使用门户创建 Azure Bastion 主机Create an Azure Bastion host using the portal

本文介绍如何使用 Azure 门户创建 Azure Bastion 主机。This article shows you how to create an Azure Bastion host using the Azure portal. 在虚拟网络中预配 Azure Bastion 服务后,即可在该虚拟网络中的所有 VM 上获得无缝的 RDP/SSH 体验。Once you provision the Azure Bastion service in your virtual network, the seamless RDP/SSH experience is available to all of the VMs in the same virtual network. Azure Bastion 部署是按虚拟网络进行的,而不是按订阅/帐户或虚拟机进行的。Azure Bastion deployment is per virtual network, not per subscription/account or virtual machine.

可通过手动指定所有设置,或使用与现有 VM 相对应的设置在门户中创建新的 Bastion 主机资源。You can create a new bastion host resource in the portal either by specifying all of the settings manually, or by using the settings that correspond to an existing VM. 若要使用 VM 设置创建 Bastion 主机,请参阅快速入门一文。To create a bastion host by using VM settings, see the quickstart article. 或者,可使用 Azure PowerShell 来创建 Azure Bastion 主机。Optionally, you can use Azure PowerShell to create an Azure Bastion host.

准备阶段Before you begin

可在下面的 Azure 中国区域中使用 Bastion:Bastion is available in the following Azure China regions:

备注

我们正在努力添加其他区域。We are working hard to add additional regions. 添加区域时,我们会将其添加到此列表中。When a region is added, we will add it to this list.

Azure 中国云Azure China Cloud

  • 中国东部 2China East 2
  • 中国北部 2China North 2

创建 Bastion 主机Create a bastion host

本部分帮助你通过 Azure 门户创建新的 Azure Bastion 资源。This section helps you create a new Azure Bastion resource from the Azure portal.

  1. Azure 门户菜单或“主页”页上,选择“创建资源” 。On the Azure portal menu or from the Home page, select Create a resource.

  2. 在“新建”页面上的“搜索市场”字段中,键入“Bastion”,然后单击 Enter 转到搜索结果 。On the New page, in the Search the Marketplace field, type Bastion, then click Enter to get to the search results.

  3. 从结果中单击“Bastion”。From the results, click Bastion. 确保发行商为“Microsoft”,类别为“网络”。 Make sure the publisher is Microsoft and the category is Networking.

  4. 在“Bastion”页面上单击“创建”,打开“创建 Bastion”页面 。On the Bastion page, click Create to open the Create a bastion page.

  5. 在“创建 Bastion”页面上,配置新的 Bastion 资源。On the Create a bastion page, configure a new Bastion resource. 指定 Bastion 资源的配置设置。Specify the configuration settings for your Bastion resource.

    创建 Bastion

    • 订阅:你需要用于新建 Bastion 资源的 Azure 订阅。Subscription: The Azure subscription you want to use to create a new Bastion resource.

    • 资源组:将在其中新建 Bastion 资源的 Azure 资源组。Resource Group: The Azure resource group in which the new Bastion resource will be created in. 如果目前没有资源组,可新建一个。If you don't have an existing resource group, you can create a new one.

    • 名称:新 Bastion 资源的名称Name: The name of the new Bastion resource

    • 区域:将在其中创建资源的 Azure 公共区域。Region: The Azure public region that the resource will be created in.

    • 虚拟网络:将在其中创建 Bastion 资源的虚拟网络。Virtual network: The virtual network in which the Bastion resource will be created in. 你可在此过程中通过门户创建新的虚拟网络,也可使用现有虚拟网络。You can create a new virtual network in the portal during this process, or use an existing virtual network. 如果是后者,请确保现有虚拟网络有足够多的空闲地址空间来满足 Bastion 子网的要求。If you are using an existing virtual network, make sure the existing virtual network has enough free address space to accommodate the Bastion subnet requirements.

    • 子网:虚拟网络中的子网,新的 Bastion 主机将部署到该子网中。Subnet: The subnet in your virtual network where the new Bastion host will be deployed. 该子网将专用于 Bastion 主机,且必须命名为 AzureBastionSubnet。The subnet will be dedicated to the Bastion host and must be named as AzureBastionSubnet. 该子网必须至少为 /27。This subnet must be at least /27 or larger.

      AzureBastionSubnet 不支持用户定义的路由,但支持网络安全组AzureBastionSubnet doesn't support User Defined Routes, but does support Network Security Groups.

    • 公共 IP 地址:Bastion 资源的公共 IP,将在该 IP 上通过端口 443 访问 RDP/SSH。Public IP address: The public IP of the Bastion resource on which RDP/SSH will be accessed (over port 443). 新建公共 IP,或使用现有公共 IP。Create a new public IP, or use an existing one. 公共 IP 地址必须与要创建的 Bastion 资源位于同一区域。The public IP address must be in the same region as the Bastion resource you are creating.

    • 公共 IP 地址名称:公共 IP 地址资源的名称。Public IP address name: The name of the public IP address resource.

    • 公共 IP 地址 SKU:默认情况下,该设置预填充为“标准”。Public IP address SKU: This setting is prepopulated by default to Standard. Azure Bastion 仅使用/支持标准公共 IP SKU。Azure Bastion uses/supports only the Standard Public IP SKU.

    • 分配:默认情况下,该设置预填充为“静态”。Assignment: This setting is prepopulated by default to Static.

  6. 指定设置后,单击“查看 + 创建”。When you have finished specifying the settings, click Review + Create. 这会验证值。This validates the values. 验证通过后,可开始创建过程。Once validation passes, you can begin the creation process.

  7. 在“创建 Bastion”页面上,单击“创建” 。On the Create a bastion page, click Create.

  8. 你将看到一条消息,其中指出你的部署正在进行中。You will see a message letting you know that your deployment is underway. 创建资源后,此页面上将显示状态。Status will display on this page as the resources are created. 创建和部署 Bastion 资源大约需要 5 分钟的时间。It takes about 5 minutes for the Bastion resource to be created and deployed.

后续步骤Next steps