Introduction

Microsoft Teams is the fastest-growing business application in the history of Microsoft. Teams became an indispensable communications and collaboration tool for hundreds of millions of people around the world who were suddenly forced to work from home. Today, over 100 organizations with 100,000+ users, and over 3,000 businesses with 10,000+ users rely on Teams. A key piece of Teams functionality is the ability to chat and call with other Teams users. However, Teams does not by default include the ability to make and receive calls to/from the outside world (e.g., use a 10-digit phone number to call or receive a call from a customer down the street). Connecting Teams to the Public Switched Telephone Network (PSTN) via a telecom provider requires each user to have a Teams Phone license. Teams Phone, as the name implies, provides the office phone system/PBX features and services within Teams. Teams Phone licenses are included within E5/A5 licenses but are typically an add-on for most other Microsoft 365 packages. Once the licenses are enabled, you must decide how you will connect users to the Public Switched Telephone Network. Microsoft offers three options to connect Phone System and Teams users to the public telephone network:

  • Microsoft Calling Plans
  • Microsoft Operator Connect
  • Microsoft Direct Routing

All three options enable telephone calls to the outside world, but each has unique economic, implementation, and operations implications. Your organization's size, location, and composition will all factor into your decision process. This paper provides a high-level overview of Microsoft Calling Plans and Microsoft Operator Connect. It focuses primarily on Microsoft Direct Routing and explains how Ribbon's Session Border Control (SBC) portfolio can help you seamlessly migrate your existing office phone system hardware, software, or services to Teams Phone.

Three Options to Connect Teams to a Telecom Provider

Microsoft Calling Plans - Easy for Very Small Businesses

Microsoft Calling Plans are the fastest and easiest way to connect to the telecom provider and "add dial tone" to Teams in a manner of speaking. With this option, Microsoft acts as your telecommunications service provider, delivering telecom provider connectivity in the cloud, and providing phone numbers for users, conference bridges, auto-attendants, etc. Microsoft Calling Plans are ideal for startups, for very-small businesses, and for small, stand-alone offices. If your organization or site has 15 or fewer users, a Microsoft Calling Plan may be your simplest and most cost-effective option. Beware that Microsoft Calling Plans do not support legacy phone systems (aka PBXs) or analog equipment like fax machines, lobby phones, or elevator phones. In addition, Microsoft Calling Plan availability and capabilities vary from country to country.

Microsoft Operator Connect - Compelling for New Deployments

Operator Connect is Microsoft's newest option for acquiring telecom services. You can use the Teams Admin Center, inside Microsoft 365, to select a telecom provider that is already approved for Teams Phone deployments and arrange service through the portal. That means that unlike with Microsoft Calling Plans, with Operator Connect you still get to choose your telecom provider and services and negotiate pricing. Once a business relationship is in-place, administrators return to the Teams Admin Center to set up each user with a phone number and features. Connectivity between the telecom provider and Microsoft is cloud-to-cloud, so there are no telecom lines terminated at your office or corporate data center. Because everything happens in the cloud, you can't use this option to gracefully migrate your legacy office phone system to Teams. Via the SIP Gateway, it offers limited support for analog devices like fax machines, elevator phones, etc. Depending on geography, the number of telecom providers is limited so there is a possibility you could be forced to change telecom providers to use Operator Connect. Operator Connect can be combined with Direct Routing to add support for legacy elements.

ABCs of SBCs for Direct Routing

Session Border Controllers are deployed at network borders to control and secure real-time IP communications sessions. An SBC performs the following functions

