SBC Configuration Changes to replace

Microsoft Teams Trusted CA Certificate

Step By Step Configuration Changes

COMMUNICATIONS
Disclaimer
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be rel ied
upon in making purchasing decisions. The development, release, and timing of any features or functionality described for
Oracle’s products remains at the sole discretion of Oracle.

2
Table of Contents
1 INTENDED AUDIENCE ......................................................................................................................................4
2 DOCUMENT OVERVIEW...................................................................................................................................4
3 RECOMMENDATIONS .......................................................................................................................................4
4 CONFIGURATION ADJUSTMENTS GUI .........................................................................................................5
4.1 ADDING A CERTIFICATE RECORD ............................................................................................................................................. 5
4.1.1 DigiCert Global Root G2 .................................................................................................................................................. 5
4.1.2 Save and activate the SBC Configuration ............................................................................................................... 6
4.1.3 Import DigiCert Global Root G2 Certificate .......................................................................................................... 7
4.2 TLS PROFILE .............................................................................................................................................................................. 11
4.3 ADDING MICROSOFT TEAMS TEST ENDPOINT................................................................................................................... 13
4.4 VERIFY CONNECTIVITY............................................................................................................................................................. 15
4.5 REMOVING TEST AGENT .......................................................................................................................................................... 16
4.6 REMOVING BALTIMORE ROOT CA CERTIFICATE .............................................................................................................. 17
4.6.1 Remove from TLS Profile ............................................................................................................................................ 17
4.6.2 Deleting Certificate Record ........................................................................................................................................ 18
5 CONFIGURATION ADJUSTMENTS ACLI..................................................................................................... 19
5.1 ADDING A CERTIFICATE RECORD .......................................................................................................................................... 20
5.1.1 DigiCert Global Root G2 ............................................................................................................................................... 20
5.1.2 Save and Activate SBC Configuration ................................................................................................................... 22
5.1.3 Import DigiCert Global Root G2 Certificate ....................................................................................................... 23
5.2 TLS PROFILE .............................................................................................................................................................................. 24
5.3 ADDING MICROSOFT TEAMS TEST ENDPOINT................................................................................................................... 26
5.4 VERIFY CONNECTIVITY............................................................................................................................................................. 27
5.5 REMOVING TEST AGENT .......................................................................................................................................................... 28
5.6 REMOVING BALTIMORE ROOT CA CERTIFICATE .............................................................................................................. 29
5.6.1 Remove from TLS Profile ............................................................................................................................................ 29
5.6.2 Deleting Certificate Record ........................................................................................................................................ 30
6 VERIFY TEAMS SESSION AGENTS .............................................................................................................. 31

3|Page
1 Intended Audience
This document is intended for IT professionals and administrators of the Oracle Communication Session Border
Controller. This document is specific to existing deployments of the Oracle SBC with Microsoft Teams Direct
Routing.
Note: To zoom in on screenshots of Web GUI configuration examples, press Ctrl and +.

2 Document Overview

Microsoft 365 is updating services powering messaging, meetings, telephony, voice, and video to use TLS
certificates from a different set of Root Certificate Authorities (CAs). This change is being made because the
current Root CA will expire in May 2025.

More information about these changes can be found at the following link:

Office TLS Certificate Changes

To secure the connection between the Oracle SBC and Microsoft Teams Direct Routing, you must explicitly
specify a list of acceptable CA’s, a practice referred to as certificate pinning. This document provides step by
step instructions to add the new Root CA certificate to the Oracle SBC’s configuration, and how to apply it to
authenticate with Microsoft

If the configuration adds and changes outlined below in this guide are not performed by January 2023, there
may be an impact to your Microsoft Teams Direct Routing service.

These changes apply to both Oracle enterprise and service provider Session Border Controller product type.

If you have any questions, please reach out to your Oracle Account Team.

3 Recommendations

1. Oracle recommends all configuration changes be performed during a maintenance window or low traffic
period.
2. Prior to making any changes, create a backup of your SBC configuration and store a copy off box.
3. Download the DigiCert Global Root G2 and have it accessible.
4. If you have an HA pair, you only need to perform these changes on the current Active SBC. Certificate
records are part of the SBC’s configuration file and will be shared with the standby SBC when the
configuration is saved and activated.
5. Microsoft has created a test endpoint, sip.mspki.pstnhub.microsoft.com. This will be added to the
Oracle SBC’s configuration to ensure connectivity using the new root CA certificate.
6. Do not remove the existing Baltimore Root CA that is currently in use until Microsoft has officially
announced it is no longer in production use. Currently, that is not expected before January 2023, but is
subject to change.

