MS Teams Session Border Controller (TSBC)
TSBC allows the interconnection between the internal PBX system, that is running on plain old SIP on UDP protocol
and the MS Teams VoIP platform, which uses SSIP (Secure SIP) on TCP/TLS protocol.
Interconnecting the local PBX system and MS Teams platform, requires the implementation of a dedicated local
SBC device, which sits between MS Teams VoIP platform and local PBX, which can be quite costly.
Other solution is to expose local PBX system to the public world, which is not considered the best practise
security wise. Even if the PBX is exposed to the public, being able to communicate with MS Teams platform,
it would still require changing some SIP headers to comply with MS Teams security specifications.
Usually, these local PBX systems like Asterisk do not have the capability to manipulate SIP headers in such
a specific fashion.
TSBC connects your local PBX (any SIP compatible PBX) with MS Teams voice platform.
It sits between MS Teams and local PBX, translating SIP/RTP traffic. On MS Teams side SSIP/TLS and on the
other, local, SIP/UDP traffic.
Prerequisites
Deployed infrastructure
TSBC deploys two (or three) docker containers.
zeljkoiphouse/kamailio:v0.2
- Kamailio based container which handles
all the SIP signalisation traffic between local PBX and MS Teams VoIP platform.
zeljkoiphouse/rtpengine
- RTPEngine based container which handles
all the RTP (media) traffic.
linuxserver/swag
- container that handles TLS certificates utilising LetsEncrypt service.
There will always be only one container per docker host.
Command usage
Docker host requirements
- All traffic from MS Teams platform IP
addresses
forwarded to docker host.
- DNS name for the SBC tied to the public IP address of docker host
- Ports
tcp/80
and tcp/443
forwarded to docker host as they are needed for certificate verification
- Local
PBX
and TSBC
host, directly reachable on the IP level (same LAN or routed)