Top
Microsoft Teams Direct Routing Integration
In this scenario, the Sentinel is connected with its uplink port to the local network, along with other SIP clients. In this scenario, SIP Clients are registered to the Sentinel. This local network is behind a NAT firewall router. The ATA, the door panels, and the SIP phones are registered directly to the Sentinel . In order to reach them from MS Teams, it is necessary to dial a prefix. The SIP phone may have other lines registered with a different SIP provider, but it is outside the scope of this setup.


Top
Requirements for MS Teams
- Refer to the following link for MS Teams direct routing requirements: https://docs.microsoft.com/en-us/microsoftteams/onboarding-checklist-enable-office-365
- A publicly resolvable FQDN for the Sentinel. The FQDN must be in one of the domains
defined under your Microsoft Teams account. For example the SBC FQDN is set to
sbcteams.mediatrix.com, which is under the mediatrix.com domain.
- At least one Microsoft Teams user must be created under the same domain. In our example, we have created one such account: media5user@mediatrix.com
- DID Phone Numbers to dial in, you can get DID phone numbers under Microsoft Teams admin
Center/Users/Phone Numbers and assign it to a specific user (or auto-attendant, which is a pseudo-user).
Top
Connecting to MS Teams with PowerShell
- Download and install Power Shell: https://docs.microsoft.com/en-us/SkypeForBusiness/set-up-your-computer-for-windows-powershell/set-up-your-computer-for-windows-powershell
- Open PowerShell from your PC. Run it as Administrator.
- Install Microsoft Teams module if needed: https://docs.microsoft.com/en-us/MicrosoftTeams/teams-powershell-install#install-the-teams-powershell-module
- Type Set-executionPolicy –ExecutionPolicy RemoteSigned
- Click Yes to all.
- Enter Import-Module MicrosoftTeams
- Enter Connect-MicrosoftTeams
- Enter your tenant admin user name and password.
Top
Configuring MS Teams Voice Routing
Top
Requirements for the Sentinel
- DGW software version: MediatrixSentinel_Dgw_48.0.2430 or newer.
- Rulesets created to use Teams with the Sentinel. Contact your sales representative.
- A server certificate with the SBC FQDN in the Common Name or Subject Alternative Name
signed by one of the approved public CA by Microsoft. In our test, the SBC host
certificate was signed by Comodo (one-month Free Trial):
- Key length 2048 bits
- Signature Hash algorithm: SHA 256
- Extended Usage: ClientAuthentication and ServerAuthentication
- Common Name: sbcteams.mediatrix.com
- SAN may contain wild card FQDN, most root CA will charge extra for that; the Comodo free trial does not allow that so it was skipped
- Generate the necessary CSR (Certificate Signing Request), and later combine the private key and the CA signed certificate to form a host certificate to upload to the Sentinel: Refer to https://documentation.media5corp.com/display/DGWLATEST/Creating+a+Media5+Device+Host+Certificate+with+OpenSSL
- Install Baltimore Cybertrust Root CA certificate on the SBC (https://www.digicert.com/digicert-root-certificates.htm); this is to validate against MS Teams servers (sip.pstnhub.microsoft.com, sip2.pstnhub.microsoft.com, sip3.pstnhub.microsoft.com)
- Associate the host certificate to the SBC service. Make sure only 1 certificate is associated to it. Refer to https://documentation.media5corp.com/display/DGWLATEST/Using+Trusted+CA+and+Host+Certificates for more details.
- To speed up incoming calls from Teams, as calls from Teams Direct Routing server may
come from another IP (not the same as the ones resolved by DNS), set up the following
static DNS entries
Hoc.StaticHosts.DeleteAllRows Hoc.InsertStaticHost Name="sip.pstnhub.microsoft.com" IpAddresses="52.114.132.46,52.114.148.0,52.114.132.46,52.114.75.24, 52.114.76.76,52.114.7.24,52.114.14.70" #the sequence of IP addresses may vary from region to region, ping MS Teams FQDN to find out what it is resolved into for your region
Top
Importing Rulesets