  • Network security: An SBC conceals internal IP addressing schemes to protect against denial of service (DoS) attacks and other malicious activity. It also encrypts calls to protect against eavesdropping and ensure compliance with privacy regulations.
  • Multivendor interoperability: While SIP is an industry standard, there are often subtle differences between vendor implementations. An SBC "normalizes SIP messages to resolve interoperability issues between vendors and service providers.
  • Multiprotocol interworking: An SBC lets you tie together different generations of products that speak different protocols so you can connect Teams to newer SIP-based solutions and older equipment.
  • Access control: The SBC is the gatekeeper to SIP-based services in an enterprise network. In this role, SBCs perform session admission control, which is the process of determining who has access to the network.
  • Media translation: Different IP communications solutions use different codecs to encode and decode voice calls. Teams, for example, supports the Microsoft SILK codec, while many SIP trunk providers prefer the G.711 codec. An SBC can translate media streams from one codec format to another to enable interoperability.
  • Analytics & nuisance call mitigation: SBCs provide health and utilization statistics and alarms for network analytics solutions and reporting tools. They help operations and planning teams gather performance insights, detect issues, and quickly resolve problems. They also help administrators efficiently identify and block nuisance calls like robocalls.

Microsoft Direct Routing - Versatile and Ideal for Multi-Site Implementations

Microsoft Direct Routing lets you directly manage your telecom provider relationships. It is the most flexible option for connecting to the telecom provider, and the only option that protects and extends investments in incumbent phone systems and analog equipment. It is also the only option that gives you the freedom to choose virtually any telecommunications service provider-including your existing carrier. With Direct Routing, you connect Teams Phone to a telecom provider of your choice using a SIP (Session Initiation Protocol) trunk. The SIP trunk is terminated on a Microsoft-certified Session Border Controller that secures and controls real-time IP communications calls (aka SIP sessions) and provides interoperability with legacy equipment. The SBC can be deployed on your premises, in a data center, in a private or public cloud (e.g., Azure, AWS, Google Cloud Platform), or delivered as a managed service by a systems integrator, reseller, or telecommunications service provider. Ideal for established businesses and larger organizations, Direct Routing lets you gradually migrate users to Teams and decommission legacy communications systems and services on your own terms to minimize disruption and avoid early termination fees and penalties. Direct Routing also supports a local survivability mode so you can connect branch offices to a telecom provider and continue to make and receive outside calls if Microsoft 365 is down or unreachable.

The Role of SBCs in Direct Routing

An SBC is an intermediary network element that acts a bit like a guard at an international border, inspecting traffic as it crosses from one side to the other, watching for trouble, blocking bad actors from entering, and regulating traffic flows. In the case of Teams Phone, the SBC manages the Voice over IP (VoIP) traffic between the Microsoft cloud and your telecommunication service provider's network. It secures the traffic, resolves interoperability and interworking issues, and collects network health and performance information. Businesses and telecom providers have used SBCs for decades to secure IP-based communications and to integrate disparate communications platforms. The first SBCs were specialized hardware-based appliances. Today, you can take advantage of virtualized or cloud-native SBCs that run in virtual machines or in containers for ultimate economics, agility, and simplicity. In larger networks, SBCs are typically deployed in conjunction with other IP communications components like routing and policy engines, element management systems, and data analytics tools. SBCs play a critical role as the security and interoperability elements within a larger communications ecosystem.

Ribbon Direct Routing Solutions for Microsoft Teams

Ribbon offers an extensive portfolio of Microsoft-certified SBCs that let you connect Phone System and Teams users to a telecom provider-quickly, securely, and cost-effectively. Ribbon SBC functions include:

  • Security capabilities to protect against malicious attacks and eavesdropping.
  • Interworking functionality to support legacy PBXs and enable graceful migrations.
  • Connectivity options for analog devices-lobby phones, elevator phones, fax machines, etc.
  • Protocol and codec normalization and translation features to mitigate interoperability issues.
  • Resiliency and failover options to ensure high availability for business-critical communications.

The Ribbon SBC portfolio supports a wide variety of network architectures, deployment and operations models, and performance, scalability, and availability requirements. Ribbon offers hardware-based and software-based SBCs for on-premises deployment, as well as cloud-native SBCs for private clouds or public clouds like Azure, AWS, and Google Cloud Platform. Ribbon also supports a fully managed SBC as a Service option called Ribbon Connect for Microsoft Teams Direct Routing.

The table below summarizes the various Ribbon SBC implementation options.

