使用 Azure 网络适配器将服务器连接到 Azure 虚拟网络Use Azure Network Adapter to connect a server to an Azure Virtual Network

适用于:Windows Server 2019、Windows Server 2016、Windows Server 2012 R2Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

在本地和多云环境中运行的许多工作负载都需要连接到在 Azure 中运行的虚拟机 (VM)。A lot of workloads running on-premises and in multi-cloud environments require connections to virtual machines (VMs) running in Azure. 若要将服务器连接到 Azure 虚拟网络,可以使用多个选项,包括站点到站点 VPN、Azure Express Route 和点到站点 VPN。To connect a server to an Azure Virtual Network, you have several options, including Site-to-Site VPN, Azure Express Route, and Point-to-Site VPN.

Windows Admin Center 和 Azure 网络适配器提供一键式体验,以使用点到站点 VPN 连接将服务器连接到虚拟网络。Windows Admin Center and Azure Network Adapter provide a one-click experience to connect the server with your virtual network using a Point-to-Site VPN connection. 此过程会自动配置虚拟网络网关和本地 VPN 客户端。The process automates configuring the virtual network gateway and the on-premises VPN client.

何时使用 Azure 网络适配器When to use Azure Network Adapter

如果要从远程位置(例如,分支机构、商店或其他位置)连接到虚拟网络,Azure 网络适配器点到站点 VPN 连接会很有用。Azure Network Adapter Point-to-Site VPN connections are useful when you want to connect to your virtual network from a remote location, such as a branch office, store, or other location. 如果只需要将少量服务器连接到虚拟网络,则还可以使用 Azure 网络适配器而不是站点到站点 VPN。You can also use Azure Network Adapter instead of a Site-to-Site VPN when you require only a few servers to connect to a virtual network. Azure 网络适配器连接不需要 VPN 设备或面向公众的 IP 地址。Azure Network Adapter connections don't require a VPN device or a public-facing IP address.

要求Requirements

使用 Azure 网络适配器连接到虚拟网络需要满足以下条件:Using Azure Network Adapter to connect to a virtual network requires the following:

  • 具有至少一个有效订阅的 Azure 帐户。An Azure account with at least one active subscription.
  • 现有虚拟网络。An existing virtual network.
  • 对要连接到 Azure 虚拟网络的目标服务器的 Internet 访问权限。Internet access for the target servers that you want to connect to the Azure virtual network.
  • Windows Admin Center 到 Azure 的连接。A Windows Admin Center connection to Azure. 若要了解详细信息,请参阅配置 Azure 集成To learn more, see Configuring Azure integration.
  • 最新版本的 Windows Admin Center。The latest version of Windows Admin Center. 若要了解详细信息,请参阅 Windows Admin CenterTo learn more, see Windows Admin Center.

备注

无需在要连接到 Azure 的服务器上安装 Windows Admin Center。It's not required to install Windows Admin Center on the server that you want to connect to Azure. 但可以在单个服务器方案中执行该操作。However, you can do that in a single server scenario.

向服务器添加 Azure 网络适配器Add an Azure Network Adapter to a server

若要配置 Azure 网络适配器,请在 Windows Admin Center 中转到其网络扩展。To configure Azure Network Adapter, go to the Network extension for it in Windows Admin Center.

在 Windows Admin Center 中,请执行以下操作:In Windows Admin Center:

  1. 导航到承载要添加到 Azure 网络适配器的 VM 的服务器。Navigate to the server hosting the VMs that you want to add to Azure Network Adapter.

  2. 在“工具”下,选择“网络”。Under Tools, select Networks.

  3. 选择“添加 Azure 网络适配器”。Select Add Azure Network Adapter.

  4. 在“添加 Azure 网络适配器”窗格上,输入以下所需信息,然后选择“创建” :On the Add Azure Network Adapter pane, enter the following required information, and then select Create:

    • 订阅Subscription

    • 位置Location

    • 虚拟网络Virtual Network

    • 网关子网(如果不存在)Gateway Subnet (if doesn't exist)

    • 网关 SKU(如果不存在)Gateway SKU (if doesn't exist)

    • 客户端地址空间Client Address Space

      客户端地址池是指定的专用 IP 地址的范围。The client address pool is a range of private IP addresses that you specify. 通过点到站点 VPN 进行连接的客户端动态接收此范围内的 IP 地址。The clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range. 使用专用 IP 地址范围时,该范围不得与要由其进行连接的本地位置重叠,也不得与要连接到的虚拟网络重叠。Use a private IP address range that does not overlap with the on-premises location that you connect from, or the virtual network that you want to connect to. 建议使用为专用网络指定的范围内的 IP 地址(10.x.x.x、192.168.x.x 或 172.16.0.0 到 172.31.255.255)。We recommend using IP addresses that are in the ranges designated for private networks (10.x.x.x, 192.168.x.x, or 172.16.0.0 to 172.31.255.255).

    • 身份验证证书Authentication Certificate

      Azure 使用证书对通过点到站点 VPN 连接连接到虚拟网络的客户端进行身份验证。Azure uses certificates to authenticate clients connecting to a virtual network over a Point-to-Site VPN connection. 将根证书的公钥信息上传到 Azure,The public key information of the root certificate is uploaded to Azure. 然后,Azure 就会将该根证书视为与虚拟网络的点到站点 VPN 连接需要使用的“受信任的”证书。The root certificate is then considered "trusted" by Azure for a Point-to-Site connection to the virtual network. 客户端证书必须从受信任的根证书生成,并安装在客户端服务器上。Client certificates must be generated from the trusted root certificate and installed on the client server. 当客户端发起与虚拟网络的连接时,需使用客户端证书对客户端进行身份验证。The client certificate is used to authenticate the client when it initiates a connection to the virtual network.

      若要了解详细信息,请参阅使用本机 Azure 证书身份验证配置与 VNet 的点到站点 VPN 连接:Azure 门户的“配置身份验证类型”部分。To learn more, see the "Configure authentication type" section of Configure a Point-to-Site VPN connection to a VNet using native Azure certificate authentication: Azure portal.

    Windows Admin Center 中的“添加 Azure 网络适配器”窗格。

备注

在虚拟网络中运行的 VPN 网关和应用程序网关等网络设备附带额外的费用。Network appliances, such as VPN Gateway and Application Gateway that run inside a virtual network, come with additional cost. 若要了解详细信息,请参阅虚拟网络定价To learn more, see Virtual Network pricing.

如果没有现有的 Azure 虚拟网络网关,则 Windows Admin Center 会为你创建一个。If there is no existing Azure Virtual Network gateway, Windows Admin Center creates one for you. 此设置过程最多可能需要 25 分钟。The setup process can take up to 25 minutes. 创建 Azure 网络适配器后,可以开始直接从服务器访问虚拟网络中的 VM。After the Azure Network Adapter is created, you can start to access VMs in the virtual network directly from your server.

如果不再需要连接,请在“网络”下选择要断开连接的 Azure 网络适配器,从顶部菜单中选择“断开连接”,然后在“断开 VPN 连接确认”弹出窗口中选择“是” 。If you don't need the connectivity anymore, under Networks, select the Azure Network Adapter that you want to disconnect, from the top menu, select Disconnect, and then on the Disconnect VPN Confirmation pop-up window, select Yes.

后续步骤Next steps

有关 Azure 虚拟网络的详细信息,另请参阅:For more information about Azure Virtual Network, see also: