使用 Azure 专用链接的 Azure Cache for Redis(公共预览版)Azure Cache for Redis with Azure Private Link (Public Preview)

在本文中,你将了解如何通过 Azure 门户创建虚拟网络、Azure Cache for Redis 实例和专用终结点。In this article, you'll learn how to create a virtual network and an Azure Cache for Redis instance with a private endpoint using the Azure portal. 你还将学习如何向现有的 Azure Cache for Redis 实例添加专用终结点。You'll also learn how to add a private endpoint to an existing Azure Cache for Redis instance.

Azure 专用终结点是一个网络接口,可以通过私密且安全的方式将你连接到 Azure 专用链接支持的 Azure Cache for Redis。Azure Private Endpoint is a network interface that connects you privately and securely to Azure Cache for Redis powered by Azure Private Link.

先决条件Prerequisites

重要

若要使用专用终结点,需要在 2020 年 7 月 28 日之后创建 Azure Cache for Redis 实例。To use private endpoints, your Azure Cache for Redis instance needs to have been created after July 28th, 2020. 目前,不支持异地复制、防火墙规则、门户控制台支持、每个群集缓存多个终结点、防火墙的持久性连接和 VNet 注入的缓存。Currently, geo-replication, firewall rules, portal console support, multiple endpoints per clustered cache, persistence to firewall and VNet injected caches is not supported.

创建专用终结点和新的 Azure Cache for Redis 实例Create a private endpoint with a new Azure Cache for Redis instance

本部分将创建新的 Azure Cache for Redis 实例和专用终结点。In this section, you'll create a new Azure Cache for Redis instance with a private endpoint.

创建虚拟网络Create a virtual network

  1. 登录到 Azure 门户,然后选择“创建资源”。Sign in to the Azure portal and select Create a resource.

    选择“创建资源”。

  2. 在“新建”页面上,选择“网络”,然后选择“虚拟网络” 。On the New page, select Networking and then select Virtual network.

  3. 选择“添加”,创建虚拟网络。Select Add to create a virtual network.

  4. 在“创建虚拟网络” 的“基本信息”选项卡中输入或选择以下信息 :In Create virtual network, enter or select this information in the Basics tab:

    设置Setting 建议的值Suggested value 说明Description
    订阅Subscription 单击下拉箭头并选择你的订阅。Drop down and select your subscription. 要在其下创建此虚拟网络的订阅。The subscription under which to create this virtual network.
    资源组Resource group 单击下拉箭头并选择一个资源组,或者选择“新建”并输入新的资源组名称。Drop down and select a resource group, or select Create new and enter a new resource group name. 要在其中创建虚拟网络和其他资源的资源组的名称。Name for the resource group in which to create your virtual network and other resources. 将所有应用资源放入一个资源组可以轻松地统一管理或删除这些资源。By putting all your app resources in one resource group, you can easily manage or delete them together.
    NameName 输入虚拟网络名称。Enter a virtual network name. 名称必须以字母或数字开头,以字母、数字或下划线结尾,并且只能包含字母、数字、下划线、句点或连字符。The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
    区域Region 下拉并选择一个区域。Drop down and select a region. 选择将使用虚拟网络的其他服务附近的区域Select a region near other services that will use your virtual network.
  5. 选择“IP 地址”选项卡,或单击页面底部的“下一页: IP 地址”按钮。Select the IP Addresses tab or click the Next: IP Addresses button at the bottom of the page.

  6. 在“IP 地址”选项卡中,将“IPv4 地址空间”指定为 CIDR 表示法中的一个或多个地址前缀(例如 192.168.1.0/24) 。In the IP Addresses tab, specify the IPv4 address space as one or more address prefixes in CIDR notation (e.g. 192.168.1.0/24).

  7. 在“子网名称”下,单击“默认”以编辑子网的属性 。Under Subnet name, click on default to edit the subnet's properties.

