Azure 中的虚拟网络和虚拟机Virtual networks and virtual machines in Azure

创建 Azure 虚拟机 (VM) 时,必须创建虚拟网络 (VNet) 或使用现有的 VNet。When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. 此外,还需要确定如何在 VNet 上访问 VM。You also need to decide how your VMs are intended to be accessed on the VNet. 在创建资源之前必须做好规划,确保了解网络资源的限制It is important to plan before creating resources and make sure that you understand the limits of networking resources.

在下图中,VM 显示为 Web 服务器和数据库服务器。In the following figure, VMs are represented as web servers and database servers. 每组 VM 已分配到 VNet 中的独立子网。Each set of VMs are assigned to separate subnets in the VNet.

Azure 虚拟网络

可以在创建 VM 之前创建 VNet,也可以在创建 VM 时创建 VNet。You can create a VNet before you create a VM or you can as you create a VM. 需要创建以下资源来支持与 VM 通信:You create these resources to support communication with a VM:

  • 网络接口Network interfaces
  • IP 地址IP addresses
  • 虚拟网络和子网Virtual network and subnets

除了上述基本资源外,还应考虑创建以下可选资源:In addition to those basic resources, you should also consider these optional resources:

  • 网络安全组Network security groups
  • 负载均衡器Load balancers

网络接口Network interfaces

网络接口 (NIC) 是 VM 与虚拟网络 (VNet) 之间互相连接的桥梁。A network interface (NIC) is the interconnection between a VM and a virtual network (VNet). VM 必须至少有一个 NIC,但可以根据所创建 VM 的大小包含多个 NIC。A VM must have at least one NIC, but can have more than one, depending on the size of the VM you create. 了解 WindowsLinux 的每个 VM 大小支持的 NIC 数。Learn about how many NICs each VM size supports for Windows or Linux.

可以创建具有多个 NIC 的 VM,并可在 VM 的整个生命周期中添加或删除 NIC。You can create a VM with multiple NICs, and add or remove NICs through the lifecycle of a VM. 多个 NIC 允许 VM 连接到不同子网,并可通过最适当的接口发送或接收流量。Multiple NICs allow a VM to connect to different subnets and send or receive traffic over the most appropriate interface. 同一个可用性集中可以存在具有任意数目网络接口的 VM,只要 VM 大小支持该数目。VMs with any number of network interfaces can exist in the same availability set, up to the number supported by the VM size.

附加到 VM 的每个 NIC 必须在与 VM 相同的位置和订阅中。Each NIC attached to a VM must exist in the same location and subscription as the VM. 每个 NIC 必须连接到与 NIC 位于相同 Azure 位置和订阅中的 VNet。Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. 创建 VM 之后,可以更改它连接到的子网,但无法更改 VNet。You can change the subnet a VM is connected to after it's created, but you cannot change the VNet. 附加到 VM 的每个 NIC 将分配有一个 MAC 地址,在删除 VM 之前,该地址不会变化。Each NIC attached to a VM is assigned a MAC address that doesn't change until the VM is deleted.

下表列出了可用于创建网络接口的方法。This table lists the methods that you can use to create a network interface.

方法Method 说明Description
Azure 门户Azure portal 在 Azure 门户中创建 VM 时,系统会自动创建网络接口(无法使用单独创建的 NIC)。When you create a VM in the Azure portal, a network interface is automatically created for you (you cannot use a NIC you create separately). 门户会创建只包含一个 NIC 的 VM。The portal creates a VM with only one NIC. 如果想要创建包含多个 NIC 的 VM,必须使用其他方法创建 VM。If you want to create a VM with more than one NIC, you must create it with a different method.
Azure PowerShellAzure PowerShell New-AzNetworkInterface-PublicIpAddressId 参数配合使用,以提供事先创建的公共 IP 地址的标识符。Use New-AzNetworkInterface with the -PublicIpAddressId parameter to provide the identifier of the public IP address that you previously created.
Azure CLIAzure CLI 若要提供事先创建的公共 IP 地址标识符,请结合 --public-ip-address 参数使用 az network nic createTo provide the identifier of the public IP address that you previously created, use az network nic create with the --public-ip-address parameter.
模板Template 参考 Network Interface in a Virtual Network with Public IP Address (虚拟网络中使用公共 IP 地址的网络接口),使用模板部署网络接口。Use Network Interface in a Virtual Network with Public IP Address as a guide for deploying a network interface using a template.