Platform/Deployment Type Pros Cons
Hardware Appliances
  • Optimized hardware delivers peak performance/scale
  • Dedicated hardware for media management
  • Options for built-in gateway ports
  • Options for local survivability - Microsoft Survivable Branch Appliance (SBA)
  • Ribbon supports all aspects of the product, including hardware failure
  • May require a complete platform upgrade in the future
  • Initial expense is higher as customer is buying all elements at once
Virtualized Software on Commercial Hardware
  • Use cost-effective commercial hardware and/or use a platform that's common across multiple apps
  • Greater flexibility in terms of hardware scale and future upgrades
  • Options for local survivability - Microsoft Survivable Branch Appliance (SBA)
  • Commercial hardware may require greater resources to get the same performance as an appliance
  • Customers must troubleshoot HW/SW interactions & and hardware failures
  • No built-in options for analog or digital gateway ports
Virtualized software in a Public Cloud (AWS, Azure, Google Cloud)
  • No hardware to buy or maintain
  • Highly scalable
  • Easy to deploy
  • Can be co-located in Azure to minimize latency with Teams
  • No direct control of the hardware platform for troubleshooting, etc.
  • No built-in options for analog or digital gateway ports
Containerized software in a Public Cloud (AWS, Azure, Google Cloud)
  • Incredible scale and availability
  • Elastic scale reduces cloud compute costs during idle periods
  • Uses the same toolsets as other cloud-native apps
  • Cloud-native service orchestration framework is more complex/costly vs virtualized environment
  • No direct control of the hardware platform for troubleshooting, etc.
  • No built-in options for analog or digital gateway ports
Direct Routing as a Service (Ribbon Connect)
  • Deploy on a per per-user, per-month basis all cloud based
  • Web-based configuration eliminates PowerShell-based configuration
  • Unique PBX migration capabilities built-in
  • No direct control of the hardware platform for troubleshooting, etc.
  • No built-in options for analog or digital gateway ports

 

Using Direct Routing and SBCs to Gracefully Migrate from a PBX to Teams

Many organizations, particularly large ones, have made significant investments in existing phone systems, whether it's an on-premises IP-based PBX from Avaya, Cisco, or Mitel, etc. or a multi-year contract for a cloud-based Unified Communications as a Service (UCaaS) offering such as 8x8 or Vonage. They may also have complex business workflows, call routing rules, and dial plans configured. Moving these configurations to a new system is no trivial matter. For these organizations, migrating to Teams Phone may be more of a journey that takes place in different phases rather than a "weekend" cutover. With the Direct Routing option, you can use a Microsoft-certified SBC (or managed SBC service offering) to gradually migrate your incumbent systems and user base to Teams over time. (For example, you can configure incoming calls to ring on both a legacy PBX phone and a Teams desktop or mobile client during an extended transition period and decommission the PBX once all users are comfortable with the new system.) The phased approach helps you minimize disruptions, improve user acceptance, extend previous capital equipment investments, and avoid costly UCaaS subscription termination fees. A dial plan defines the conventions for placing phone calls (eg, dial 9 for an outside lime), for extension lengths (eg, 3 digits or 4 digits), for placing emergency calls (eg, 911 etc in a large, multi-vendor network, dial plans may vary from site to site creating end-to-end call routing challenges.

Migrating Multi-site Organizations

Deploying Microsoft Teams in a heterogenous, multi-site enterprise is not always simple. That's not a reflection of Teams per se, it's a reflection of the complexity of bringing together different brands and generations of communications technology-repeatedly, across multiple sites. It's particularly challenging because most PBX vendors use a mix of proprietary and industry-standard connectivity. As a result, different brands of PBXs are not easy to interconnect. This means that basic actions that might seem simple, like transferring a customer call from the contact center to another employee or transferring a call from one location to another, are complicated or in some cases impossible. Even using a lobby door phone may involve multiple policy decisions such as security settings, routing paths, media transcoding options, and signaling interworking. Decisions like these may be made multiple times during a conversation, and the intelligence for these decisions may reside in multiple network elements such as PBXs, contact centers, Teams, and session border controllers.