  8. 在“编辑子网”窗格中,指定“子网名称”以及“子网地址范围” 。In the Edit subnet pane, specify a Subnet name as well as the Subnet address range. 应以 CIDR 表示法表示子网的地址范围(例如 192.168.1.0/24)。The subnet's address range should be in CIDR notation (e.g. 192.168.1.0/24). 它必须包含在虚拟网络的地址空间中。It must be contained by the address space of the virtual network.

  9. 选择“保存”。Select Save.

  10. 选择“查看 + 创建”选项卡,或单击“查看 + 创建”按钮 。Select the Review + create tab or click the Review + create button.

  11. 验证所有信息是否正确,然后单击“创建”以配置虚拟网络。Verify that all the information is correct and click Create to provision the virtual network.

创建 Azure Cache for Redis 实例和专用终结点Create an Azure Cache for Redis instance with a private endpoint

若要创建缓存实例,请执行以下步骤。To create a cache instance, follow these steps.

  1. 返回到 Azure 门户主页或打开边栏菜单,然后选择“创建资源”。Go back to the Azure portal homepage or open the sidebar menu, then select Create a resource.

  2. 在“新建”页上选择“数据库”,然后选择“Azure Cache for Redis”。On the New page, select Databases and then select Azure Cache for Redis.

    选择 Azure Cache for Redis。

  3. 在“新建 Redis 缓存”页上配置新缓存的设置。On the New Redis Cache page, configure the settings for your new cache.

    设置Setting 建议的值Suggested value 说明Description
    DNS 名称DNS name 输入任何全局唯一的名称。Enter a globally unique name. 缓存名称必须是包含 1 到 63 个字符的字符串,只能包含数字、字母或连字符。The cache name must be a string between 1 and 63 characters that contains only numbers, letters, or hyphens. 该名称必须以数字或字母开头和结尾,且不能包含连续的连字符。The name must start and end with a number or letter, and can't contain consecutive hyphens. 缓存实例的主机名将是 <DNS name>.redis.cache.chinacloudapi.cnYour cache instance's host name will be <DNS name>.redis.cache.chinacloudapi.cn.
    订阅Subscription 单击下拉箭头并选择你的订阅。Drop down and select your subscription. 要在其下创建此新的 Azure Cache for Redis 实例的订阅。The subscription under which to create this new Azure Cache for Redis instance.
    资源组Resource group 单击下拉箭头并选择一个资源组,或者选择“新建”并输入新的资源组名称。Drop down and select a resource group, or select Create new and enter a new resource group name. 要在其中创建缓存和其他资源的资源组的名称。Name for the resource group in which to create your cache and other resources. 将所有应用资源放入一个资源组可以轻松地统一管理或删除这些资源。By putting all your app resources in one resource group, you can easily manage or delete them together.
    位置Location 单击下拉箭头并选择一个位置。Drop down and select a location. 选择与要使用该缓存的其他服务靠近的区域Select a region near other services that will use your cache.
    定价层Pricing tier 单击下拉箭头并选择一个定价层Drop down and select a Pricing tier. 定价层决定可用于缓存的大小、性能和功能。The pricing tier determines the size, performance, and features that are available for the cache. 有关详细信息,请参阅用于 Redis 的 Azure 缓存概述For more information, see Azure Cache for Redis Overview.
  4. 选择“网络”选项卡,或单击页面底部的“网络”按钮 。Select the Networking tab or click the Networking button at the bottom of the page.

  5. 在“网络”选项卡中,选择“专用终结点”作为连接方法 。In the Networking tab, select Private Endpoint for the connectivity method.

  6. 单击“添加”按钮,创建专用终结点。Click the Add button to create your private endpoint.

    在网络中,添加一个专用终结点。

  7. 在“创建专用终结点”页面上,使用上一部分中创建的虚拟网络和子网配置专用终结点的设置,然后选择“确定” 。On the Create a private endpoint page, configure the settings for your private endpoint with the virtual network and subnet you created in the last section and select OK.

  8. 选择页面底部的“下一步:高级”选项卡,或者单击页面底部的“下一步:高级”按钮。Select the Next: Advanced tab or click the Next: Advanced button on the bottom of the page.

  9. 在基本或标准缓存实例的“高级”选项卡中,如果想要启用非 TLS 端口,请选择启用开关。In the Advanced tab for a basic or standard cache instance, select the enable toggle if you want to enable a non-TLS port.