IP 地址IP addresses

可将以下类型的 IP 地址分配到 Azure 中的 NIC:You can assign these types of IP addresses to a NIC in Azure:

  • 公共 IP 地址:用来与 Internet 以及未连接到 VNet 的其他 Azure 资源进行入站和出站通信(不提供网络地址转换 (NAT))。Public IP addresses - Used to communicate inbound and outbound (without network address translation (NAT)) with the Internet and other Azure resources not connected to a VNet. 向 NIC 分配公共 IP 地址是可选操作。Assigning a public IP address to a NIC is optional. 公共 IP 地址会产生少许费用,并且每个订阅可使用的最大公共 IP 地址数目有限制。Public IP addresses have a nominal charge, and there's a maximum number that can be used per subscription.
  • 专用 IP 地址:用于在 VNet、本地网络和 Internet 中通信(提供 NAT)。Private IP addresses - Used for communication within a VNet, your on-premises network, and the Internet (with NAT). 必须至少将一个专用 IP 地址分配给 VM。You must assign at least one private IP address to a VM. 若要详细了解 Azure 中的 NAT,请阅读了解 Azure 中的出站连接To learn more about NAT in Azure, read Understanding outbound connections in Azure.

可将公共 IP 地址分配到 VM 或面向 Internet 的负载均衡器。You can assign public IP addresses to VMs or internet-facing load balancers. 可将专用 IP 地址分配到 VM 和内部负载均衡器。You can assign private IP addresses to VMs and internal load balancers. 可以使用网络接口将 IP 地址分配给 VM。You assign IP addresses to a VM using a network interface.

将 IP 地址分配给资源有两种方法:动态或静态。There are two methods in which an IP address is allocated to a resource - dynamic or static. 默认分配方法为动态,即,IP 地址不是在创建它时分配的,The default allocation method is dynamic, where an IP address is not allocated when it's created. 而是在创建 VM 或启动已停止的 VM 时分配的。Instead, the IP address is allocated when you create a VM or start a stopped VM. 停止或删除该 VM 时,会释放该 IP 地址。The IP address is released when you stop or delete the VM.

要确保 VM 的 IP 地址保持不变,可将分配方法显式设置为静态。To ensure the IP address for the VM remains the same, you can set the allocation method explicitly to static. 在这种情况下,IP 地址是即时分配的。In this case, an IP address is assigned immediately. 只有在删除该 VM 或将其分配方法更改为动态时,才会释放该地址。It is released only when you delete the VM or change its allocation method to dynamic.

下表列出了可用于创建 IP 地址的方法。This table lists the methods that you can use to create an IP address.

方法Method 说明Description
Azure 门户Azure portal 默认情况下,公共 IP 地址是动态的,在停止或删除 VM 时,与这些公共 IP 地址关联的地址可能会更改。By default, public IP addresses are dynamic and the address associated to them may change when the VM is stopped or deleted. 为确保 VM 始终使用同一个公共 IP 地址,需创建静态公共 IP 地址。To guarantee that the VM always uses the same public IP address, create a static public IP address. 默认情况下,门户会在创建 VM 时向 NIC 分配一个动态专用 IP 地址。By default, the portal assigns a dynamic private IP address to a NIC when creating a VM. 创建 VM 后,可将此 IP 地址更改为静态地址。You can change this IP address to static after the VM is created.
Azure PowerShellAzure PowerShell New-AzPublicIpAddress 与值为 Dynamic 或 Static 的 -AllocationMethod 参数配合使用。You use New-AzPublicIpAddress with the -AllocationMethod parameter as Dynamic or Static.
Azure CLIAzure CLI 结合值为 Dynamic 或 Static 的 --allocation-method 参数使用 az network public-ip createYou use az network public-ip create with the --allocation-method parameter as Dynamic or Static.
模板Template 参考 Network Interface in a Virtual Network with Public IP Address (虚拟网络中使用公共 IP 地址的网络接口),使用模板部署公共 IP 地址。Use Network Interface in a Virtual Network with Public IP Address as a guide for deploying a public IP address using a template.

