快速入门:使用 PowerShell 创建虚拟网络Quickstart: Create a virtual network using PowerShell

虚拟网络能让 Azure 资源(例如虚拟机 (VM))彼此之间以及与 Internet 进行私下通信。A virtual network lets Azure resources, like virtual machines (VMs), communicate privately with each other, and with the internet.

本快速入门介绍如何创建虚拟网络。In this quickstart, you learn how to create a virtual network. 创建虚拟网络后,将两个 VM 部署到该虚拟网络中。After creating a virtual network, you deploy two VMs into the virtual network. 然后可以从 Internet 连接到 VM,并通过虚拟网络进行私下通信。You then connect to the VMs from the internet, and communicate privately over the virtual network.

先决条件Prerequisites

如果选择在本地安装并使用 PowerShell,则本文需要 Azure PowerShell 模块 5.4.1 或更高版本。If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. 运行 Get-Module -ListAvailable Az 查找已安装的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 以创建与 Azure 的连接。If you're running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

创建资源组和虚拟网络Create a resource group and a virtual network

要配置资源组和虚拟网络,必须完成几个步骤。There are a handful of steps you have to walk through to get your resource group and virtual network configured.

创建资源组Create the resource group

在创建虚拟网络之前,必须创建一个资源组用于托管该虚拟网络。Before you can create a virtual network, you have to create a resource group to host the virtual network. 使用 New-AzResourceGroup 创建资源组。Create a resource group with New-AzResourceGroup. 此示例在“中国东部”位置创建一个名为“CreateVNetQS-rg”的资源组:This example creates a resource group named CreateVNetQS-rg in the China East location:

$rg = @{
    Name = 'CreateVNetQS-rg'
    Location = 'ChinaEast'
}
New-AzResourceGroup @rg

创建虚拟网络Create the virtual network

使用 New-AzVirtualNetwork 创建虚拟网络。Create a virtual network with New-AzVirtualNetwork. 此示例在 ChinaEast 位置创建名为“myVNet”的默认虚拟网络:This example creates a default virtual network named myVNet in the ChinaEast location:

$vnet = @{
    Name = 'myVNet'
    ResourceGroupName = 'CreateVNetQS-rg'
    Location = 'ChinaEast'
    AddressPrefix = '10.0.0.0/16'    
}
$virtualNetwork = New-AzVirtualNetwork @vnet

添加子网Add a subnet

Azure 将资源部署到虚拟网络中的子网,因此需要创建子网。Azure deploys resources to a subnet within a virtual network, so you need to create a subnet. 使用 Add-AzVirtualNetworkSubnetConfig 创建名为“default”的子网配置:Create a subnet configuration named default with Add-AzVirtualNetworkSubnetConfig:

$subnet = @{
    Name = 'default'
    VirtualNetwork = $virtualNetwork
    AddressPrefix = '10.0.0.0/24'
}
$subnetConfig = Add-AzVirtualNetworkSubnetConfig @subnet

将子网关联到虚拟网络Associate the subnet to the virtual network

可以使用 Set-AzVirtualNetwork 将子网配置写入虚拟网络。You can write the subnet configuration to the virtual network with Set-AzVirtualNetwork. 此命令创建子网:This command creates the subnet:

$virtualNetwork | Set-AzVirtualNetwork

创建虚拟机Create virtual machines

在虚拟网络中创建两个 VM。Create two VMs in the virtual network.

创建第一个 VMCreate the first VM

使用 New-AzVM 创建第一个 VM。Create the first VM with New-AzVM. 运行下一个命令时,系统会提示输入凭据。When you run the next command, you're prompted for credentials. 为 VM 输入用户名和密码:Enter a user name and password for the VM:

$vm1 = @{
    ResourceGroupName = 'CreateVNetQS-rg'
    Location = 'ChinaEast'
    Name = 'myVM1'
    VirtualNetworkName = 'myVNet'
    SubnetName = 'default'
}
New-AzVM @vm1 -AsJob

-AsJob 选项在后台创建 VM。The -AsJob option creates the VM in the background. 可以继续执行下一步。You can continue to the next step.

Azure 开始在后台创建 VM 时,将得到如下结果:When Azure starts creating the VM in the background, you'll get something like this back:

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
--     ----            -------------   -----         -----------     --------             -------
1      Long Running... AzureLongRun... Running       True            localhost            New-AzVM

创建第二个 VMCreate the second VM

使用此命令创建第二个 VM:Create the second VM with this command:

$vm2 = @{
    ResourceGroupName = 'CreateVNetQS-rg'
    Location = 'ChinaEast'
    Name = 'myVM2'
    VirtualNetworkName = 'myVNet'
    SubnetName = 'default'
}
New-AzVM @vm2

必须创建另一个用户和密码。You'll have to create another user and password. Azure 创建 VM 需要几分钟时间。Azure takes a few minutes to create the VM.

重要

请在 Azure 创建完 VM 之后再继续下一步骤。Don't continue with the next step until Azure's finished. Azure 将输出返回到 PowerShell 时,即完成创建。You'll know it's done when it returns output to PowerShell.

备注

Azure 为未获得公共 IP 地址或位于内部基本 Azure 负载均衡器后端池中的 Azure 虚拟机提供临时 IP。Azure provides an ephemeral IP for Azure Virtual Machines which aren't assigned a public IP address, or are in the backend pool of an internal Basic Azure Load Balancer. 临时 IP 机制可提供无法配置的出站 IP 地址。The ephemeral IP mechanism provides an outbound IP address that isn't configurable.