  10. 在高级缓存实例的“高级”选项卡中,配置非 TLS 端口、群集和数据持久性的设置。In the Advanced tab for premium cache instance, configure the settings for non-TLS port, clustering, and data persistence.

  11. 选择页面底部的“下一步:标记”选项卡,或者单击“下一步:标记”按钮。Select the Next: Tags tab or click the Next: Tags button at the bottom of the page.

  12. 或者,在“标记”选项卡中,如果希望对资源分类,请输入名称或值。Optionally, in the Tags tab, enter the name and value if you wish to categorize the resource.

  13. 选择“查看 + 创建” 。Select Review + create. 随后你会转到“查看 + 创建”选项卡,Azure 将在此处验证配置。You're taken to the Review + create tab where Azure validates your configuration.

  14. 显示绿色的“已通过验证”消息后,选择“创建”。After the green Validation passed message appears, select Create.

创建缓存需要花费片刻时间。It takes a while for the cache to create. 可以在 Azure Cache for Redis 的“概述”页上监视进度。 You can monitor progress on the Azure Cache for Redis Overview page. 如果“状态”显示为“正在运行”,则表示该缓存可供使用。 When Status shows as Running, the cache is ready to use.

重要

有一个 publicNetworkAccess 标志,默认情况下为 EnabledThere is a publicNetworkAccess flag which is Enabled by default. 如果缓存设置为 Enabled,此标志旨在允许你选择性地同时允许公共和专用终结点访问缓存。This flag is meant to allow you to optionally allow both public and private endpoint access to the cache if it is set to Enabled. 如果设置为 Disabled,它将只允许专用终结点访问。If set to Disabled, it will only allow private endpoint access. 你可以使用以下 PATCH 请求将值设置为 DisabledYou can set the value to Disabled with the following PATCH request.

PATCH  https://management.chinacloudapi.cn/subscriptions/{subscription}/resourceGroups/{resourcegroup}/providers/Microsoft.Cache/Redis/{cache}?api-version=2020-06-01
{    "properties": {
       "publicNetworkAccess":"Disabled"
   }
}

重要

若要连接到群集缓存,需要将 publicNetworkAccess 设置为 Disabled 并且只能有一个专用终结点连接。To connect to a clustered cache, publicNetworkAccess needs to be set to Disabled and there can only be one private endpoint connection.

在现有 Azure Cache for Redis 实例中创建专用终结点Create a private endpoint with an existing Azure Cache for Redis instance

本部分将介绍如何向现有的 Azure Cache for Redis 实例添加专用终结点。In this section, you'll add a private endpoint to an existing Azure Cache for Redis instance.

创建虚拟网络Create a virtual network

若要创建虚拟网络,请执行以下步骤。To create a virtual network, follow these steps.

  1. 登录到 Azure 门户,然后选择“创建资源”。Sign in to the Azure portal and select Create a resource.

  2. 在“新建”页面上,选择“网络”,然后选择“虚拟网络” 。On the New page, select Networking and then select Virtual network.

  3. 选择“添加”,创建虚拟网络。Select Add to create a virtual network.

  4. 在“创建虚拟网络” 的“基本信息”选项卡中输入或选择以下信息 :In Create virtual network, enter or select this information in the Basics tab:

    设置Setting 建议的值Suggested value 说明Description
    订阅Subscription 单击下拉箭头并选择你的订阅。Drop down and select your subscription. 要在其下创建此虚拟网络的订阅。The subscription under which to create this virtual network.
    资源组Resource group 单击下拉箭头并选择一个资源组,或者选择“新建”并输入新的资源组名称。Drop down and select a resource group, or select Create new and enter a new resource group name. 要在其中创建虚拟网络和其他资源的资源组的名称。Name for the resource group in which to create your virtual network and other resources. 将所有应用资源放入一个资源组可以轻松地统一管理或删除这些资源。By putting all your app resources in one resource group, you can easily manage or delete them together.
    NameName 输入虚拟网络名称。Enter a virtual network name. 名称必须以字母或数字开头,以字母、数字或下划线结尾,并且只能包含字母、数字、下划线、句点或连字符。The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
    区域Region 下拉并选择一个区域。Drop down and select a region. 选择将使用虚拟网络的其他服务附近的区域Select a region near other services that will use your virtual network.
  5. 选择“IP 地址”选项卡,或单击页面底部的“下一页: IP 地址”按钮。Select the IP Addresses tab or click the Next: IP Addresses button at the bottom of the page.