创建公共 IP 地址后,可将它分配到 NIC,从而将它与 VM 相关联。After you create a public IP address, you can associate it with a VM by assigning it to a NIC.

虚拟网络和子网Virtual network and subnets

子网是 VNet 中的一系列 IP 地址。A subnet is a range of IP addresses in the VNet. 可将一个 VNet 划分为多个子网,以便于组织和提高安全性。You can divide a VNet into multiple subnets for organization and security. VM 中的每个 NIC 连接到一个 VNet 中的一个子网。Each NIC in a VM is connected to one subnet in one VNet. 连接到 VNet 中的子网(不管是相同的子网还是不同的子网)的 NIC 可以互相通信,不需任何额外的配置。NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

设置 VNet 时,需指定拓扑,包括可用的地址空间和子网。When you set up a VNet, you specify the topology, including the available address spaces and subnets. 如果 VNet 要连接到其他 VNet 或本地网络,则必须选择不重叠的地址范围。If the VNet is to be connected to other VNets or on-premises networks, you must select address ranges that don't overlap. 这些 IP 地址是专用的,无法从 Internet 访问,这种限制在过去只适用于不可路由的 IP 地址,例如 10.0.0.0/8、172.16.0.0/12 或 192.168.0.0/16。The IP addresses are private and can't be accessed from the Internet, which was true only for the non-routable IP addresses such as 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. 现在,Azure 将所有地址范围都视为只能在 VNet 内部、互连 VNet 内部以及从本地位置访问的专用 VNet IP 地址空间的一部分。Now, Azure treats any address range as part of the private VNet IP address space that is only reachable within the VNet, within interconnected VNets, and from your on-premises location.

如果内部网络由组织中的其他某人负责,在选择地址空间之前,应咨询该负责人。If you work within an organization in which someone else is responsible for the internal networks, you should talk to that person before selecting your address space. 确保 IP 地址范围不重叠。请告诉他们你要使用的空间,以免他们尝试使用相同的 IP 地址范围。Make sure there is no overlap and let them know the space you want to use so they don't try to use the same range of IP addresses.

默认情况下,子网之间没有安全边界,因此,每个子网中的 VM 可以相互通信。By default, there is no security boundary between subnets, so VMs in each of these subnets can talk to one another. 但是,可以设置网络安全组 (NSG) 来控制流入或流出子网以及 VM 的流量。However, you can set up Network Security Groups (NSGs), which allow you to control the traffic flow to and from subnets and to and from VMs.

下表列出了可用于创建 VNet 和子网的方法。This table lists the methods that you can use to create a VNet and subnets.

方法Method 说明Description
Azure 门户Azure portal 如果要在创建 VM 时让 Azure 创建 VNet,VNet 的名称是包含 VNet 的资源组名称和 -vnet的组合。If you let Azure create a VNet when you create a VM, the name is a combination of the resource group name that contains the VNet and -vnet. 地址空间为 10.0.0.0/24,所需的子网名称为 default,子网地址范围为 10.0.0.0/24。The address space is 10.0.0.0/24, the required subnet name is default, and the subnet address range is 10.0.0.0/24.
Azure PowerShellAzure PowerShell 可以使用 New-AzVirtualNetworkSubnetConfigNew-AzVirtualNetwork 来创建子网和 VNet。You use New-AzVirtualNetworkSubnetConfig and New-AzVirtualNetwork to create a subnet and a VNet. 还可以使用 Add-AzVirtualNetworkSubnetConfig 向现有 VNet 中添加子网。You can also use Add-AzVirtualNetworkSubnetConfig to add a subnet to an existing VNet.
Azure CLIAzure CLI 子网和 VNet 是同时创建的。The subnet and the VNet are created at the same time. az network vnet create 后面提供 --subnet-name 参数并指定子网名称。Provide a --subnet-name parameter to az network vnet create with the subnet name.
模板Template 创建 VNet 和子网的最简单方法是下载一个现有的模板(例如包含两个子网的虚拟网络),并根据需要对它进行修改。The easiest way to create a VNet and subnets is to download an existing template, such as Virtual Network with two subnets, and modify it for your needs.

