Premise Skype Business
  • Cloud PBX without any existing on premise Skype for business Lync

Let’s explore each of these further;

Cloud PBX with on premise Skype for Business

This option is similar to the Hybrid Voice topology that was previously released and withdrawn, to and from the market.

It allows organisations to leverage the existing investment made into building out an on premise deployment with a view to transition all services to the cloud.

In this scenario, users are homed within Skype for Business Online, but the voice services required by the user are delivered via the Skype for Business Server (on premise) infrastructure.

Important notes to consider during planning:

  • To enable an SfBOnline user for this Cloud PBX offering, you must have provisioned your company domain (e.g. uccorey.com) to your Office 365 tenant
    • .onmicrosoft.com domains are not supported
  • Lync Phone Edition must be updated to the minimum required firmware
    • Do not move users online before updating the firmware
    • If a user have been moved online, prior to firmware maintenance – DO NOT update the device firmware nor perform a hard reset
    • Move the user back on premise prior to updating or resetting the phone device
    • If a hard reset if performed, before the device is updated, it will default to PIN authentication, which isn’t supported
      • Which will answer any CX500 question…

System Requirements / Prerequisites

  • Front End Server must be running Skype for Business Server 2015 or Lynch Server 2013
  • Edge Server must be running Skype for Business Server 2015 or Lynch Server 2013
  • Mediation Server must be running Skype for Business Server 2015 or Lynch Server 2013
  • Enterprise Voice is configured and tested on premise, including all PSTN components; SBCs, IP-PBXs, PSTN Gateways…
  • Azure AD Connect 1.0.9125.0
    • Older versions of the tool must be upgraded
  • Hybrid Connectivity (Shared SIP address space) must be enabled between your on premise deployment and Office 365 tenant
  • To support Single Sign On for end users, Active Directory Federation Services must be provisioned
Cloud PBX with On premise connectivity, without Skype for Business Server:

This scenario applies to organisations that have not yet deployed any Skype for Business or Lync infrastructure, but wish to adopt the service for all Unified Communication and Telephony functionality.

In this instance, organisations must deploy a small ‘flavor’ of an SfB deployment called ‘Cloud Connector Edition’. This virtual appliance server is a virtual machine that consists of the following  server roles:

  • Central Management Store (CMS) Role
    • Configuration store for the topology components
  • Edge
    • Access Edge
      • SIP Routing between on premise and online services
    • Media Relay and Media Daly Authentication
      • Media routing and authentication token for media routing
    • Outbound Routing
      • Supports only global policies based on outbound PSTN numbers
    • CMS Replica
      • Maintains a copy of the CMS local and synchronizes data from the Global CMS
  • Mediation Server
    • SIP and Media gateway between Skype for Business and the on premise PSTN gateways
    • Includes as CMS replica
System Requirements / Prerequisites
  • .onmicrosoft.com domains are not supported
  • Cloud connector edition is currently supported on Hyper V hosts
  • Cloud connector is provisioned using PowerShell scripts that may change the configuration of your Hyper V Hosts – review them!
  • CMS and Mediation roles can be collected on a single Hyper V Host
  • Edge Server VM must be provisioned on a separate Hyper V hosts that is deployed into a DMZ
  • Administrator permissions over the Hyper V Host
  • Administrator permission to publish the topology in the on premise domain
    • AD Schema
    • Enterprise Admin
    • Domain Admin
  • External DNS Records
    • ap.<Domain Name>
    • mr.<Domain Name>
  • Your Office 365 tenant must have the required SRV records created for it
  • External Edge Certificates must be procured
  • Firewall ports 443, 5061 and 3478

This appliance, is used to create a SIP trunk connection to a supported PBX or SBC appliance, which becomes the gateway for the online homed user account voice traffic. Users are homed online and consume UC services via the online pool, whilst PSTN voice traffic is routed via the Cloud Connector VMs via the existing telephony infrastructure.

The following TechNet article details the required steps to implement Cloud Connector Edition – as this becomes available, keep an eye out for updates to this post!

Skype for Business CU1 Released

Good morning, good afternoon and finally good evening!

On June 19th, Microsoft released the first Cumulative Update for Skype for Business Server 2015.

More information can be found here whilst the actual download is here.

In summary, CU1 addresses the following issues;

  • KB3069206 Exchange UM Auto Attendant can’t transfer call to phone/extension number in Skype for Business Server 2015 environment
  • KB3068921 RTCHost.exe process persistently consumes many CPU resources on a Skype for Business Server 2015 Front End server
  • KB3068926 Default presence configuration parameter is incorrect on a Skype for Business Server 2015 server
  • KB3068920 Skype for Business Web App connected to a wireless network crashes during audio/video or application sharing session
  • KB3068196 Call to a RGS number cannot be transferred to an available RGS agent in Skype for Business Server 2015-based client
  • KB3068197 Skype for Business Server 2015 RGS agent receives a toast for a second call after agent accepts the first waiting call
  • KB3068931 You cannot join a Skype for Business 2015 meeting when the server is deployed in Turkey system locale
  • KB3068932 “Device is not allowed to join” when you click a Skype for Business meeting URL on a Windows Phone 8.1 phone

Keep an eye out for updates to my previous post, for details on how to apply this update!

Happy Monday!

