Quickstart: Create a virtual network using PowerShell

A virtual network lets Azure resources, like virtual machines (VMs), communicate privately with each other, and with the internet. In this quickstart, you learn how to create a virtual network. After creating a virtual network, you deploy two VMs into the virtual network. You then connect to the VMs from the internet, and communicate privately over the virtual network.

If you don't have an Azure subscription, create a free account now.

Use Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

To start Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code block. Selecting Try It doesn't automatically copy the code to Cloud Shell. Example of Try It for Azure Cloud Shell
Go to https://shell.azure.com or select the Launch Cloud Shell button to open Cloud Shell in your browser. Launch Cloud Shell in a new window
Select the Cloud Shell button on the top-right menu bar in the Azure portal. Cloud Shell button in the Azure portal

To run the code in this article in Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block to copy the code.

  3. Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code.

If you decide to install and use PowerShell locally instead, this quickstart requires you to use Azure PowerShell module version 1.0.0 or later. To find the installed version, run Get-Module -ListAvailable Az. See Install Azure PowerShell module for install and upgrade info.

Finally, if you're running PowerShell locally, you'll also need to run Connect-AzAccount. That command creates a connection with Azure.

Create a resource group and a virtual network

There are a handful of steps you have to walk through to get your resource group and virtual network configured.

Create the resource group

Before you can create a virtual network, you have to create a resource group to host the virtual network. Create a resource group with New-AzResourceGroup. This example creates a resource group named myResourceGroup in the eastus location:

New-AzResourceGroup -Name myResourceGroup -Location EastUS

Create the virtual network

Create a virtual network with New-AzVirtualNetwork. This example creates a default virtual network named myVirtualNetwork in the EastUS location:

$virtualNetwork = New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroup `
  -Location EastUS `
  -Name myVirtualNetwork `
  -AddressPrefix 10.0.0.0/16

Add a subnet

Azure deploys resources to a subnet within a virtual network, so you need to create a subnet. Create a subnet configuration named default with Add-AzVirtualNetworkSubnetConfig:

$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name default `
  -AddressPrefix 10.0.0.0/24 `
  -VirtualNetwork $virtualNetwork

Associate the subnet to the virtual network

You can write the subnet configuration to the virtual network with Set-AzVirtualNetwork. This command creates the subnet:

$virtualNetwork | Set-AzVirtualNetwork

Create virtual machines

Create two VMs in the virtual network.

Create the first VM

Create the first VM with New-AzVM. When you run the next command, you're prompted for credentials. Enter a user name and password for the VM:

New-AzVm `
    -ResourceGroupName "myResourceGroup" `
    -Location "East US" `
    -VirtualNetworkName "myVirtualNetwork" `
    -SubnetName "default" `
    -Name "myVm1" `
    -AsJob

The -AsJob option creates the VM in the background. You can continue to the next step.

When Azure starts creating the VM in the background, you'll get something like this back:

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
--     ----            -------------   -----         -----------     --------             -------
1      Long Running... AzureLongRun... Running       True            localhost            New-AzVM

Create the second VM

Create the second VM with this command:

New-AzVm `
  -ResourceGroupName "myResourceGroup" `
  -VirtualNetworkName "myVirtualNetwork" `
  -SubnetName "default" `
  -Name "myVm2"

You'll have to create another user and password. Azure takes a few minutes to create the VM.

Important

Don't continue with the next step until Azure's finished. You'll know it's done when it returns output to PowerShell.

Connect to a VM from the internet

Use Get-AzPublicIpAddress to return the public IP address of a VM. This example returns the public IP address of the myVm1 VM:

Get-AzPublicIpAddress `
  -Name myVm1 `
  -ResourceGroupName myResourceGroup `
  | Select IpAddress

Open a command prompt on your local computer. Run the mstsc command. Replace <publicIpAddress> with the public IP address returned from the last step:

Note

If you've been running these commands from a PowerShell prompt on your local computer, and you're using the Az PowerShell module version 1.0 or later, you can continue in that interface.

mstsc /v:<publicIpAddress>
  1. If prompted, select Connect.

  2. Enter the user name and password you specified when creating the VM.

    Note

    You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.

  3. Select OK.

  4. You may receive a certificate warning. If you do, select Yes or Continue.

Communicate between VMs

  1. In the Remote Desktop of myVm1, open PowerShell.

  2. Enter ping myVm2.

    You'll get something like this back:

    PS C:\Users\myVm1> ping myVm2
    
    Pinging myVm2.ovvzzdcazhbu5iczfvonhg2zrb.bx.internal.cloudapp.net
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    
    Ping statistics for 10.0.0.5:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    

    The ping fails, because it uses the Internet Control Message Protocol (ICMP). By default, ICMP isn't allowed through your Windows firewall.

  3. To allow myVm2 to ping myVm1 in a later step, enter this command:

    New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4
    

    That command lets ICMP inbound through the Windows firewall.

  4. Close the remote desktop connection to myVm1.

  5. Repeat the steps in Connect to a VM from the internet. This time, connect to myVm2.

  6. From a command prompt on the myVm2 VM, enter ping myvm1.

    You'll get something like this back:

    C:\windows\system32>ping myVm1
    
    Pinging myVm1.e5p2dibbrqtejhq04lqrusvd4g.bx.internal.cloudapp.net [10.0.0.4] with 32 bytes of data:
    Reply from 10.0.0.4: bytes=32 time=2ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.0.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 2ms, Average = 0ms
    

    You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a previous step.

  7. Close the remote desktop connection to myVm2.

Clean up resources

When you're done with the virtual network and the VMs, use Remove-AzResourceGroup to remove the resource group and all the resources it has:

Remove-AzResourceGroup -Name myResourceGroup -Force

Next steps

In this quickstart, you created a default virtual network and two VMs. You connected to one VM from the internet and communicated privately between the VM and another VM. To learn more about virtual network settings, see Manage a virtual network.

Azure allows unrestricted private communication between virtual machines. By default, Azure only allows inbound remote desktop connections to Windows VMs from the internet. To learn more about configuring different types of VM network communications, go to the Filter network traffic tutorial.