4|Page
4 Configuration Adjustments GUI

This chapter outlines how to perform the required configuration changes using the Oracle SBC GUI.

If your Oracle SBC is running as a service provider (non-Enterprise Session Border Controller product type)
with no GUI access, click here for configuration adjustments using the SBC ACLI.

4.1 Adding a Certificate Record

Note: All GUI screenshots have been collected from an Oracle SBC running release nnSCZ900. The GUI in
nnSCZ830 has a different appearance.

The first step is to configure a new certificate record.

“Certificate-records” are configuration elements on Oracle SBC which capture information for a TLS certificate
such as common-name, key-size, key-usage etc.

This section walks you through how to configure a new certificate record, and import the necessary certificate
into the SBC’s configuration.

GUI Path: security/certificate-record

4.1.1 DigiCert Global Root G2

The DNS name of the Microsoft Teams Direct Routing interface is sip.pstnhub.microsoft.com. Microsoft
presents a certificate to the SBC which was previously signed by Baltimore CyberTrust Root. Microsoft is
replacing Baltimore Cyber Trust Root with DigiCert Global Root G2. To trust this certificate, your SBC must
have the DigiCert Global Root G2 certificate listed as a trusted ca certificate.

You can download this certificate here: DigiCert Global Root G2

5|Page
Use the following example to configure a new certificate record:

• Click OK at the bottom when finished populating the required fields.

4.1.2 Save and activate the SBC Configuration

Once you have configured a new record for the DigiCert Global Root G2 certificate, you will need to save and
activate your configuration.

6|Page
4.1.3 Import DigiCert Global Root G2 Certificate

Next, we need to import the certificate to the new certificate record. While on the Certificate Record page in the
SBC GUI, select the record just created, and click the import icon at the top:

On the Import Certificate screen, under format select “try-all” from the drop down.

Notice there are two options under Import Method, File and Paste.

7|Page
4.1.3.1 File Import

If you select the radio button next to File,

Click Upload, navigate to the local directory where you stored the DigiCert Global Root G2 certificate file you
downloaded previously, and select it:

8|Page
Next, click Import at the bottom,

Note: You should see a notification appear at the top of the screen stating the certificate was imported
successfully.

Close the Import Certificate window

save and activate your configuration

4.1.3.2 Paste Import

If you select the radio button next to Paste:

9|Page
In the text box, paste the entire output from the file “Digicert Global Root G2” certificate downloaded previously.

“CNTL v” may be required to paste.

Click Import at the bottom:

10 | P a g e
Note: You should see a notification appear at the top of the screen stating the certificate was imported
successfully.

Close the Import Certificate window

save and activate your configuration

Next, we’ll add the new “Digicert Global Root G2” certificate to the TLS Profile trusted CA certificate list.

4.2 TLS Profile

TLS profile configuration on the SBC allows for specific certificates to be assigned.

GUI Path: security/tls-profile

Check the box next to the TLS profile being used to secure the connection with Microsoft Teams and click the
pencil icon at the top to edit.

11 | P a g e
On the Modify TLS Profile page, click inside the box next to “Trusted CA Certificates” to bring up a list of
available certificates:

Select the certificate name that corresponds to the new DigiCert Global Root G2 cert. As you can see below,
the new Root CA certificate is in addition to the existing Baltimore Root CA certificate that is currently in use.

Do not remove the Baltimore Root CA certificate from the TLS profile or your configuration until Microsoft
officially announces it is no longer in production use. This will cause a service disruption.

12 | P a g e
Click OK at the bottom of the screen:

save and activate your configuration

This concludes the steps needed to add a new trusted CA certificate to the Oracle SBC’s trust store. Next, we’ll
walk through how to add the Microsoft Teams test endpoint to the configuration.

4.3 Adding Microsoft Teams Test Endpoint

Microsoft has created a test endpoint with a certificate issued from the new Root CA certificate. This enables
customers to test connectivity using the new certificates prior to going into production. The hostname of this
agent /endpoint is:

sip.mspki.pstnhub.microsoft.com

13 | P a g e
Please note, you cannot send production traffic to this session agent/endpoint. Its main function is to validate
the TLS handshake between the SBC and Direct Routing Interface using the new certificates. This
agent/endpoint will only reply to SIP Options messages generated by the Oracle SBC once the TCP/TLS
handshake is successful.