如果将公共 IP 地址分配给某个虚拟机或将该虚拟机置入具有或不具有出站规则的标准负载均衡器的后端池中时,将禁用其原有的临时 IP。The ephemeral IP is disabled when a public IP address is assigned to the virtual machine or the virtual machine is placed in the backend pool of a Standard Load Balancer with or without outbound rules. 如果向虚拟机的子网分配 Azure 虚拟网络 NAT 网关资源,也会禁用其临时 IP。If a Azure Virtual Network NAT gateway resource is assigned to the subnet of the virtual machine, the ephemeral IP is disabled.

有关 Azure 中出站连接的详细信息,请参阅为出站连接使用源网络地址转换 (SNAT)For more information on outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections.

从 Internet 连接到 VMConnect to a VM from the internet

若要获取 VM 的公共 IP 地址,请使用 Get-AzPublicIpAddressTo get the public IP address of the VM, use Get-AzPublicIpAddress.

此示例返回 myVm1 VM 的公共 IP 地址:This example returns the public IP address of the myVm1 VM:

$ip = @{
    Name = 'myVM1'
    ResourceGroupName = 'CreateVNetQS-rg'
}
Get-AzPublicIpAddress @ip | select IpAddress

在本地计算机上打开命令提示符。Open a command prompt on your local computer. 运行 mstsc 命令。Run the mstsc command. <publicIpAddress> 替换为上一步骤中返回的公共 IP 地址:Replace <publicIpAddress> with the public IP address returned from the last step:

备注

如果在本地计算机上已从 PowerShell 提示符运行了这些命令,并且使用的是 Az PowerShell 模块 1.0 版本或更高版本,那么可以继续使用该接口。If you've been running these commands from a PowerShell prompt on your local computer, and you're using the Az PowerShell module version 1.0 or later, you can continue in that interface.

mstsc /v:<publicIpAddress>
  1. 出现提示时,选择“连接”。If prompted, select Connect.

  2. 输入在创建 VM 时指定的用户名和密码。Enter the user name and password you specified when creating the VM.

    备注

    可能需要选择“更多选择” > “使用其他帐户”,以指定在创建 VM 时输入的凭据 。You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.

  3. 选择“确定”。Select OK.

  4. 可能会收到证书警告。You may receive a certificate warning. 如果收到证书警告,选择“确定”或“继续” 。If you do, select Yes or Continue.

VM 之间进行通信Communicate between VMs

  1. 在 myVm1 远程桌面中,打开 PowerShell。In the Remote Desktop of myVm1, open PowerShell.

  2. 输入 ping myVm2Enter ping myVm2.

    将得到这样的信息:You'll get something like this back:

    PS C:\Users\myVm1> ping myVm2
    
    Pinging myVm2.ovvzzdcazhbu5iczfvonhg2zrb.bx.internal.chinacloudapp.cn
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    
    Ping statistics for 10.0.0.5:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    

    由于使用 Internet 控制消息协议 (ICMP),执行 ping 操作失败。The ping fails, because it uses the Internet Control Message Protocol (ICMP). 默认情况下,不允许 ICMP 通过 Windows 防火墙。By default, ICMP isn't allowed through your Windows firewall.

  3. 要允许 myVm2 在后面的步骤中对 myVm1 执行 ping 操作,请输入以下命令:To allow myVm2 to ping myVm1 in a later step, enter this command:

    New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4
    

    该命令允许 ICMP 通过 Windows 防火墙入站。That command lets ICMP inbound through the Windows firewall.

  4. 关闭与 myVm1 的远程桌面连接。Close the remote desktop connection to myVm1.

  5. 重复从 Internet 连接到 VM 中的步骤。Repeat the steps in Connect to a VM from the internet. 这一次,连接到 myVm2。This time, connect to myVm2.

  6. myVm2 VM上的命令提示符处,输入 ping myvm1From a command prompt on the myVm2 VM, enter ping myvm1.

    将得到这样的信息:You'll get something like this back:

    C:\windows\system32>ping myVm1
    
    Pinging myVm1.e5p2dibbrqtejhq04lqrusvd4g.bx.internal.chinacloudapp.cn [10.0.0.4] with 32 bytes of data:
    Reply from 10.0.0.4: bytes=32 time=2ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.0.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 2ms, Average = 0ms
    

    将从 myVm1 收到答复,因为在上一步中已经允许 ICMP 通过 myVm1 VM 上的 Windows 防火墙。You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a previous step.

  7. 关闭与 myVm2 的远程桌面连接。Close the remote desktop connection to myVm2.

清理资源Clean up resources

使用虚拟网络和 VM 后,请使用 Remove-AzResourceGroup 删除资源组和组内所有资源:When you're done with the virtual network and the VMs, use Remove-AzResourceGroup to remove the resource group and all the resources it has:

Remove-AzResourceGroup -Name 'CreateVNetQS-rg' -Force

后续步骤Next steps

在本快速入门:In this quickstart:

  • 已创建了默认虚拟网络和两个 VM。You created a default virtual network and two VMs.
  • 从 Internet 连接到了其中一个 VM,并在两个 VM 之间进行了私下通信。You connected to one VM from the internet and communicated privately between the two VMs.

VM 之间的专用通信在虚拟网络中不受限制。Private communication between VMs is unrestricted in a virtual network.

转到下一篇文章,详细了解如何配置不同类型的 VM 网络通信:Advance to the next article to learn more about configuring different types of VM network communications: