Design Definition and Objective:
We have a ShoreTel/Mitel Connect system with roughly 100 phones and want to start putting some users in the Microsoft Teams Phone System. Over time we will want the number of users in Teams to grow but at a minimum we will need our ECC(Call Center Users) to stay on ShoreTel. It will probably be a few years before we are all on teams so this solution put in needs to be robust since it will stay in place. At first we will use calling plans in MS teams and teams users will dial out from those calling plans. Then we will migrate from Calling Plans to Direct Routing with a SIP Trunk provider.
From a hardware standpoint Teams voice users will have either the teams client(softphone) with USB/Bluetooth Headsets or a Teams physical phones from one of the 3 Teams Phone vendors(Polycom, Yealink, or AudioCodes).
This posts outlines the configurations of our system. It assumes some basic research/knowledge into MS Teams concepts.
Coming from an IT and ShoreTel background this was a difficult project for a number of reasons and you should expect you will have to develop some new troubleshooting skills during this process. I did provide some key points I wish I knew originally.
- Use the Audio Codes System Log View and Crank up VoIP debugging. The Syslog viewer has great SIP Trace info which is important seeing what is happening. Not being a SIP guy it took a while to understand this but really required. SIP Invite Messages are the ones to focus on with the most important fields being To and From.
- Do not try to do this with 1 Ethernet interface on the SBC, have a LAN and a WAN interface.
- Teams is NOT an extension based system rather a user based system. You will give the user a E164 number and then translate to that through the SBC. In the Teams world extensions are an after thought.
- You need the Baltimore Intermediate Cert for TLS to work with Microsoft. This is in both Audiocodes and Ribbon Communications directions but we some how missed it and caused loads of headaches. Embarrassingly enough we had do to a packet capture on our firewall to see the Invalid CA response from Microsoft to figure out we missed a basic step.
- Teams Dialing Plan = What you dial(4 digits for us), Teams Voice Route = What to do with it(send to calling plan or to SBC), PSTN usage links voice policy to voice route. Each user will have a dialing plan policy and voice policy.
Directions on the AudioCodes SBC and ShoreTel SIP trunk configuration can be found below. I will show some basic screenshots in my post but not recreating what is already in these documents.
To integrate ShoreTel Connect with Teams we need a few things
- An AudioCodes SBC sitting in between ShoreTel and Teams with 2 interfaces. We used a virtual model running on KVM(Nutanix AHV)
- Firewall Rule Natting Public IP to SBC Teams Interface. The firewall should also NAT out to that same IP. A One to One NAT is ideal and many vendors call this Static NAT or MIP from ScreenOS days.
- Teams Direct Routing to the SBC
- ShoreTel SIP Trunks to SBC
- SBC configured appropriately and showing ShoreTel and MS Teams as “online” in the proxy status screen.
- SBC Configured with translations
- Teams Needs 10 Digit(E164)
- ShoreTel needs 4 digits(CIO Extensions)
- Diagram like the one below so you can keep your head on straight during this. Notice I don’t diagram the entire ShoreTel environment for simplicity.
In this design we have a set of users(extension based users) that exists on ShoreTel and a set of users(username based users) that exist on Teams. We want to allow those users to call each other as well as call out to the PSTN. It is slightly tricky to conceptualize because all users will likely be a Teams Users(because of AD Sync or because the user is a Teams users for Chat/Video conference purposes)…the tricky part is realizing that not all Teams Users will be a teams voice user. The concept of a teams voice user is slightly nebulous since all teams users have access to making calls between teams users.
The ShoreTel user(4 digit extension, X1120 in diagram) can call the Teams users(Josh lets say) through the use of the OSE(Off System Extension) which directs certain 4 digits over the SIP Trunk to MS Teams. For each Teams user a OSE needs to be created. The OSE’s 4 digits should match the last 4 digits of the Teams Users 10 Digit E164 number that is given when that user is put on a calling plan. This means that each teams user has to have a calling plan or a manually created E164 number. You will also want to have an entry for the OSE in the ShoreTel System Directory. The last 4 digits of the E164 number in Teams DOES NOT actually need to match the OSE but IMO this is a best practice where possible as it keeps management of the Manipulation rules in the SBC simple.
ShoreTel/Mitel SIP Trunk Outbound Configuration
ShoreTel/Mitel Off System Extension
ShoreTel/Mitel System Directory – This is optional and only needed if you want communication/directory to have a listing for the teams user. An alternative configuraiton is to use call forwarding or simultaneous ring within the “ShoreTel User” for that Teams Voice User.