  6. 在“IP 地址”选项卡中,将“IPv4 地址空间”指定为 CIDR 表示法中的一个或多个地址前缀(例如 192.168.1.0/24) 。In the IP Addresses tab, specify the IPv4 address space as one or more address prefixes in CIDR notation (e.g. 192.168.1.0/24).

  7. 在“子网名称”下,单击“默认”以编辑子网的属性 。Under Subnet name, click on default to edit the subnet's properties.

  8. 在“编辑子网”窗格中,指定“子网名称”以及“子网地址范围” 。In the Edit subnet pane, specify a Subnet name as well as the Subnet address range. 应以 CIDR 表示法表示子网的地址范围(例如 192.168.1.0/24)。The subnet's address range should be in CIDR notation (e.g. 192.168.1.0/24). 它必须包含在虚拟网络的地址空间中。It must be contained by the address space of the virtual network.

  9. 选择“保存”。Select Save.

  10. 选择“查看 + 创建”选项卡,或单击“查看 + 创建”按钮 。Select the Review + create tab or click the Review + create button.

  11. 验证所有信息是否正确,然后单击“创建”以配置虚拟网络。Verify that all the information is correct and click Create to provision the virtual network.

创建专用终结点Create a private endpoint

若要创建专用终结点,请执行以下步骤。To create a private endpoint, follow these steps.

  1. 在 Azure 门户中,搜索“Azure Cache for Redis”并按 Enter 或从搜索建议中选择它。In the Azure portal, search for Azure Cache for Redis and press enter or select it from the search suggestions.

    搜索 Azure Cache for Redis。

  2. 选择要向其中添加专用终结点的缓存实例。Select the cache instance you want to add a private endpoint to.

  3. 在屏幕左侧选择“(预览版)专用终结点”。On the left side of the screen, select (PREVIEW) Private Endpoint.

  4. 单击“专用终结点”按钮,创建专用终结点。Click the Private Endpoint button to create your private endpoint.

    添加专用终结点

  5. 在“创建专用终结点”页面上,配置专用终结点的设置。On the Create a private endpoint page, configure the settings for your private endpoint.

    设置Setting 建议的值Suggested value 说明Description
    订阅Subscription 单击下拉箭头并选择你的订阅。Drop down and select your subscription. 要在其下创建此专用终结点的订阅。The subscription under which to create this private endpoint.
    资源组Resource group 单击下拉箭头并选择一个资源组,或者选择“新建”并输入新的资源组名称。Drop down and select a resource group, or select Create new and enter a new resource group name. 要在其中创建专用终结点和其他资源的资源组的名称。Name for the resource group in which to create your private endpoint and other resources. 将所有应用资源放入一个资源组可以轻松地统一管理或删除这些资源。By putting all your app resources in one resource group, you can easily manage or delete them together.
    NameName 输入专用终结点名称。Enter a private endpoint name. 名称必须以字母或数字开头,以字母、数字或下划线结尾,并且只能包含字母、数字、下划线、句点或连字符。The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
    区域Region 下拉并选择一个区域。Drop down and select a region. 选择将使用该专用终结点的其他服务附近的区域Select a region near other services that will use your private endpoint.
  6. 单击“下一步:资源”按钮。Click the Next: Resource button at the bottom of the page.

  7. 在“资源”选项卡中,选择你的订阅,选择资源类型为 Microsoft.Cache/Redis,然后选择要将专用终结点连接到的缓存。In the Resource tab, select your subscription, choose the resource type as Microsoft.Cache/Redis, and then select the cache you want to connect the private endpoint to.