To make multi-site migrations easier, Ribbon offers Ribbon PSX, a centralized policy and routing server for large, geographically distributed, heterogenous environments. Ribbon PSX centralizes policy and routing decisions, and interworking functions. It serves a central authority that oversees multiple SBCs and efficiently routes calls between Phone System and legacy assets, and across different sites with different dial plans. In multi-site implementations the PSX controls routing for every phone number, removing these decisions from individual PBXs or SBCs. This means that as routing and policy changes are made across the organization, such as a user's phone number moving from a legacy PBX to Teams, the changes are made in one place and automatically proliferated to every site. This is in contrast to a traditional model where every site's existing PBX or SBC needs to be updated. Ribbon PSX also simplifies network administration and streamlines Teams migrations by leveraging Active Directory for routing information, querying Active Directory to determine the correct destination for an incoming call. Active Directory database changes are automatically reflected in Ribbon PSX call routing decisions. This means an administrator can update Active Directory to reflect that a employee now uses Teams for their phone system, and that change is automatically reflected in Teams AND all of the legacy equipment still in place across the organization.

Ribbon SBC Deployment Options for Microsoft Direct Routing

Ribbon SBCs can be deployed in a variety of ways to satisfy a wide range of customer requirements. You can deploy Ribbon SBCS:

  • In a corporate headquarters, data center, private cloud, or colocation center as part of a centralized architecture
  • In branch offices and other remote locations as part of a decentralized architecture
  • In a public cloud as part of a digital transformation program or greenfield deployment
  • As a managed service offering for ultimate simplicity

Deploying an SBC in a Central Data Center - Hub & Spoke Architecture

Historically, many large, distributed organizations implemented centralized, hub-and-spoke data communications networks to support traditional mainframe and client-server applications and web apps hosted in corporate data centers or colocation centers. With this approach, remote-site traffic is "backhauled" across leased lines or MPLS WANs to a hub site, which also provides centralized internet connectivity for external communications. (For example, an outbound external email might flow from a branch office to a central data center, where it is handed off to the internet.) Not surprisingly, many geographically distributed businesses also set up their PBXs in a hub and spoke network topology. Similar to the data communications example, rather than each remote site having its own outside phone lines, voice traffic is backhauled to a central data center and handed off to a common pool of SIP trunks. If you have a centralized voice network architecture, you can deploy a Ribbon SBC at your hub site to enable telecom provider connectivity for Phone System and to streamline your Teams migration. This approach consolidates and simplifies vendor management (you interact with a single telecom provider). It may also allow you to save money by negotiating volume pricing discounts. With the hub-and-spoke architecture, the SBC acts as a central arbiter for inbound calls. As a call comes into the business, the SBC can determine if it is for a Teams user, a legacy PBX user, contact center user etc. The SBC can also "fork" a call, meaning it can send the call to the PBX and Phone System concurrently, to enable graceful migrations. The SBC can also intercept outbound calls from one platform and connect them to another to interwork disparate PBX implementations. (Many businesses have grown through mergers and acquisitions and rely on a collection of independent hub-and-spoke voice implementations from different vendors. Ribbon SBCs can route calls across dissimilar PBX "silos," mitigating multivendor interworking issues and resolving dial plan discrepancies.) Ribbon offers a wide variety of SBCs that meet the stringent performance, scalability, and resiliency requirements of a central data center implementation including SBC 5400, SBC 7000, SBC Software Edition (SBC SWe) and SBC Cloud Native Edition (SBC CNe). You can also deploy Ribbon PSX in a hub site to centralize policy and routing decisions, and interworking functions, and to gracefully migrate users to Teams.