GUI Path: session-router/session-agent

Click the Icon at the top to add a new session agent:

Use the information in the table below to configure a new Session agent for testing:

SBC Configuration Parameter Value

Hostname sip.mspki.pstnhub.microsoft.com

Port 5061
Transport Method StaticTLS
Realm ID Teams (Name of your Teams realm)
Ping Method OPTIONS
Ping Interval 30

14 | P a g e
Click OK at the bottom.

save and activate the configuration

4.4 Verify Connectivity

Now that we have configured and imported Microsoft’s new root CA certificate, added it to the trust list of the
TLS profile, and configured a new session agent for testing, we can now verify the new session agent is in
service and receiving responses to SIP OPIONS messages.

A quick way to check the connection to the agent is by using the Wigits tab at the top of the GUI home page:

GUI Path: Widgets/Signalling/SIP/Agents/Agents Individual

15 | P a g e
Just below the hostname of the test agent, sip.mspki.pstnhub.microsoft.com, you should see the letter I,
indicating the agent is in service. The session agent can only be in service if the TCP/TLS connection to
Microsoft Teams is successful, and the SBC has received a response to SIP OPTIONS.

4.5 Removing Test Agent

Once you have verified the connection to Teams using the new certificates, the Microsoft test endpoint/agent
can be removed from the SBC’s configuration.

GUI Path: session router/session agent

Check the box next to the session agent you want to delete, and click the delete icon on the top right hand side,
just above the list of agents:

Next, hit confirm to remove the agent from the configuration:

16 | P a g e
Save and activate the configuration.

4.6 Removing Baltimore Root CA Certificate

Do not perform the steps outlined in this section until Microsoft confirms the Baltimore Root CA certificate is no
longer in production use. Prematurely removing the Baltimore Root CA certificate will cause a service
disruption.

Once you have verified the Baltimore Root CA certificate is no longer required to secure the connection
between the Oracle SBC and Microsoft Teams Direct Routing Interface, you can remove it from your SBC’s
configuration.
4.6.1 Remove from TLS Profile

The first step in removing the Baltimore Root CA cert from your configuration is to remove it from the TLS
Profile.

Like the step above regarding adding a new certificate to the TLS Profile, we’ll be removing it.

GUI Path: security/tls-profile

Check the box next to the TLS profile being used to secure the connection with Microsoft Teams and click the
pencil icon at the top to edit.

17 | P a g e
On the “Modify TLS Profile” page, in the box next to Trusted CA Certificates, click the X located to the
immediate right of the certificate you want to remove. In this case, the name of the cert we are deleting from
the profile is “BaltimoreRoot”:

Click OK at the bottom of the page.

Next, we’ll delete the certificate from the SBC’s configuration.

4.6.2 Deleting Certificate Record

Now that we’ve removed the Baltimore Root CA certificate from the TLS profile, we can delete it from the
configuration.

Only perform this step if you have verified this certificate is not being used in any other TLS profiles to secure
connections to your Oracle SBC.

GUI Path: security/certificate-record

Select the certificate record to be removed and click the delete icon at the top of the page.

18 | P a g e
(Only use the delete icon on the right side of the screen as shown below)

Click Confirm to remove it:

save and activate your configuration

5 Configuration Adjustments ACLI

This chapter outlines how to perform the required configuration changes using the Oracle SBC CLI.

If your Oracle SBC is running as an Enterprise model, (Enterprise Session Border Controller product type) with
GUI access, click here for configuration adjustments using the SBC GUI.

19 | P a g e
5.1 Adding a Certificate Record

Note: All screenshots have been collected from an Oracle SBC running release nnSCZ900.

The first step is to configure a new certificate record.

“Certificate-records” are configuration elements on Oracle SBC which capture information for a TLS certificate
such as common-name, key-size, key-usage etc.

This section walks you through how to configure a new certificate record, and import the necessary certificate
into the SBC’s configuration.

ACLI Path: config t→security→certificate-record

5.1.1 DigiCert Global Root G2

The DNS name of the Microsoft Teams Direct Routing interface is sip.pstnhub.microsoft.com. Microsoft
presents a certificate to the SBC which was previously signed by Baltimore CyberTrust Root. Microsoft is
replacing Baltimore Cyber Trust Root with DigiCert Global Root G2. To trust this certificate, your SBC must
have the DigiCert Global Root G2 certificate listed as a trusted ca certificate.