Top
Configuring the Signaling Interfaces
- Go to SBC/Configuration.
-
In the Signaling Interface Configuration cable, configure the Uplink_s as follows:
- Name: uplink_s
- Network: Uplink
- Port: 5062
- Secure Port : 5063
- Allowed Transport: All
- TLS Mode: Client
- Public Address: leave empty
-
Click
and complete the fields as follows.
- Name: teams_s
- Network: Uplink
- Port: 5060
- Secure Port : 5061
- Allowed Transport: TlsOnly
- TLS Mode: Both
- Public Address: FQDN assigned to the SBC, for example sbcteams.mediatrix.com

Top
Configuring the Media Interfaces

Top
Configuring the MS_Teams_Direct_Routing_ca Call Agent
- Go to SBC/Configuration.
-
In the Call Agent Configuration
table, click
.
-
In the Configure Call Agent table,
complete the fields as follows:
- Name: MS_Teams_Direct_Routing_ca
- Enable: checked
- Signaling Interface: teams_s
- Media Interface: teams_m
- Peer Host: sip.pstnhub.microsoft.com:5061
- Force Transport: Tls
- Keep-Alive Interval: 30
- Blacklisting Duration: 60
- Blacklisting Delay: 0
- Custom Header: X-MS-SBC: Mediatrix/%productseries%/%version%
- In the Call Agent Rulesets table, from the Name select MS_Teams_interop.
- In the Parameters field, enter the CC=Country Code and the DIGITS=Number of digits of CC + 1, eg.CC=1 DIGITS=2, or CC=34 DIGITS=3.
- Click Save.

Top
Configuring the local_users_ca Call Agent
- Go to SBC/Configuration.
- Select the Enable check box, located next to local_users_ca.
-
In the Call Agent Configuration
table, click
next to local_users_ca.
-
In the Configure Call Agent table,
complete the following fields:
- From the Signaling Interface selection list, uplink_s.
- From the Media Interface selection list, select uplink_m.
- Set the Peer Network field to the LAN subnet (subnet/netmask length).
-
In the Call Agent Rulesets table,
click
.
- From the Name selection list, choose MS_Teams_Interop_local_users_registrar_in.crs.
- In the Parameters field, enter PREFIX=the prefix number appended to the called number REG_DOMAIN=IP_of_Uplink_s:SIP_signaling port_of_uplink_s , e.g. PREFIX=1514996, REG_DOMAIN=192.168.1.105:5062, assuming MS_Teams client is dialing 1514996+local_sip_user_extension_number to reach local registered SIP clients
-
Click
.
- From the Name selection list, choose force_media_plain_rtp_handle_replaces.crs.
- Click Save.
- Click Apply to apply all changes to the configuration.

Top
Associating Routing Rulesets to Your Configuration
- Go to SBC/Configuration
-
In the Routing Rulesets table click
to add a routing ruleset.
- From the Name selection list, select MS_Teams_local_users_routes.
- Click Save.
- Click Apply to apply all changes to the configuration.

Top
Online Help
If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will bedisplayed.
Top
DGW Documentation
Mediatrix devices are supplied with an exhaustive set of documentation.
Mediatrix user documentation is available on the Media5 Documentation Portal.
- Release notes: Generated at each GA release, this document includes the known and solved issues of the software. It also outlines the changes and the new features the release includes.
- Configuration notes: These documents are created to facilitate the configuration of a specific use case. They address a configuration aspect we consider that most users will need to perform. However, in some cases, a configuration note is created after receiving a question from a customer. They provide standard step-by-step procedures detailing the values of the parameters to use. They provide a means of validation and present some conceptual information. The configuration notes are specifically created to guide the user through an aspect of the configuration.
- Technical bulletins: These documents are created to facilitate the configuration of a specific technical action, such as performing a firmware upgrade.
- Hardware installation guide: They provide the detailed procedure on how to safely and adequately install the unit. It provides information on card installation, cable connections, and how to access for the first time the Management interface.
- User guide: The user guide explains how to customise to your needs the configuration of the unit. Although this document is task oriented, it provides conceptual information to help the user understand the purpose and impact of each task. The User Guide will provide information such as where and how TR-069 can be configured in the Management Interface, how to set firewalls, or how to use the CLI to configure parameters that are not available in the Management Interface.
- Reference guide: This exhaustive document has been created for advanced users. It includes a description of all the parameters used by all the services of the Mediatrix units. You will find, for example, scripts to configure a specific parameter, notification messages sent by a service, or an action description used to create Rulesets. This document includes reference information such as a dictionary, and it does not include any step-by-step procedures.
Top
Copyright Notice
Copyright © 2023 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.