  8. 单击“下一步:配置”按钮,该按钮位于页面底部Click the Next: Configuration button at the bottom of the page.

  9. 在“配置”选项卡中,选择你在上一部分中创建的虚拟网络和子网。In the Configuration tab, select the virtual network and subnet you created in the previous section.

  10. 单击“下一步:标记”按钮。Click the Next: Tags button at the bottom of the page.

  11. 或者,在“标记”选项卡中,如果希望对资源分类,请输入名称或值。Optionally, in the Tags tab, enter the name and value if you wish to categorize the resource.

  12. 选择“查看 + 创建” 。Select Review + create. 随后你会转到“查看 + 创建”选项卡,Azure 将在此处验证配置。You're taken to the Review + create tab where Azure validates your configuration.

  13. 显示绿色的“已通过验证”消息后,选择“创建” 。After the green Validation passed message appears, select Create.

常见问题解答FAQ

为什么无法连接到专用终结点?Why can't I connect to a private endpoint?

如果缓存已是 VNet 注入缓存,则专用终结点不能与缓存实例一起使用。If your cache is already a VNet injected cache, private endpoints cannot be used with your cache instance. 如果缓存实例使用的是不受支持的功能(如下所列),则无法连接到专用终结点实例。If your cache instance is using an unsupported feature (listed below), you won't be able to connect to your private endpoint instance. 此外,需要在 7 月 27 日之后创建缓存实例才能使用专用终结点。In addition, cache instances need to be created after July 27th to use private endpoints.

专用终结点不支持哪些功能?What features are not supported with private endpoints?

异地复制、防火墙规则、门户控制台支持、每个群集缓存多个终结点、防火墙规则的持久性和区域冗余。Geo-replication, firewall rules, portal console support, multiple endpoints per clustered cache, persistence to firewall rules and zone redundancy.

如何将专用终结点更改为禁止公用网络访问?How can I change my private endpoint to be disabled from public network access?

有一个 publicNetworkAccess 标志,默认情况下为 EnabledThere is a publicNetworkAccess flag which is Enabled by default. 如果缓存设置为 Enabled,此标志旨在允许你选择性地同时允许公共和专用终结点访问缓存。This flag is meant to allow you to optionally allow both public and private endpoint access to the cache if it is set to Enabled. 如果设置为 Disabled,它将只允许专用终结点访问。If set to Disabled, it will only allow private endpoint access. 你可以使用以下 PATCH 请求将值设置为 DisabledYou can set the value to Disabled with the following PATCH request.

PATCH  https://management.chinacloudapi.cn/subscriptions/{subscription}/resourceGroups/{resourcegroup}/providers/Microsoft.Cache/Redis/{cache}?api-version=2020-06-01
{    "properties": {
       "publicNetworkAccess":"Disabled"
   }
}

是否对专用终结点启用了网络安全组 (NSG)?Are network security groups (NSG) enabled for private endpoints?

否,已对专用终结点禁用了 NSG。No, they are disabled for private endpoints. 但是,如果子网上还有其他资源,则 NSG 强制将应用于这些资源。However, if there are other resources on the subnet, NSG enforcement will apply to those resources.

如何连接到群集缓存?How can I connect to a clustered cache?

需要将 publicNetworkAccess 设置为 Disabled,并且只能有一个专用终结点连接。publicNetworkAccess needs to be set to Disabled and there can only be one private endpoint connection.

由于我的专用终结点实例不在我的 VNet 中,它如何与我的 VNet 关联?Since my private endpoint instance is not in my VNet, how is it associated with my VNet?

它将仅链接到 VNet。It is only linked to your VNet. 由于它不在 VNet 中,因此不需要为依赖终结点修改 NSG 规则。Since it is not in your VNet, NSG rules do not need to be modified for dependent endpoints.

如何将 VNet 注入缓存迁移到专用终结点缓存?How can I migrate my VNet injected cache to a private endpoint cache?

需要删除 VNet 注入缓存,并使用专用终结点创建新的缓存实例。You will need to delete your VNet injected cache and create a new cache instance with a private endpoint.

后续步骤Next steps