网络安全组Network security groups

网络安全组 (NSG) 包含一系列访问控制列表 (ACL) 规则,这些规则可以允许或拒绝流向子网和/或 NIC 的网络流量。A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets, NICs, or both. NSG 可与子网或者已连接到子网的各个 NIC 相关联。NSGs can be associated with either subnets or individual NICs connected to a subnet. 当 NSG 与某个子网相关联时,ACL 规则应用到该子网中的所有 VM。When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. 另外,可以通过将 NSG 直接关联到 NIC,对流向单个 NIC 的流量进行限制。In addition, traffic to an individual NIC can be restricted by associating an NSG directly to a NIC.

NSG 包含两种类型的规则:入站规则和出站规则。NSGs contain two sets of rules: inbound and outbound. 在每组中,规则的优先级必须保持唯一。The priority for a rule must be unique within each set. 每个规则包含以下属性:协议、源和目标端口范围、地址前缀、流量方向、优先级和访问类型。Each rule has properties of protocol, source and destination port ranges, address prefixes, direction of traffic, priority, and access type.

所有 NSG 都包含一组默认规则。All NSGs contain a set of default rules. 默认规则无法删除,但由于给它们分配的优先级最低,可以用创建的规则来重写它们。The default rules cannot be deleted, but because they are assigned the lowest priority, they can be overridden by the rules that you create.

将 NSG 关联到 NIC 时,NSG 中的网络访问规则只会应用到该 NIC。When you associate an NSG to a NIC, the network access rules in the NSG are applied only to that NIC. 如果 NSG 已应用到包含多个 NIC 的 VM 中的单个 NIC,则它不会影响流向其他 NIC 的流量。If an NSG is applied to a single NIC on a multi-NIC VM, it does not affect traffic to the other NICs. 可将不同的 NSG 关联到 NIC(或 VM,具体取决于部署模型)以及 NIC 或 VM 绑定到的子网。You can associate different NSGs to a NIC (or VM, depending on the deployment model) and the subnet that a NIC or VM is bound to. 优先级是根据流量方向指定的。Priority is given based on the direction of traffic.

规划 VM 和 VNet 时,请务必规划 NSG。Be sure to plan your NSGs when you plan your VMs and VNet.

下表列出了可用于创建网络安全组的方法。This table lists the methods that you can use to create a network security group.

方法Method 说明Description
Azure 门户Azure portal 在 Azure 门户中创建 VM 时,会自动创建 NSG 并将其关联到门户创建的 NIC。When you create a VM in the Azure portal, an NSG is automatically created and associated to the NIC the portal creates. NSG 的名称是 VM 名称和 -nsg的组合。The name of the NSG is a combination of the name of the VM and -nsg. 此 NSG 包含一个入站规则,该规则的优先级为 1000,服务设置为 RDP,协议设置为 TCP,端口设置为 3389,操作设置为“允许”。This NSG contains one inbound rule with a priority of 1000, service set to RDP, the protocol set to TCP, port set to 3389, and action set to Allow. 如果想要允许其他任何入站流量流向 VM,必须向 NSG 添加更多规则。If you want to allow any other inbound traffic to the VM, you must add additional rules to the NSG.
Azure PowerShellAzure PowerShell 使用 New-AzNetworkSecurityRuleConfig 并提供所需的规则信息。Use New-AzNetworkSecurityRuleConfig and provide the required rule information. 使用 New-AzNetworkSecurityGroup 创建 NSG。Use New-AzNetworkSecurityGroup to create the NSG. 使用 Set-AzVirtualNetworkSubnetConfig 为子网配置 NSG。Use Set-AzVirtualNetworkSubnetConfig to configure the NSG for the subnet. 使用 Set-AzVirtualNetwork 向 VNet 中添加 NSG。Use Set-AzVirtualNetwork to add the NSG to the VNet.
Azure CLIAzure CLI 首先使用 az network nsg create 创建 NSG。Use az network nsg create to initially create the NSG. 使用 az network nsg rule create 向 NSG 添加规则。Use az network nsg rule create to add rules to the NSG. 使用 az network vnet subnet update 将 NSG 添加到子网。Use az network vnet subnet update to add the NSG to the subnet.
模板Template 参考 创建网络安全组 ,使用模板部署网络安全组。Use Create a Network Security Group as a guide for deploying a network security group using a template.