You can download this certificate here: DigiCert Global Root G2

5.1.1.1 Paste Config Option

The fastest way to create a new certificate record is with the Oracle SBC’s CLI option “paste config”. You can
copy and paste the information below into your configuration quickly using this option. Please see the example
below:

ACLI Path: config t→paste-config

20 | P a g e
 NN3950-101# config t
NN3950-101(configure)# paste-config
Paste configuration onto console. Enter <CTRL-D> to stop.
certificate-record
name DigiCertGlobalRootG2
country US
state MA
locality Burlington
organization DigiCert
unit www.digicert.com
common-name DigiCert Global Root G2
key-size 2048
alternate-name
trusted enabled
key-usage-list digitalSignature
keyEncipherment
extended-key-usage-list serverAuth
key-algor rsa
digest-algor sha256
ecdsa-key-size p256
-----------------

(0 errors)
Do you want to accept this configuration [y/n]?: y

(1 top-level objects written)

NN3950-101(configure)#

(After pasting the information in, as noted in the example above, press CTRL D to stop)

Next, back out of configuration mode by typing exit at the prompt, then save and activate your configuration:

5.1.1.2 Manual Configuration Via ACLI

If you prefer to configure the new certificate record manually through the Oracle SBC’s ACLI, please do the
following

ACLI Path: config t→security→certificate-record

The information below can be used to configure the new certificate record. All other information can remain at
default values:

Once you have configured these fields, type “done” at the prompt

21 | P a g e
Next, type “quit” at the prompt to exit config mode.

Save and activate your configuration.

5.1.2 Save and Activate SBC Configuration

22 | P a g e
5.1.3 Import DigiCert Global Root G2 Certificate

Next, we need to import the certificate to the new certificate record. There are two options to accomplish this,
either by importing the file to the certificate record, or by pasting the certificate into to the SBC’s configuration.

5.1.3.1 File Import

First, the DigiCert Global Root G2 certificate downloaded previously needs to be placed in the /opt directory of
the SBC.

SFTP to the SBC’s management IP and transfer a copy of the file to /opt.

Next, run the following command via the Oracle SBC’s ACLI:

Import-certificate try-all <Certificate Record Name> <file name of certificate placed in /opt directory>

Tip: to get the exact file name, you can run the command “show directory /opt” prior to running the import
certificate command. The certificate must be in PEM format.

Save and activate the configuration.

5.1.3.2 Paste Import

The second option is to paste the certificate into the Oracle SBC’s configuration.

First, open the DigiCert Global Root G2 certificate in the text editor of your choice.

Copy the entire contents of the certificate, then run the following command in the SBC’s ACLI:

Import-certificate try-all <certificate record name>

23 | P a g e
 NN3950-101# import-certificate try-all DigiCertGlobalRootG2

IMPORTANT:
Please enter the certificate in the PEM format.
Terminate the certificate with ";" to exit.......

-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----

Certificate imported successfully....

WARNING: Configuration changed, run "save-config" command.

NN3950-101#

(As noted in the above example, you must terminate the certificate with a semi-colon “;”)

Save and activate your configuration.

Next, we’ll add the new “Digicert Global Root G2” certificate to the TLS Profile trusted CA certificate list.

5.2 TLS Profile

TLS profile configuration on the SBC allows for specific certificates to be assigned. In this step, add the new
certificate record under trusted CA certificates in the TLS profile you are using to secure the connection
between the SBC and Microsoft Teams.

ACLI Path: config t→security→tls-profile

24 | P a g e
At this point, the Baltimore Root CA certificate is not being replaced. Just add the new certificate under Trusted
CA certificate in the TLS profile. Since there is more than one trusted certificate being added to the trust list of
this TLS profile, when running the command, the text must be surrounded by double quotes with a space in
between each name as shown above.

Do not remove the Baltimore Root CA certificate from the TLS profile or your configuration until Microsoft
confirms it is no longer in production use. This will cause a service disruption.

25 | P a g e
Type quit at the prompt to exit config mode, and

Save and activate the configuration.

This concludes the steps needed to add a new trusted CA certificate to the Oracle SBC’s trust store. Next, we’ll
walk through how to add the Microsoft Teams test endpoint to the configuration.

