快速入门:使用 PowerShell 创建虚拟网络Quickstart: Create a virtual network using PowerShell

虚拟网络能让 Azure 资源(例如虚拟机 (VM))彼此之间以及与 Internet 进行私下通信。A virtual network lets Azure resources, like virtual machines (VMs), communicate privately with each other, and with the internet. 本快速入门介绍如何创建虚拟网络。In this quickstart, you learn how to create a virtual network. 创建虚拟网络后,将两个 VM 部署到该虚拟网络中。After creating a virtual network, you deploy two VMs into the virtual network. 然后可以从 Internet 连接到 VM,并通过虚拟网络进行私下通信。You then connect to the VMs from the internet, and communicate privately over the virtual network.

如果还没有 Azure 订阅,请现在就创建一个试用帐户If you don't have an Azure subscription, create a trial account now.

如果决定在本地安装并使用 PowerShell,则本快速入门需要使用 Azure PowerShell 模块 1.0.0 版本或更高版本。If you decide to install and use PowerShell locally, this quickstart requires you to use Azure PowerShell module version 1.0.0 or later. 要查找已安装的版本,请运行 Get-Module -ListAvailable AzTo find the installed version, run Get-Module -ListAvailable Az. 请参阅安装 Azure PowerShell 模块,获取安装和升级信息。See Install Azure PowerShell module for install and upgrade info.

最后,如果在本地运行 PowerShell,则还将需运行 Connect-AzAccount -Environment AzureChinaCloudFinally, if you're running PowerShell locally, you'll also need to run Connect-AzAccount -Environment AzureChinaCloud. 该命令创建与 Azure 的连接。That command creates a connection with Azure.

创建资源组和虚拟网络Create a resource group and a virtual network

要配置资源组和虚拟网络,必须完成几个步骤。There are a handful of steps you have to walk through to get your resource group and virtual network configured.

创建资源组Create the resource group

在创建虚拟网络之前,必须创建一个资源组用于托管该虚拟网络。Before you can create a virtual network, you have to create a resource group to host the virtual network. 使用 New-AzResourceGroup 创建资源组。Create a resource group with New-AzResourceGroup. 此示例在 chinaeast 位置创建一个名为 myResourceGroup 的资源组 :This example creates a resource group named myResourceGroup in the chinaeast location:

New-AzResourceGroup -Name myResourceGroup -Location ChinaEast

创建虚拟网络Create the virtual network

使用 New-AzVirtualNetwork 创建虚拟网络。Create a virtual network with New-AzVirtualNetwork. 以下示例在“ChinaEast”位置创建名为“myVirtualNetwork”的默认虚拟网络 :This example creates a default virtual network named myVirtualNetwork in the ChinaEast location:

$virtualNetwork = New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroup `
  -Location ChinaEast `
  -Name myVirtualNetwork `
  -AddressPrefix 10.0.0.0/16

添加子网Add a subnet

Azure 将资源部署到虚拟网络中的子网,因此需要创建子网。Azure deploys resources to a subnet within a virtual network, so you need to create a subnet. 使用 Add-AzVirtualNetworkSubnetConfig 创建名为“default”的子网配置:Create a subnet configuration named default with Add-AzVirtualNetworkSubnetConfig:

$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name default `
  -AddressPrefix 10.0.0.0/24 `
  -VirtualNetwork $virtualNetwork

将子网关联到虚拟网络Associate the subnet to the virtual network

可以使用 Set-AzVirtualNetwork 将子网配置写入虚拟网络。You can write the subnet configuration to the virtual network with Set-AzVirtualNetwork. 此命令创建子网:This command creates the subnet:

$virtualNetwork | Set-AzVirtualNetwork

创建虚拟机Create virtual machines

在虚拟网络中创建两个 VM。Create two VMs in the virtual network.

创建第一个 VMCreate the first VM

使用 New-AzVM 创建第一个 VM。Create the first VM with New-AzVM. 运行下一个命令时,系统会提示输入凭据。When you run the next command, you're prompted for credentials. 为 VM 输入用户名和密码:Enter a user name and password for the VM:

New-AzVm `
    -ResourceGroupName "myResourceGroup" `
    -Location "China East" `
    -VirtualNetworkName "myVirtualNetwork" `
    -SubnetName "default" `
    -Name "myVm1" `
    -AsJob

-AsJob 选项在后台创建 VM。The -AsJob option creates the VM in the background. 可以继续执行下一步。You can continue to the next step.

Azure 开始在后台创建 VM 时,将得到如下结果:When Azure starts creating the VM in the background, you'll get something like this back:

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
--     ----            -------------   -----         -----------     --------             -------
1      Long Running... AzureLongRun... Running       True            localhost            New-AzVM

创建第二个 VMCreate the second VM

使用此命令创建第二个 VM:Create the second VM with this command:

New-AzVm `
  -ResourceGroupName "myResourceGroup" `
  -VirtualNetworkName "myVirtualNetwork" `
  -SubnetName "default" `
  -Name "myVm2"

必须创建另一个用户和密码。You'll have to create another user and password. Azure 创建 VM 需要几分钟时间。Azure takes a few minutes to create the VM.