负载均衡器Load balancers

Azure 负载均衡器可提高应用程序的可用性和网络性能。Azure Load Balancer delivers high availability and network performance to your applications. 可以配置负载均衡器,对传入 VM 的 Internet 流量进行均衡,或者对 VNet 中 VM 之间的流量进行均衡A load balancer can be configured to balance incoming Internet traffic to VMs or balance traffic between VMs in a VNet. 负载均衡器还可以均衡跨界网络中本地计算机与 VM 之间的流量,或者将外部流量转发到特定的 VM。A load balancer can also balance traffic between on-premises computers and VMs in a cross-premises network, or forward external traffic to a specific VM.

负载均衡器可以映射负载均衡器中公共 IP 地址与端口之间的,以及 VM 中专用 IP 地址与端口之间的传入和传出流量。The load balancer maps incoming and outgoing traffic between the public IP address and port on the load balancer and the private IP address and port of the VM.

创建负载均衡器时,还必须考虑以下配置要素:When you create a load balancer, you must also consider these configuration elements:

  • 前端 IP 配置 - 单个负载均衡器可包含一个或多个前端 IP 地址。Front-end IP configuration - A load balancer can include one or more front-end IP addresses. 这些 IP 地址充当流量的入口。These IP addresses serve as ingress for the traffic.
  • 后端地址池 – 与负载分配到的 NIC 关联的 IP 地址。Back-end address pool - IP addresses that are associated with the NIC to which load is distributed.
  • 端口转发 - 使用入站 NAT 规则定义入站流量如何在流经前端 IP 后分发到后端 IP。Port Forwarding - Defines how inbound traffic flows through the front-end IP and distributed to the back-end IP utilizing inbound NAT rules.
  • 负载均衡器规则 – 将给定的前端 IP 和端口组合映射到一组后端 IP 地址和端口组合。Load balancer rules - Maps a given front-end IP and port combination to a set of back-end IP addresses and port combination. 单个负载均衡器可拥有多个负载均衡规则。A single load balancer can have multiple load balancing rules. 每个规则都包含前端 IP 和端口,以及与 VM 关联的后端 IP 和端口。Each rule is a combination of a front-end IP and port and back-end IP and port associated with VMs.
  • 探测器 :监视 VM 的运行状况。Probes - Monitors the health of VMs. 当探测无法响应时,负载均衡器会停止向状况不良的 VM 发送新连接。When a probe fails to respond, the load balancer stops sending new connections to the unhealthy VM. 现有连接不受影响,新连接将发送到状况良好的 VM。The existing connections are not affected, and new connections are sent to healthy VMs.
  • 出站规则 - 出站规则为要转换为前端的标准负载均衡器的后端池标识的所有虚拟机或实例配置出站网络地址转换 (NAT)。Outbound rules - An outbound rule configures outbound Network Address Translation (NAT) for all virtual machines or instances identified by the backend pool of your Standard Load Balancer to be translated to the frontend.

下表列出了可用于创建面向 Internet 的负载均衡器的方法。This table lists the methods that you can use to create an internet-facing load balancer.

