使用 PowerShell 创建连接监视器Create a Connection Monitor using PowerShell

了解如何使用 PowerShell 创建连接监视器以监视资源之间的通信。Learn how to create Connection Monitor to monitor communication between your resources using PowerShell.

开始之前Before you begin

在通过连接监视器创建的连接监视器中,可以将本地计算机和 Azure VM 添加为源。In connection monitors that you create in Connection Monitor, you can add both on-premises machines and Azure VMs as sources. 这些连接监视器还可以监视与终结点的连接。These connection monitors can also monitor connectivity to endpoints. 终结点可以位于 Azure 上,也可以位于任何其他 URL 或 IP 上。The endpoints can be on Azure or any other URL or IP.

连接监视器包含以下实体:Connection Monitor includes the following entities:

  • 连接监视器资源 - 特定于区域的 Azure 资源。Connection monitor resource - A region-specific Azure resource. 以下所有实体都是连接监视器资源的属性。All of the following entities are properties of a connection monitor resource.

  • 终结点 - 参与连接检查的源或目标。Endpoint - A source or destination that participates in connectivity checks. 终结点的示例包括 Azure VM、本地代理、URL 和 IP。Examples of endpoints include Azure VMs, on-premises agents, URLs, and IPs.

  • 测试配置 - 针对测试的特定于协议的配置。Test configuration - A protocol-specific configuration for a test. 根据选定协议,可以定义端口、阈值、测试频率和其他参数。Based on the protocol you chose, you can define the port, thresholds, test frequency, and other parameters.

  • 测试组 -包含源终结点、目标终结点和测试配置的组。Test group - The group that contains source endpoints, destination endpoints, and test configurations. 连接监视器可包含多个测试组。A connection monitor can contain more than one test group.

  • 测试 - 将源终结点、目标终结点和测试配置组合在一起。Test - The combination of a source endpoint, destination endpoint, and test configuration. 测试是可用于监视数据的最精细级别。A test is the most granular level at which monitoring data is available. 监视数据包括检查失败的百分比和往返时间 (RTT)。The monitoring data includes the percentage of checks that failed and the round-trip time (RTT).

    显示连接监视器的示意图,其中定义了测试组和测试之间的关系

使用 PowerShell 进行创建的步骤Steps to create with PowerShell

使用以下命令通过 PowerShell 创建连接监视器。Use the following commands to create a connection monitor by using PowerShell.


//Connect to your Azure account with the subscription
Connect-AzAccount -Environment AzureChinaCloud
Select-AzSubscription -SubscriptionId <your-subscription>
//Select region
$nw = "NetworkWatcher_chinaeast2"
//Declare endpoints like Azure VM below. You can also give VNET,Subnet,Log Analytics workspace
$sourcevmid1 = New-AzNetworkWatcherConnectionMonitorEndpointObject -Name MyAzureVm -ResourceID /subscriptions/<your-subscription>/resourceGroups/<your resourceGroup>/providers/Microsoft.Compute/virtualMachines/<vm-name>
//Declare endpoints like URL, IPs
$bingEndpoint = New-AzNetworkWatcherConnectionMonitorEndpointObject -name Bing -Address www.bing.com # Destination URL
//Create test configuration.Choose Protocol and parametersSample configs below.

$IcmpProtocolConfiguration = New-AzNetworkWatcherConnectionMonitorProtocolConfigurationObject -IcmpProtocol
$TcpProtocolConfiguration = New-AzNetworkWatcherConnectionMonitorProtocolConfigurationObject -TcpProtocol -Port 80
$httpProtocolConfiguration = New-AzNetworkWatcherConnectionMonitorProtocolConfigurationObject -HttpProtocol -Port 443 -Method GET -RequestHeader @{Allow = "GET"} -ValidStatusCodeRange 2xx, 300-308 -PreferHTTPS
$httpTestConfiguration = New-AzNetworkWatcherConnectionMonitorTestConfigurationObject -Name http-tc -TestFrequencySec 60 -ProtocolConfiguration $httpProtocolConfiguration -SuccessThresholdChecksFailedPercent 20 -SuccessThresholdRoundTripTimeMs 30
$icmpTestConfiguration = New-AzNetworkWatcherConnectionMonitorTestConfigurationObject -Name icmp-tc -TestFrequencySec 30 -ProtocolConfiguration $icmpProtocolConfiguration -SuccessThresholdChecksFailedPercent 5 -SuccessThresholdRoundTripTimeMs 500
$tcpTestConfiguration = New-AzNetworkWatcherConnectionMonitorTestConfigurationObject -Name tcp-tc -TestFrequencySec 60 -ProtocolConfiguration $TcpProtocolConfiguration -SuccessThresholdChecksFailedPercent 20 -SuccessThresholdRoundTripTimeMs 30
//Create Test Group
$testGroup1 = New-AzNetworkWatcherConnectionMonitorTestGroupObject -Name testGroup1 -TestConfiguration $httpTestConfiguration, $tcpTestConfiguration, $icmpTestConfiguration -Source $sourcevmid1 -Destination $bingEndpoint,
$testname = "cmtest9"
//Create Connection Monitor
New-AzNetworkWatcherConnectionMonitor -NetworkWatcherName $nw -ResourceGroupName NetworkWatcherRG -Name $testname -TestGroup $testGroup1

属性说明Description of properties

  • connectionMonitorName - 连接监视器资源的名称connectionMonitorName - Name of the Connection monitor resource

  • SUB - 将在其中创建连接监视器的订阅的订阅 IDSUB - Subscription ID of the subscription where you want to create connection monitor

  • NW - 将在其中创建 CM 的网络观察程序资源 IDNW - Network Watcher resource ID in which CM will be created

  • location - 将在其中创建连接监视器的区域location - Region in which connection monitor will be created

  • 终结点Endpoints

    • name - 每个终结点的唯一名称name - Unique name for each endpoint
    • resourceId - 对于 Azure 终结点,资源 ID 是指虚拟机的 Azure 资源管理器资源 ID。对于非 Azure 终结点,资源 ID 是指链接到非 Azure 代理的 Log Analytics 工作区的 Azure 资源管理器资源 ID。resourceId - For Azure endpoints, resource ID refers to the Azure Resource Manager resource ID for virtual machines.For non-Azure endpoints, resource ID refers to the Azure resource manager's resource ID for the Log Analytics workspace linked to non-Azure agents.
    • address - 仅当未指定资源 ID 或资源 ID 为 Log Analytics 工作区时适用。address - Applicable only when either resource ID is not specified or if resource ID is Log Analytics workspace. 如果与 Log Analytics 资源 ID 一起使用,则是指可用于监视的代理的 FQDN。If used with Log Analytics resource ID, this refers to the FQDN of the agent that can be used for monitoring. 如果在没有资源 ID 的情况下使用,则可以是任何公共终结点的 URL 或 IP。If used without resource ID, this can be the URL or IP of any public endpoint.
    • filter - 对于非 Azure 终结点,使用筛选器从 Log Analytics 工作区中选择代理,该代理将用于在连接监视资源中进行监视。filter - For non-Azure endpoints, use filter to select agents from Log Analytics workspace that will be used for monitoring in Connection monitor resource. 如果未设置筛选器,则属于 Log Analytics 工作区的所有代理均可用于监视If filters are not set, all agents belonging to the Log Analytics workspace can be used for monitoring
      • type - 将类型设置为“代理地址”type - Set type as "Agent Address"
      • address - 将地址设置为本地代理的 FQDNaddress - Set address as the FQDN of your on-premises agent
  • 测试组Test Groups