MS Teams User with E164 Number Assigned(Through Calling Plan)
From ShoreTel to Teams calling, the SBC contains manipulation rules that translates the 4 digits that ShoreTel sends the SBC to 12 Digit E164 numbers. The E164 number that the SBC translates to needs to be the same number as the Teams User. For our purposes each user added to teams will need a manipulation rule although depending on the E164 numbers in Teams you may have more eloquent options than a rule for each user. As a side note, we keep the source extension from ShoreTel as 4 digits, i.e. the SBC does not manipulate this From SIP field, although we could also manipulate this to be an E164 number.
For Teams to ShoreTel calling, the Teams PBX collects 4 digits from a Teams user dialing . This is based on a dialing plan policy that they are a member of. Once collected the Teams PBX then uses that users voice policy to determine what do with the digits collected. It is really important to understand the difference between these two, i.e. Dialing is to define what to collect and routing defines what to do with it. The definition is based on two separate policies that are applied to each user.
The dialing plan tells the system that 4 digits is something to collect(vs 5 digits, 6 digits etc).
The voice routing policy links an action via a PSTN usage plan. In this case the action is to be defined in the voice routing section direct routing, i.e. the voice routing policy -> PSTN usage -> voice routing. If you have more complex needs then us then my explanation is overly simplistic.You can safely ignore the call2teams policies in my screenshot…it is an artifact of trial and error.
The voice routing(under direct routing) defines what to do with various digits….send to PSTN via calling plan for 10 digits vs send to AudioCodes SBC for 4 digits.
For calls coming from MS Teams to ShoreTel 4 digit extension the SBC does a global manipulation which is to strip the E164 number down to 4 digits. You can see rule this in the original Manipulation screenshot I posted above.
Syslog and SIP Message Visibility
The Audiocodes Syslog Viewer allows you to look at the sip traffic when you set the VoiP Debug level appropriately. This is one of the most important tools for troubleshooting so make sure you have it installed and collecting data early on. You can see from the Screenshot below the SIP Invite from Microsoft to the Audiocodes SBC and from the Audiocodes SBC to ShoreTel. If you click on the leg it will show you the specific SIP message.
In the screenshot below I highlighted one leg of the SIP traffic, from the Audiocodes SBC to the ShoreTel switch. Specifically I highlighted the parts of the SIP message I found most useful during our troubleshooting process. The port information is for troubleshooting firewall issues. The to and from fields are important for seeing the results of your message manipulation as well as what each side is sending to the SBC. IMO this is why you want to do message manipulation in an SBC and not teams directly because the visibility you get from AudioCodes SBC easily allows you to troubleshoot and ensure all SIP Trunk systems get the messages formatted the right way.
In order to get caller ID to work we had to issue the following command. Set-CsOnlinePstnGateway -Identity SBCFQDN -ForwardPai $false. This prevents the Privacy flag from being set in the SIP messages from Microsoft. In addition you also have to ensure that the ShoreTel Trunks accept Caller ID and Caller Name.
Using ShoreTel PSTN connectivity
Pretty quickly we realized we want to use ShoreTel’s Trunk Lines, i.e. the existing PRI’s in place rather than the MS calling plan. To do this we set the voice routes to use the SBC for 10 digit and +1 and 9 digits. I don’t think this simple logic holds up for international or local 7 digit dialing but could easily be extended to this.
Once we send the SBC these calls then we needed to do some manipulation in the Audiocodes SBC. This manipulation matches on the +1 E164 number sent from teams and replaces it with 9. Our ShoreTel system requires a 9 to seize the trunk. I am guessing there is a more eloquent way to handle this but it worked for us.
On the Mitel/ShoreTel side we needed to enable Tandem Trunking with a user group that has access to all the right trunks.
Quick Dialer and Power BI
Finally, we needed to give our users a quick way to access company contacts in MS Teams. To do this we created a power BI connection to a datagway that has access to our CRM with all our contacts. Then we made a visualization in PowerBI that allows users to search for User/Company. The results get displayed in an HTML viewer widget in powerBI that is formatted in a manner that allows click to dial in teams. To do this you basically need to convert the phone number into HTML with the Tel: URL and then set your device to have teams handle the Tel: protocol. Here is an article about this concept. http://www.lync.se/2018/10/set-tel-url-association-for-teams/
User without a calling plan
For a user without a calling plan you can run the following command and give him/her an arbitrary E164 number. This will give you something to route to.
Set-CsUser -Identity firstname.lastname@example.org -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI +1XXXXXXXXXX
This article is a work in progress and will be updated as we put MS Teams into production.