SBC at the Remote Office - Decentralized Architecture

Most businesses are adopting cloud-based IT platforms and Software as a Service (SaaS) solutions to reduce infrastructure cost and complexity and accelerate the pace of innovation. The cloud fundamentally reshapes enterprise traffic flows, causing many organizations to rethink their data communications network designs. Many are adopting decentralized network architectures, connecting branch offices directly to the internet to provide better performance for SaaS solutions and cloud-based services. (Cloud-destined traffic is no longer unnecessarily routed through the corporate data center.) Ribbon SBCs are ideal for decentralized network architectures. You can deploy them at branch offices and other remote sites to provide direct telecom provider connectivity for Phone System, avoiding unnecessary backhauling. Ribbon SBCS help you secure your calls and protect your branch office infrastructure against malicious attacks. They can also help you preserve investments in legacy analog devices and branch office PBXs. Ribbon offers a variety of SBCs for easy and cost-effective branch-office deployment including SBC 1000, SBC 2000, SBC Software Edition Edge (SWe Edge), Edge 8000 and EdgeMarc Series SBCs. And just like with the hub-and-spoke approach, you can optionally deploy Ribbon PSX in a central data center to consolidate policy and routing decisions, centralize administration, and gracefully migrate users to Teams.

Local Site Survivability

Ribbon SBCs support Microsoft Survivable Branch Appliance (SBA) functionality to enable telecom provider connectivity in the event Microsoft 365 is out of service, or is unreachable due to an internet connectivity failure. The solution lets branch-office users place, receive, hold, and resume outside calls during a Microsoft 365 outage. SBA functionality is particularly important for contact centers or other customer-facing or public-facing organizations where external calls are critical to the business. Ribbon's hardware SBCs support optional analog and T1/E1 connections to the telecom provider as a backup to SIP trunks for an additional layer of resiliency. Ribbon has partnered with Yealink to provide another level of branch office survivability. In the event of a Microsoft 365 outage, the integrated solution lets branch-office users place and receive calls using a Yealink desk phone or Yealink conference phone. (The Yealink phones "register" with the Ribbon SBC, which routes calls to the phone.)

SBC in the Cloud - Virtual Offices

As more organizations move to virtual offices and remote workers, cloud-based SBCs are more and more appealing. In these instances, there may not be any telecom services terminating on premises so there is no reason to have a local SBC. At the same time, given the importance of security, organizations can retain control over their network edge - even if that edge is now in the cloud. As more organizations move away from hub and spoke and move away from on-site dial tone, moving to a cloud-based SBC makes more and more sense. Products like Ribbon's SBC SWe and SBC SWe Edge run on virtual machines in the private or public cloud (Azure, AWS, Google). Utilizing a public cloud for SBC functionality eliminates capital expense for a deployment platform. And cloud-based SBCs are easier to maintain, easier to scale and offer multiple layers of redundancy/resiliency that aren't cost effective for most organization to replicate.

SBC In the Cloud - for Cloud-First Organizations

Many CIOs are aggressively moving to cloud-first deployments of every application; indeed, that might be the driver for your organization to move to a Teams-based Phone System. Organizations expect their security elements to follow this same model, using microservices and containers - leveraging orchestration tools like Kubernetes. A cloud-native SBC architecture is especially appealing to large enterprises that want to use common orchestration and reporting tools for all of their business applications. You can manage Ribbon SBC CNe using the same tools you use to manage other containerized applications. Cloud-native architectures also have an economic benefit-you can expand capacity in real-time to meet increased calling demand (e.g., a seasonal increase) or contract capacity in real-time when calling volumes are low. Cloud-native architectures also enable graceful failover for continuous availability.

Direct Routing as a Service

Ribbon also supports an "as a service" delivery model (Ribbon Connect for Microsoft Teams Direct Routing) that lets you outsource your security and Teams integration to a managed service provider or systems integrator. The service delivers security and integration between Teams and your telecom provider, with optional support for integrating legacy PBXs. Ribbon Connect for Microsoft Teams Direct Routing integrates with existing communications systems, including on-premises PBXs so it won't disrupt any existing business processes or telecom provider contracts. Ribbon Connect for Microsoft Teams Direct Routing is licensed just like Microsoft 365 or any other SaaS solution with simple per user, per month pricing, so you can pay-as-you-grow and tightly align recurring expenses with evolving business needs. The solution simplifies Teams deployments by providing an intuitive web-based interface that lets you set up Teams users, without using Microsoft's complicated PowerShell command line interface (CLI). It also provides ready-made templates for popular telecom providers to make connecting Teams to a provider easy.