5.3 Adding Microsoft Teams Test Endpoint

Microsoft has created a test endpoint with a certificate issued from the new Root CA certificate. This enables
customers to test connectivity using the new certificates prior to going into production. The hostname of this
agent /endpoint is:

sip.mspki.pstnhub.microsoft.com

Please note, you cannot send production traffic to this session agent/endpoint. Its main function is to validate
the TLS handshake between the SBC and Direct Routing Interface using the new certificates. This
agent/endpoint will only reply to SIP Options messages generated by the Oracle SBC once the TCP/TLS
handshake is successful.

ACLI Path: config t→session-router→session-agent

Use the table below to configure the session agent:

SBC Configuration Parameter Value

Hostname sip.mspki.pstnhub.microsoft.com

Port 5061
Transport Method StaticTLS
Realm ID Teams (Name of your Teams realm)
Ping Method OPTIONS
Ping Interval 30

26 | P a g e
Type quit at the prompt to exit config mode, and

Save and activate the configuration.

5.4 Verify Connectivity

Now that we have configured and imported Microsoft’s new root CA certificate, added it to the trust list of the
TLS profile, and configured a new session agent for testing, we can now verify the new session agent is in
service and receiving responses to SIP OPIONS messages.

The quickest way is to verify the session agent just configured is in service:

At the prompt, run the command

Show sipd agents

27 | P a g e
Just below the hostname of the test agent, sip.mspki.pstnhub.microsoft.com, you should see the letter I,
indicating the agent is in service. The session agent can only be in service if the TCP/TLS connection to
Microsoft Teams is successful, and the SBC has received a response to SIP OPTIONS.

5.5 Removing Test Agent

Once you have verified the connection to Teams using the new certificates is successful, the Microsoft test
endpoint/agent can be removed from the SBC’s configuration.

ACLI Path: config t→session-router→session-agent

To remove the agent from your configuration, we’ll use the “No” command at the prompt, and enter the
corresponding number to the agent we want to remove:

Type quit at the prompt and save and activate your configuration.

Next, we’ll go through the steps of removing the Baltimore Root CA certificate from the config.

28 | P a g e
5.6 Removing Baltimore Root CA Certificate

Do not perform the steps outlined in this section until Microsoft confirms the Baltimore Root CA certificate is no
longer in production use. Prematurely removing the Baltimore Root CA certificate will cause a service disruption

Once you have verified the Baltimore Root CA certificate is no longer required to secure the connection
between the Oracle SBC and Microsoft Teams Direct Routing Interface, you can remove it from your SBC’s
configuration.

5.6.1 Remove from TLS Profile

The first step in removing the Baltimore Root CA cert from your configuration is to remove it from the TLS
Profile.

Like the step above regarding adding a new certificate to the TLS Profile, we’ll be removing it.

ACLI Path: config t→security→tls-profile

Select the tls profile you are using for Microsoft Teams. Simply, do not add the Baltimore Root CA certificate to
the new trusted ca list in the tls profile to remove it. Please see the example below:

29 | P a g e
Type quit at the prompt and save and activate your configuration.

Next, we’ll delete the certificate from the SBC’s configuration.

5.6.2 Deleting Certificate Record

Now that we’ve removed the Baltimore Root CA certificate from the TLS profile, we can delete it from the
configuration.

Only perform this step if you have verified this certificate is not being used in any other TLS profiles to secure
connections with your Oracle SBC.

ACLI Path: config t→security→certificate-record

To delete a certificate record, we’ll use the “No” command under certificate records and then select the
corresponding number to the Baltimore Root Cert record to remove it from the configuration.

Next, type quit, then save and activate the configuration.

This concludes the steps necessary to replace the current Balimore CyberTrust Root CA certificate with the
DigiCert Global Root G2 certificate in the Oracle SBC.

If you have any questions regarding this change, please contact your Oracle Account Team members for
assistance.

30 | P a g e
6 Verify Teams Session Agents

Once this procedure is complete, and the DigiCert Global Root G2 certificate is in use, you can quickly verify
connectivity with Microsoft Teams session agents by running the command

“show sipd agents”

Via the Oracle SBC ACLI

All agents should show the letter “I” when in service:

Oracle Corporation, World Headquarters Worldwide Inquiries

500 Oracle Parkway Phone: +1.650.506.7000
Redwood Shores, CA 94065, USA Fax: +1.650.506.7200

CONNE CT WI TH US

blogs.oracle.com/oracle
Copyright © 2021, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject
to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied
facebook.com/oracle in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this
document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any
twitter.com/oracle form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
oracle.com
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or
registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of
Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0615

31 | P a g e