Add Operator Connect BYOC Customer onboarding script
This script adds an Operator Connect service for a customer using the customers' BYOC SIP Trunk (see Enabling Operator Connect License):
|
■
|
A unique Proxy Set is created for each BYOC trunk according to configured custom variables: |
|
●
|
Carrier-TransportType_UDP-TCP-TLS |
|
●
|
Carrier-MediaSecurity_Secure-Unsecure |
|
■
|
An IP Group for the customer side is created with dial plan tag: Trunk=<MsTenantId> and pre-defined “Unsecure” or “Secure” IP Profile. |
|
■
|
An IP Group for the Microsoft Teams Operator Connect side is created with dial plan tag: Tenant=<MsTenantId>. |
|
■
|
If 'Carrier Registration' is configured, a rule is added to the Account Table for registration of the new customer IP Group towards the Carrier IP Group. |
|
■
|
All numbers uploaded for the customer are added to the 'OCDialPlan' and are assigned the dial plan tag Trunk={{MsTenantId}} for SBC call leg and Tenant={{MsTenantId}} for the Teams call leg.. |
Copy
### Script Version OC 1.0 ###
# Adding a New BYOC OC Customer
#
# Customer variables:
# Carrier-ProxyAddress
# Carrier-SIPPort
# Carrier-TransportType_UDP-TCP-TLS
# Carrier-MediaSecurity_Secure-Unsecure
# in Production environment need to enable access list
#configure network
# access-list new
# source-ip "{{CustomVar.Carrier-ProxyAddress}}"
# prefixLen 32
# description "{{CustomerId}}"
# use-specific-interface enable
# network-interface-name "eth1"
# activate
# exit
#exit
configure voip
proxy-set new
proxy-name "{{CustomerId}}"
proxy-enable-keep-alive using-options
srd-name "DefaultSRD"
sbcipv4-sip-int-name "SIPTrunk"
activate
proxy-ip 0
proxy-address "{{CustomVar.Carrier-ProxyAddress}}:{{CustomVar.Carrier-SIPPort}}"
transport-type "{{CustomVar.Carrier-TransportType_UDP-TCP-TLS}}"
activate
exit
exit
ip-group new
name "{{CustomerId}}-c"
proxy-set-name "{{CustomerId}}"
srd-name "DefaultSRD"
classify-by-proxy-set disable
ip-profile-name "{{CustomVar.Carrier-MediaSecurity_Secure-Unsecure}}"
call-setup-rules-set-id 5
tags "Trunk={{MsTenantId}}"
activate
exit
ip-group new
name "{{CustomerId}}-t"
proxy-set-name "Teams-OC"
srd-name "DefaultSRD"
classify-by-proxy-set disable
ip-profile-name "Teams"
outbound-mesg-manipulation-set 1
always-use-source-addr enable
call-setup-rules-set-id 4
tags "Tenant={{MsTenantId}}"
{{#if SBC.EnableCAC}}
cac-profile "{{SBC.CacProfile}}"
{{/if }}
activate
exit
{{#if SBC.FlagCarrierRegistration}}
sip-definition account new
account-name "{{CustomerId}}"
served-ip-group-name "{{CustomerId}}-t"
serving-ip-group-name "{{CustomerId}}-c"
user-name "{{SBC.CarrierUserName}}"
password "{{SBC.CarrierPassword}}"
host-name "{{SBC.CarrierHostName}}"
contact-user "{{SBC.CarrierMainLine}}"
register reg
application-type sbc
activate
exit
{{/if }}
do write
Edit script and configure the following as required:
|
■
|
Firewall rules: Change the last rule to “Block” once you aligned everything according to your implementation |
|
■
|
Quality of Experience settings |
|
■
|
SIP Interface and SIP Trunk source IPs |
|
■
|
SIP Trunk Classification and Condition |
|
■
|
Update Proxy Set addresses for "SIP Trunk" |
|
■
|
Import Certificates (wildcard certificates for SBC can be found at Cert-Center repository). Retrieve the PFX password from the PFX Certificate Repository. |
|
■
|
Message Manipulation: Change the value to the FQDN of the Operator Connect SBC. |
|
■
|
Add CAC Profiles according to the customer’s needs |
|
■
|
Add DNS IPs if required |
|
■
|
Add CAC Profiles according to the customer’s needs |
|
■
|
Add DNS IP addresses if required. |
|
■
|
Enable floating licenses on the SBC as required |
|
■
|
Save and Restart the SBC |