Multi Tenant Teams - Configure a Session Border Controller for multiple tenants

[RichardDCG]

Are these the steps for Vodia multi tenant to provide Teams SBC service to multiple tenants? 

https://learn.microsoft.com/en-us/microsoftteams/direct-routing-sbc-multiple-tenants

I'm probably over thinking it and getting a bit confused as to the subdomain requirements...

If our PBX currently has a base domain 'hosted-pbx.com', and each tenant has an instance 'tenant.hosted-pbx.com' they all currently connect to, do I need to create an additional subdomain in my O365 tenancy and then each client creates that as their base domain? 

 

i.e. I have 'hosted-pbx.com' as the base domain, do I also need to create a subdomain 'company.hosted-pbx.com' in our O365 and then the tenant sets up 'tenant.company.hosted-pbx.com' as their base domain in their O365?

Or can they just use 'tenant.hosted-pbx.com' as their domain and we don't need the intermediate 'company.hosted-pbx.com' bit?

[Scott1234]

You need to setup the primary SBC on your MS tenant as a wildcard setup, which will also require the appropriate wildcard certificate. The customer will still need to verify the tenant domain in their instance, but it then allows you to make a voice route that points directly to the tenant.hosted-pbx.com wild card teams SBC without needing to establish and maintain a dedicated SBC in each customers MS tenant. 

when creating the voice route, you just link it to the wildcarded domain such as,

New-CsOnlineVoiceRoute -Identity "AU" -OnlinePstnGatewayList tenant.hosted-pbx.com -NumberPattern ".*" -OnlinePstnUsages "AU"

I have tested with another SBC but not tried the setup with the PBX.

I posted before but I was not logged in.

[RichardDCG]

I may have confused the query,  the base domain is hosted-pbx.com and I currently just add A records in our hosted-pbx.com domain for each tenant - tenant1, tenant2, tenant3 ... that point to the PBX -  tenant1.hosted-pbx.com, tenant2.hosted-pbx.com, tenant3.hosted-pbx.com ... 

 

Sounds like I do need to add a subdomain and the tenant then adds theirs?.. e.g.

Our config in O365:

has the base domain: hosted-pbx.com

I add a subdomain: customer.hosted-pbx.com

 

Tenant 1 config in O365:

adds a base domain: tenant1.customer.hosted-pbx.com

 

I setup a TXT record for them to verify against and an A record for tenant1.customer in hosted-pbx.com that resolves to the PBX

I set on our O365:

New-CsOnlinePSTNGateway -FQDN customer.hosted-pbx.com -SIPSignalingPort 5061 -ForwardPAI $true -Enabled $true

or ... if I dont have a lot of Teams SBCs to setup, can I rename the tenant1.hosted-pbx.com to tenant1.customer.hosted-pbx.com in Vodia 'Primary DNS address' for the tenant, and use LetsEncrypt to create a cert each time? I then use the following format for each tenant I want to setup:

New-CsOnlinePSTNGateway -FQDN tenant1.customer.hosted-pbx.com -SIPSignalingPort 5061 -ForwardPAI $true -Enabled $true

 

They add to their O365:

New-CsOnlineVoiceRoute -Identity "AU" -OnlinePstnGatewayList tenant1.customer.hosted-pbx.com -NumberPattern ".*" -OnlinePstnUsages "AU"

[RichardDCG]

I need to setup a single tenant quite quickly.  Would this work?

 

Our config in O365:

has the base domain: hosted-pbx.com

I add a subdomain: customer.hosted-pbx.com

 

Tenant 1 config in O365:

adds a base domain: tenant1.customer.hosted-pbx.com

 

I setup a TXT record for them to verify against and an A record for tenant1.customer in hosted-pbx.com that resolves to the PBX

I set on our O365:

 ... if I dont have a lot of Teams SBCs to setup, can I rename the tenant1.hosted-pbx.com to tenant1.customer.hosted-pbx.com in Vodia 'Primary DNS address' for the tenant, and use LetsEncrypt to create a cert each time? I then use the following format for each tenant I want to setup:

New-CsOnlinePSTNGateway -FQDN tenant1.customer.hosted-pbx.com -SIPSignalingPort 5061 -ForwardPAI $true -Enabled $true

 

They add to their O365:

New-CsOnlineVoiceRoute -Identity "AU" -OnlinePstnGatewayList tenant1.customer.hosted-pbx.com -NumberPattern ".*" -OnlinePstnUsages "AU"

[Scott1234]

Can't comment on the way you are going about it.

I basically just run or have the customer run the commands directly against their own tenant, nothing to do with my own.

So basically, I am just adding the pbx domain/sbc to their team's instance. If you are going about the above, I would be going down the path of looking at the proper wildcard setup to see if it works but you will need a proper non let's encrypt certificate I think to maintain, otherwise not worth the effort. 

[RichardDCG]

3 hours ago, Scott1234 said:

So basically, I am just adding the pbx domain/sbc to their team's instance.

thanks for your replies.  Do you setup a tenant using their own domains?  Then just setup a Teams trunk and they do all the config on their end?

[Scott1234]

Yeah,

So pbxcustomer.domain.com  has to be verified via TXT record on the customers 365, and once done then create a temporary resource account in their teams tenant under the voice menu that uses that verified domain. 

Then do the normal SBC / dial plan setups, and it should be good to go, with the team's trunk added on that customer's pbx domain. 

[RichardDCG]

sounds good, thanks.

[RichardDCG]

20 minutes ago, Scott1234 said:

So pbxcustomer.domain.com  has to be verified via TXT record on the customers 365,

If the customer already has a domain and 365 tenant - customerdomain.com 

Do I have them create an A record for pbx.customerdomain.com to point to our Vodia I then add pbx.customerdomain.com to my Vodia instance and lets-encrypt creates a certificate or do they need to setup another domain pbxcustomer.domain.com and relevant A record for the Vodia setup and I set that in Vodia?

I then create the Teams trunk (using the config you provided in another post) and they setup their O365 end as per normal.

 

 

[Scott1234]

It's whatever domain name that is being used on the PBX its self for the customer, hence the PBX manages any cert's related to it.

[RichardDCG]

1 hour ago, Scott1234 said:

So pbxcustomer.domain.com  has to be verified via TXT record on the customers 365

 

1 hour ago, Scott1234 said:

It's whatever domain name that is being used on the PBX its self for the customer,

@Scott1234 thanks for your help on this.  I'm getting confused by this a bit.

my vodia pbx domain is hosted.com with tenants customer1.hosted.com, customer2.hosted.com, customer3.hosted.com

I want to use Teams trunks with customer1.hosted.com

[Scott1234]

16 hours ago, RichardDCG said:

 

@Scott1234 thanks for your help on this.  I'm getting confused by this a bit.

my vodia pbx domain is hosted.com with tenants customer1.hosted.com, customer2.hosted.com, customer3.hosted.com

I want to use Teams trunks with customer1.hosted.com

Yeah you will use, customer1.hosted.com as the domain you verify on their 365 then run the config against to add the SBC on their 365.

Don't get confused reading the MS doco for wildcard setup, as that is not what is being done here, that is a whole different approach.

 

[RichardDCG]

@Scott1234 good stuff!  Looks like I have it working.  Thanks for your help, appreciated.