Configuration Note 2. Prepare for SBC Configuration
Microsoft Office 365 Exchange UM with IP PBXs 11 AudioCodes Mediant SBC
2 Prepare for SBC Configuration
Before configuring the SBC to route traffic to and from Office 365 Exchange Online UM,
there are several steps that must be followed. Specifically, DNS configuration is required,
followed by some Exchange Online UM configuration.
2.1 Configure DNS
The Exchange Online UM service in Office 365 must be able to locate the AudioCodes
SBC when Exchange Online UM needs to initiate communication. Exchange Online UM
relies on its own configuration and use of the Domain Name Service (DNS) to discover the
IP address of the (external interface of the) SBC.
Assign (have your network administrator assign) an IP address and host name for the
external interface of the SBC. For example, Contoso (see Figure 1-1) might decide to use
sbcexternal.contoso.com as the name. Add this name and the corresponding IP address to
the public DNS entries for your domain.
2.2 Certificate Generation
You must replace the SBC’s self-signed certificate. This can be done during the main
process of SBC configuration. However, you may wish to consider the requirements before
embarking on the configuration.
The new certificate must meet the following requirements:
It must be signed by a recognized Certificate Authority (CA). Self-signed certificates
(the kind that customers can generate and sign themselves) are not suitable for
communication with Exchange Online UM.
The Subject Name (CN) that is contained in the certificate must match the fully
qualified domain name (FQDN) of the SBC’s external address (see DNS Configuration
above). For example, if the SBC will be addressed as sbcexternal.contoso.com, make
sure that the Subject Name in the certificate contains exactly the same string, i.e.
sbcexternal.contoso.com.
The certificate should be suitable for use for SSL (Secure Sockets Layer).
You must generate and send a Certificate Signing Request to one of the supported
Certificate Authorities (see below). The CA will sign and issue a certificate for the device.
The details of submitting the request, making payment and receiving the certificate issued
will depend on the CA chosen.
At the time of writing, the following Certificate Authorities are supported by Office 365
Exchange Online UM:
DigiCert (http://www.digicert.com/)
Entrust (http://www.entrust.com/)
Geotrust (http://www.geotrust.com/)
GoDaddy (http://www.godaddy.com/)
GTE CyberTrust (http://www.verizonbusiness.com/Products/security/identity/ssl/)
RSA Security (http://www.rsa.com/)
Thawte (http://www.thawte.com/)
Verisign (http://www.verisign.com/)
When the CA issues the certificate and returns it, save the certificate to a text file. For more
information on retrieving certificates for Exchange UM Online, refer to the following link:
https://msdn.microsoft.com/en-us/library/gg702672(v=exchsrvcs.149).aspx
For details on the process and how to load the certificate to the device, see Section 3.10
on page 48.