    • name - 命名测试组。name - Name your test group.
    • testConfigurations - 根据哪些源终结点连接到目标终结点来测试配置testConfigurations - Test Configurations based on which source endpoints connect to destination endpoints
    • sources - 从上面创建的终结点中进行选择。sources - Choose from endpoints created above. 基于 Azure 的源终结点需要安装 Azure 网络观察程序扩展,基于非 Azure 的源终结点需要安装 Azure Log Analytics 代理。Azure based source endpoints need to have Azure Network Watcher extension installed and nonAzure based source endpoints need to haveAzure Log Analytics agent installed. 若要为源安装代理,请参阅安装监视代理To install an agent for your source, see Install monitoring agents.
    • destinations - 从上面创建的终结点中进行选择。destinations - Choose from endpoints created above. 可以通过将 Azure VM 或任何终结点(公共 IP、URL 或 FQDN)指定为目标,从而监视其连接。You can monitor connectivity to Azure VMs or any endpoint (a public IP, URL, or FQDN) by specifying them as destinations. 单个测试组中可以添加 Azure VM、Office 365 URL、Dynamics 365 URL 和自定义终结点。In a single test group, you can add Azure VMs, Office 365 URLs, Dynamics 365 URLs, and custom endpoints.
    • disable - 选择此字段为测试组指定的所有源和目标禁用监视。disable - Use this field to disable monitoring for all sources and destinations that the test group specifies.
  • 测试配置Test Configurations

    • name - 测试配置的名称。name - Name of the test configuration.
    • testFrequencySec - 指定源对指定协议和端口上的目标执行 ping 操作的频率。testFrequencySec - Specify how frequently sources will ping destinations on the protocol and port that you specified. 可以选择 30 秒、1 分钟、5 分钟、15 分钟或 30 分钟。You can choose 30 seconds, 1 minute, 5 minutes, 15 minutes, or 30 minutes. 源将根据所选的值来测试与目标的连接。Sources will test connectivity to destinations based on the value that you choose. 例如,如果选择 30 秒,则源将在 30 秒的时间段内至少检查一次与目标的连接。For example, if you select 30 seconds, sources will check connectivity to the destination at least once in a 30-second period.
    • protocol - 可以选择 TCP、ICMP、HTTP 或 HTTPS。protocol - You can choose TCP, ICMP, HTTP or HTTPS. 根据协议,可以执行一些特定于协议的配置Depending on the protocol, you can do some protocol specific configs
      • preferHTTPS - 指定是否通过 HTTP 使用 HTTPSpreferHTTPS - Specify whether to use HTTPS over HTTP
      • port - 指定所选的目标端口。port - Specify the destination port of your choice.
      • disableTraceRoute - 适用于其协议为 TCP 或 ICMP 的测试组。disableTraceRoute - This applies to test groups whose protocol is TCP or ICMP. 它将阻止源发现拓扑和逐跳 RTT。It stop sources from discovering topology and hop-by-hop RTT.
    • successThreshold - 可以在以下网络参数上设置阈值:successThreshold - You can set thresholds on the following network parameters:
      • checksFailedPercent - 设置在源使用指定条件检查到目标的连接时可能检查失败的百分比。checksFailedPercent - Set the percentage of checks that can fail when sources check connectivity to destinations by using the criteria that you specified. 对于 TCP 或 ICMP 协议,检查失败的百分比可能会与数据包丢失的百分比相同。For TCP or ICMP protocol, the percentage of failed checks can be equated to the percentage of packet loss. 对于 HTTP 协议,此字段表示未接收到响应的 HTTP 请求的百分比。For HTTP protocol, this field represents the percentage of HTTP requests that received no response.
      • roundTripTimeMs - 设置 RTT(以毫秒为单位),用于确定源按测试配置连接到目标所需的时间。roundTripTimeMs - Set the RTT in milliseconds for how long sources can take to connect to the destination over the test configuration.

规模限制Scale limits

连接监视器具有以下规模限制:Connection monitors have the following scale limits:

  • 每个区域每个订阅的最大连接监视器数:100Maximum connection monitors per subscription per region: 100
  • 每个连接监视器的最大测试组:20 个Maximum test groups per connection monitor: 20
  • 每个连接监视器的最大源和目标:100Maximum sources and destinations per connection monitor: 100
  • 每个连接监视器的最大测试组:20Maximum test configurations per connection monitor: 20

后续步骤Next steps