Ribbon Management, Analytics, and Threat Prevention Solutions and Capabilities

Ribbon offers a variety of tools for deploying and administering SBCs, and for managing the health, performance, and security of your real-time communications infrastructure and Teams implementation.

Centralized Management and Performance Monitoring

If an organization is deploying one or two SBCs, a simple-to-use web-based interface is ideal. Simply login to make changes or observe status. However, an organization with tens, hundreds, or thousands of sites requires unified and centralized management. Ribbon's Application Management Platform (RAMP) takes on that role, making it easy to create consistent behavior between sites and to make enterprise-wide updates to SBC configurations. RAMP has robust tools to simplify deployment of new sites, report on network performance, and troubleshoot issues across locations. It also includes centralized notifications in case of a failure or WAN outage. Beyond configuration, many larger enterprises need detailed insights into their IP voice traffic i to maintain the quality of service their employees and customers expect. As organizations grows, the number of variables in their network also grow, including the potential for human error. It's not possible to simply "watch" for issues. This is where data analytics applications play a key role. These proactively collect and analyze performance metrics, faults, packet and CDR data produced by network elements and correlate these with Teams KPIs to display aggregate and detailed traffic information, alert on troubles in network or service behavior, and enable drilldown analysis into the network and services. The objective being to create actionable insights that ensure an organization meets its QoS and SLAs commitments to its customers.

Ribbon Analytics provides insights to help you improve the performance and service quality of your IP communications infrastructure and Teams deployment.

The solution uses machine learning and artificial intelligence to transform raw performance data gathered from Ribbon SBCs, Teams, and other sources into meaningful and actionable information. By establishing a well-defined baseline of what is categorized as "normal" voice and video sessions as well as IP port activity, deviations from this baseline can be quickly identified in real-time. With access to network data (KPIs and service metrics) and call detail records, it's possible to get an end-to-end view of network operations and network-wide troubleshooting, to provide alerts on negative service impact. It helps improve Teams users' experience and satisfaction and reduce adoption barriers.

Nuisance Calling Mitigation and Threat Prevention

Behavioral analytics is already a key part of the wider security and threat detection investments made by many organizations. These same tools should be applied to telecom service such as Teams to identify and prevent communications fraud, theft, or nuisance calls (that steal employees' time). This type of solution needs to be broad reaching, collecting data from multiple network elements, including SBCs, and analyzing this data for anomalies that identify threats or disruptions to communications traffic. Information on potential threats and the bad actors who initiate these threats is often combined with a cloud-hosted Reputation Scoring service to determine, in real-time, if a given IP communications session is likely malicious and what to do about it before it disrupts business or causes loss of confidential data or financial loss. It's critical to be able to respond to a wide range of threats including nuisance calls, toll fraud, and Telephony Denial of Service (TDoS) attacks, across an organization's network, in real-time. By combining Ribbon Analytics and Ribbon's Call Trust services, an organization has a complete solution to meet this need. With Ribbon, an organization can centralize its anomaly detection, severity determination and creative action. The organization can then share that information out to its SBCs across the enterprise. By acting across the organization, it's harder for a bad actor to effectively exploit the same attack at different sites. We know that bad actors never rest, that why Ribbon's solution is highly adaptable to identify new threats, flexible enough to easily integrate new threat intelligence, and scalable enough to support any sized organization.

Summary

Microsoft Direct Routing is the most flexible way to connect Microsoft Phone System to a telecom provider so Teams users can place and receive outside calls. Direct Routing uses a certified Session Border Control, installed on your premises or in the cloud, to manage, control, and secure IP-based communications traffic, and protect your enterprise infrastructure. Ribbon offers an extensive collection of Direct-Routing-certified SBCs to satisfy a wide range of network topologies, deployment options, and performance requirements. You can choose from hardware and software-based SBCs for on-premises deployment, cloud-native SBCs for private or public cloud deployment, and an SBC as a Service option for carefree installation and operation. Ribbon SBCs let you connect to the telecom provider of your choice-quickly, easily, and securely-and gracefully migrate PBX users to Phone System on your own terms. The solutions provide high availability and service quality for business-critical communications, and let you preserve investments in legacy analog devices.