重要

请在 Azure 创建完 VM 之后再继续下一步骤。Don't continue with the next step until Azure's finished. Azure 将输出返回到 PowerShell 时,即完成创建。You'll know it's done when it returns output to PowerShell.

从 Internet 连接到 VMConnect to a VM from the internet

使用 Get-AzPublicIpAddress 返回 VM 的公共 IP 地址。Use Get-AzPublicIpAddress to return the public IP address of a VM. 此示例返回 myVm1 VM 的公共 IP 地址:This example returns the public IP address of the myVm1 VM:

Get-AzPublicIpAddress `
  -Name myVm1 `
  -ResourceGroupName myResourceGroup `
  | Select IpAddress

在本地计算机上打开命令提示符。Open a command prompt on your local computer. 运行 mstsc 命令。Run the mstsc command. <publicIpAddress> 替换为上一步骤中返回的公共 IP 地址:Replace <publicIpAddress> with the public IP address returned from the last step:

备注

如果在本地计算机上已从 PowerShell 提示符运行了这些命令,并且使用的是 Az PowerShell 模块 1.0 版本或更高版本,那么可以继续使用该接口。If you've been running these commands from a PowerShell prompt on your local computer, and you're using the Az PowerShell module version 1.0 or later, you can continue in that interface.

mstsc /v:<publicIpAddress>
  1. 出现提示时,选择“连接” 。If prompted, select Connect.

  2. 输入在创建 VM 时指定的用户名和密码。Enter the user name and password you specified when creating the VM.

    备注

    可能需要选择“更多选择” > “使用其他帐户”,以指定在创建 VM 时输入的凭据。You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.

  3. 选择“确定” 。Select OK.

  4. 可能会收到证书警告。You may receive a certificate warning. 如果收到证书警告,选择“确定”或“继续” 。If you do, select Yes or Continue.

VM 之间进行通信Communicate between VMs

  1. 在 myVm1 远程桌面中,打开 PowerShell 。In the Remote Desktop of myVm1, open PowerShell.

  2. 输入 ping myVm2Enter ping myVm2.

    将得到这样的信息:You'll get something like this back:

    PS C:\Users\myVm1> ping myVm2
    
    Pinging myVm2.ovvzzdcazhbu5iczfvonhg2zrb.bx.internal.chinacloudapp.cn
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    
    Ping statistics for 10.0.0.5:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    

    由于使用 Internet 控制消息协议 (ICMP),执行 ping 操作失败。The ping fails, because it uses the Internet Control Message Protocol (ICMP). 默认情况下,不允许 ICMP 通过 Windows 防火墙。By default, ICMP isn't allowed through your Windows firewall.

  3. 要允许 myVm2 在后面的步骤中对 myVm1 执行 ping 操作 ,请输入以下命令:To allow myVm2 to ping myVm1 in a later step, enter this command:

    New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4
    

    该命令允许 ICMP 通过 Windows 防火墙入站。That command lets ICMP inbound through the Windows firewall.

  4. 关闭与 myVm1 的远程桌面连接。Close the remote desktop connection to myVm1.

  5. 重复从 Internet 连接到 VM 中的步骤。Repeat the steps in Connect to a VM from the internet. 这一次,连接到 myVm2 。This time, connect to myVm2.

  6. myVm2 VM上的命令提示符处,输入 ping myvm1From a command prompt on the myVm2 VM, enter ping myvm1.

    将得到这样的信息:You'll get something like this back:

    C:\windows\system32>ping myVm1
    
    Pinging myVm1.e5p2dibbrqtejhq04lqrusvd4g.bx.internal.chinacloudapp.cn [10.0.0.4] with 32 bytes of data:
    Reply from 10.0.0.4: bytes=32 time=2ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.0.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 2ms, Average = 0ms
    

    将从 myVm1 收到答复,因为在上一步中已经允许 ICMP 通过 myVm1 VM 上的 Windows 防火墙。You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a previous step.

  7. 关闭与 myVm2 的远程桌面连接。Close the remote desktop connection to myVm2.

清理资源Clean up resources

使用虚拟网络和 VM 后,请使用 Remove-AzResourceGroup 删除资源组和组内所有资源:When you're done with the virtual network and the VMs, use Remove-AzResourceGroup to remove the resource group and all the resources it has:

Remove-AzResourceGroup -Name myResourceGroup -Force

后续步骤Next steps

在本快速入门中,你创建了默认的虚拟网络和两个 VM。In this quickstart, you created a default virtual network and two VMs. 你从 Internet 连接到了其中一个 VM,然后该 VM 与另一个 VM 进行了私下通信。You connected to one VM from the internet and communicated privately between the VM and another VM. 若要了解有关虚拟网络设置的详细信息,请参阅管理虚拟网络To learn more about virtual network settings, see Manage a virtual network.

Azure 可让虚拟机彼此之间进行不受限制的私下通信。Azure allows unrestricted private communication between virtual machines. 默认情况下,Azure 仅允许从 Internet 到 Windows VM 的入站远程桌面连接。By default, Azure only allows inbound remote desktop connections to Windows VMs from the internet. 要了解有关配置不同类型的 VM 网络通信的详细信息,请转到筛选网络流量教程。To learn more about configuring different types of VM network communications, go to the Filter network traffic tutorial.