Skype for Business Server 2015 Server Components Released

Friday 1st May was a very good day for the Unified Communications community, particularly if you are pro-Microsoft, as Skype for Business RTM components released to MSDN/VLSC customers. Keep an eye out for a constant steady stream of new information as Microsoft Ignite is also currently underway – so a lot of information will soon be going from NDA to public domain classification – I can already see the blog posts currently in draft mode 😉

Risual Event – Skype for Business – Are you Ready?

 

Email not displaying correctly? View it in your browser.

 

 

 



Skype for Business, are you ready? 

Everyone is talking about Skype for Business, why? How does this impact your business?

After the success of our Skype for Business webcast, we have invited Microsoft down to our offices in Stafford to discuss the main changes to you. The event will enable you to discover the changes to your business as well as the overall technical changes. We will be providing a free lunch and a unique networking opportunity with break out session for both public and private sector organisations in the afternoon.   

Event summary

 – An in depth look at the exciting new changes and what these mean for your organisation

– Breakout sessions for Private and Public Sector including case studies, customer speakers, demo sessions and round table discussions

 – A unique opportunity to network with similar sized organisations from both sectors


In order to secure your place, please click on the RSVP link and we will do the rest!

Agenda
09.00 – 09.30: Arrival and refreshments
10.00 – 10.15: Introduction
10.15 – 11.00: Skype for Business what does it mean for your business?
11.00 – 11.45: Guest speaker Leigh Smith – Microsoft
11.45 – 12.30: Guest speaker Gill Furlong – Essex County Council
12.30 – 13.15: LUNCH
13.15 – 14.00: Technical update
14.00 – 14.15: Refreshments and networking
14.15 – 15.00: Breakout sessions – choice between Public Sector or Commercial session
15.00 – 16.00: Refreshments and networking
16.00: Event close

 

                                       

When?
28th April 2015

Time?
09:00-16:00

Where?
risual House,
Parker Ct,
Staffordshire Technology Park,
Stafford,
ST18 0WP

Find us with Bing
     





 

risual House
15 Parker Court
Stafford Technology Park
Beaconside
Stafford
ST18 0WP


T:
0845 6800077
E: Enquiries@risual.com

 

 

 

 

Skype for Business TechNet Library

….is now live!

For those that like a bit of midnight reading, you will be pleased to know that the TechNet library for Skype4Business is now live (Published 9th April).

Included so far are the Planning, Deploying and Managing libraries. On the home page is also a summary of resources which is also a useful page to keep bookmarked (as well as my page here of course!)

The Library can be found here. Have fun! 🙂

#Skype4B Architecture Updates

My previous post provides a direct download link to the content I will be referencing in this blog post, the purpose of this post is to summarise the content whilst at the same time adding my opinion to the “improvements”.

So if you are anything like me you will be counting down the days to the upcoming #Skype4B webcasts, to which I received confirmation on my attendance for all sessions! (Lucky boy aren’t I?!).

Now for the content…

Continue reading

#Skype4B Content Released

Whilst we count down the days to the Office 365 Summits, it would be a good idea to keep an eye on the Office 365 Summit Readiness Tab.

Microsoft have released the Skype4Business Reference Architecture and Design PowerPoint content – It had 0 downloads when I found it 😉

Not long now!

Office Summit #Skype4B sessions

Quite simply put…Get. Registered.

For those of us not able to physically attend the summits, Microsoft will be publishing live webcasts between February and March on a very interesting lineup of topics:

– Intro
– New Windows Desktop Experience
– Reference Architecture and Design Considerations
– Manageability Improvements Overview
– In-Place Upgrade Deep Dive
– SQL AlwaysOn Deep Dive
– Server Core Improvements Overview
– Reliability & Patching Deep-dive
– Hybrid Configuration Deep-dive
– New Meeting & Web Investments Overview
– Video Interop Server Deep-dive
– Lync/Skype Federation (Phase 2)
– Lessons Learned from Preview
– Software Defined Networks (SDN)
– Developer Platform
 
Registrations will be confined via email, you will also be able to find the sessions on the Office 365 Summit Readiness Tab

What topic(s) are you looking forward to? I must admit I’m looking forward to all!

Full details here

2015/01/img_0005.jpg

Lync Networking Guide v2.3 Released!

Microsoft have released a new version to the [Amazing] Lync Network Planning, Monitoring and Troubleshooting guide.

I have recently passed 74-335 Network Readiness Assessment and must say that understanding the Microsoft Network Assessment Methodology along with this guide was absolutely crucial.

Now at v2.3, it seems to have been updated with additional Wi-Fi and QoS Guidance, the following extract has been taken from the download site;

“An updated version of the Networking Guide is now available including the new Microsoft Call Quality Methodology Scorecard for Lync Server. This scorecard should be used to implement the Lync Call Quality Methodology or CQM as outlined in Appendix C. CQM is a holistic way to systematically define and assert call quality based upon the methods outlined in the Networking Guide. CQM divides a Lync implementation into ten discrete areas that impact quality, defining targets and a remediation plan for each one. CQM is a framework to tackle call quality problems – you can modify or extend it to address the particular conditions on your network. Appendix D includes techniques to troubleshoot poor streams that CQM surfaces.

The Networking Guide download now includes the list of Lync Server 2010 and an updated list of Lync Server 2013 KHIs to validate server health, a complete set of CQM queries, and a PowerShell script file to collect KHI data.”

Download Microsoft Lync Network Planning, Monitoring and Troubleshooting Guide