方法Method 说明Description
Azure 门户Azure portal 可以通过 Azure 门户对从 Internet 到 VM 的流量进行负载均衡You can load balance internet traffic to VMs using the Azure portal.
Azure PowerShellAzure PowerShell 若要提供事先创建的公共 IP 地址标识符,请将 New-AzLoadBalancerFrontendIpConfig-PublicIpAddress 参数配合使用。To provide the identifier of the public IP address that you previously created, use New-AzLoadBalancerFrontendIpConfig with the -PublicIpAddress parameter. 使用 New-AzLoadBalancerBackendAddressPoolConfig 创建后端地址池的配置。Use New-AzLoadBalancerBackendAddressPoolConfig to create the configuration of the back-end address pool. 使用 New-AzLoadBalancerInboundNatRuleConfig 创建与你创建的前端 IP 配置关联的入站 NAT 规则。Use New-AzLoadBalancerInboundNatRuleConfig to create inbound NAT rules associated with the front-end IP configuration that you created. 使用 New-AzLoadBalancerProbeConfig 创建所需的探测。Use New-AzLoadBalancerProbeConfig to create the probes that you need. 使用 New-AzLoadBalancerRuleConfig 创建负载均衡器配置。Use New-AzLoadBalancerRuleConfig to create the load balancer configuration. 使用 New-AzLoadBalancer 创建负载均衡器。Use New-AzLoadBalancer to create the load balancer.
Azure CLIAzure CLI 使用 az network lb create 创建初始负载均衡器配置。Use az network lb create to create the initial load balancer configuration. 使用 az network lb frontend-ip create 添加事先创建的公共 IP 地址。Use az network lb frontend-ip create to add the public IP address that you previously created. 使用 az network lb address-pool create 添加后端地址池的配置。Use az network lb address-pool create to add the configuration of the back-end address pool. 使用 az network lb inbound-nat-rule create 添加 NAT 规则。Use az network lb inbound-nat-rule create to add NAT rules. 使用 az network lb rule create 添加负载均衡器规则。Use az network lb rule create to add the load balancer rules. 使用 az network lb probe create 添加探测。Use az network lb probe create to add the probes.

下表列出了可用于创建内部负载均衡器的方法。This table lists the methods that you can use to create an internal load balancer.

方法Method 说明Description
Azure 门户Azure portal 可以在 Azure 门户中通过负载均衡器对内部流量负载进行均衡You can balance internal traffic load with a load balancer in the Azure portal.
Azure PowerShellAzure PowerShell 若要提供网络子网中的专用 IP 地址,请将 New-AzLoadBalancerFrontendIpConfig-PrivateIpAddress 参数配合使用。To provide a private IP address in the network subnet, use New-AzLoadBalancerFrontendIpConfig with the -PrivateIpAddress parameter. 使用 New-AzLoadBalancerBackendAddressPoolConfig 创建后端地址池的配置。Use New-AzLoadBalancerBackendAddressPoolConfig to create the configuration of the back-end address pool. 使用 New-AzLoadBalancerInboundNatRuleConfig 创建与你创建的前端 IP 配置关联的入站 NAT 规则。Use New-AzLoadBalancerInboundNatRuleConfig to create inbound NAT rules associated with the front-end IP configuration that you created. 使用 New-AzLoadBalancerProbeConfig 创建所需的探测。Use New-AzLoadBalancerProbeConfig to create the probes that you need. 使用 New-AzLoadBalancerRuleConfig 创建负载均衡器配置。Use New-AzLoadBalancerRuleConfig to create the load balancer configuration. 使用 New-AzLoadBalancer 创建负载均衡器。Use New-AzLoadBalancer to create the load balancer.
Azure CLIAzure CLI 使用 az network lb create 命令创建初始负载均衡器配置。Use the az network lb create command to create the initial load balancer configuration. 若要定义专用 IP 地址,请结合 --private-ip-address 参数使用 az network lb frontend-ip createTo define the private IP address, use az network lb frontend-ip create with the --private-ip-address parameter. 使用 az network lb address-pool create 添加后端地址池的配置。Use az network lb address-pool create to add the configuration of the back-end address pool. 使用 az network lb inbound-nat-rule create 添加 NAT 规则。Use az network lb inbound-nat-rule create to add NAT rules. 使用 az network lb rule create 添加负载均衡器规则。Use az network lb rule create to add the load balancer rules. 使用 az network lb probe create 添加探测。Use az network lb probe create to add the probes.
模板Template 参考 负载均衡器中的 2 个 VM,在 LB 上配置 NAT 规则 ,使用模板部署负载均衡器。Use 2 VMs in a Load Balancer and configure NAT rules on the LB as a guide for deploying a load balancer using a template.

虚拟机规模集Virtual machine scale sets

有关负载均衡器和虚拟机规模集的详细信息,请参阅 Azure 虚拟机规模集的网络For more information on load balancer and virtual machine scale sets, see Networking for Azure virtual machine scale sets.

VMVMs

可在同一 VNet 中创建 VM,VM 可以使用专用 IP 地址相互连接。VMs can be created in the same VNet and they can connect to each other using private IP addresses. 即使 VM 位于不同的子网中,它们也可以相互连接,无需配置网关或使用公共 IP 地址。They can connect even if they are in different subnets without the need to configure a gateway or use public IP addresses. 要将 VM 放入某个 VNet,请创建该 VNet,然后在每个 VM 时,将其分配到该 VNet 和子网。To put VMs into a VNet, you create the VNet and then as you create each VM, you assign it to the VNet and subnet. 在部署或启动期间,VM 会获取其网络设置。VMs acquire their network settings during deployment or startup.

部署 VM 时,系统为 VM 分配一个 IP 地址。VMs are assigned an IP address when they are deployed. 如果将多个 VM 部署到 VNet 或子网,则 VM 启动时,系统为其分配 IP 地址。If you deploy multiple VMs into a VNet or subnet, they are assigned IP addresses as they boot up. 还可以为 VM 分配静态 IP。You can also allocate a static IP to a VM. 如果分配静态 IP,应考虑使用特定子网,以避免意外地重复使用另一个 VM 的静态 IP。If you allocate a static IP, you should consider using a specific subnet to avoid accidentally reusing a static IP for another VM.

如果创建了一个 VM,事后又想要将它迁移到 VNet,做出这种配置更改并不是一个简单的过程。If you create a VM and later want to migrate it into a VNet, it is not a simple configuration change. 在这种情况下,必须将 VM 重新部署到 VNet。You must redeploy the VM into the VNet. 最简单的重新部署方法是删除该 VM(但不要删除其上附加的任何磁盘),并在 VNet 中使用原始磁盘重新创建 VM。The easiest way to redeploy is to delete the VM, but not any disks attached to it, and then re-create the VM using the original disks in the VNet.

下表列出了可用于在 VNet 中创建 VM 的方法。This table lists the methods that you can use to create a VM in a VNet.

方法Method 说明Description
Azure 门户Azure portal 使用前面所述的默认网络设置创建包含单个 NIC 的 VM。Uses the default network settings that were previously mentioned to create a VM with a single NIC. 若要创建包含多个 NIC 的 VM,必须使用其他方法。To create a VM with multiple NICs, you must use a different method.
Azure PowerShellAzure PowerShell 使用 Add-AzVMNetworkInterface 将事先创建的 NIC 添加到 VM 配置中。Includes the use of Add-AzVMNetworkInterface to add the NIC that you previously created to the VM configuration.
Azure CLIAzure CLI 创建 VM 并将其连接到以单个步骤生成的 Vnet、子网和 NIC。Create and connect a VM to a Vnet, subnet, and NIC that build as individual steps.
模板Template 参考 Very simple deployment of a Windows VM (非常简单的 Windows VM 部署),使用模板部署 VM。Use Very simple deployment of a Windows VM as a guide for deploying a VM using a template.

后续步骤Next steps

有关如何为 VM 管理 Azure 虚拟网络的 VM 特定步骤,请参阅 WindowsLinux 教程。For VM-specific steps on how to manage Azure virtual networks for VMs, see the Windows or Linux tutorials.

还有关于如何对 VM 进行负载均衡以及如何创建适用于 WindowsLinux 的高度可用应用程序的教程。There are also tutorials on how to load balance VMs and create highly available applications for Windows or Linux.