Quickstart: Create a virtual network using PowerShell

A virtual network enables Azure resources, such as virtual machines (VM), to communicate privately with each other, and with the internet. In this quickstart, you learn how to create a virtual network. After creating a virtual network, you deploy two VMs into the virtual network. You then connect to one VM from the internet, and communicate privately between the two VMs.

If you don't have an Azure subscription, create a free account before you begin.

Launch Azure Cloud Shell

The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. It has common Azure tools preinstalled and configured to use with your account. Just click the Copy to copy the code, paste it into the Cloud Shell, and then press enter to run it. There are a few ways to launch the Cloud Shell:

Click Try It in the upper right corner of a code block. Cloud Shell in this article
Open Cloud Shell in your browser. https://shell.azure.com/powershell
Click the Cloud Shell button on the menu in the upper right of the Azure portal. Cloud Shell in the portal

If you choose to install and use PowerShell locally, this quickstart requires the AzureRM PowerShell module version 5.4.1 or later. To find the installed version, run Get-Module -ListAvailable AzureRM. If you need to upgrade, see Install Azure PowerShell module. If you are running PowerShell locally, you also need to run Connect-AzureRmAccount to create a connection with Azure.

Create a virtual network

Before you can create a virtual network, you must create a resource group to contain the virtual network. Create a resource group with New-AzureRmResourceGroup. The following example creates a resource group named myResourceGroup in the eastus location.

New-AzureRmResourceGroup -Name myResourceGroup -Location EastUS

Create a virtual network with New-AzureRmVirtualNetwork. The following example creates a default virtual network named myVirtualNetwork in the EastUS location:

$virtualNetwork = New-AzureRmVirtualNetwork `
  -ResourceGroupName myResourceGroup `
  -Location EastUS `
  -Name myVirtualNetwork `
  -AddressPrefix 10.0.0.0/16

Azure resources are deployed to a subnet within a virtual network, so you need to create a subnet. Create a subnet configuration with New-AzureRmVirtualNetworkSubnetConfig.

$subnetConfig = Add-AzureRmVirtualNetworkSubnetConfig `
  -Name default `
  -AddressPrefix 10.0.0.0/24 `
  -VirtualNetwork $virtualNetwork

Write the subnet configuration to the virtual network with Set-AzureRmVirtualNetwork, which creates the subnet within the virtual network:

$virtualNetwork | Set-AzureRmVirtualNetwork

Create virtual machines

Create two VMs in the virtual network:

Create the first VM

Create a VM with New-AzureRmVM. When running the command that follows, you are prompted for credentials. The values that you enter are configured as the user name and password for the VM. The -AsJob option creates the VM in the background, so that you can continue to the next step.

New-AzureRmVm `
    -ResourceGroupName "myResourceGroup" `
    -Location "East US" `
    -VirtualNetworkName "myVirtualNetwork" `
    -SubnetName "default" `
    -Name "myVm1" `
    -AsJob

Output similar to the following example output is returned, and Azure starts creating the VM in the background.

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command                  
--     ----            -------------   -----         -----------     --------             -------                  
1      Long Running... AzureLongRun... Running       True            localhost            New-AzureRmVM     

Create the second VM

Enter the following command:

New-AzureRmVm `
  -ResourceGroupName "myResourceGroup" `
  -VirtualNetworkName "myVirtualNetwork" `
  -SubnetName "default" `
  -Name "myVm2"

The VM takes a few minutes to create. Do not continue with the next step until the previous command executes and output is returned to PowerShell.

Connect to a VM from the internet

Use Get-AzureRmPublicIpAddress to return the public IP address of a VM. The following example returns the public IP address of the myVm1 VM:

Get-AzureRmPublicIpAddress `
  -Name myVm1 `
  -ResourceGroupName myResourceGroup `
  | Select IpAddress

Replace <publicIpAddress> in the following command, with the public IP address returned from the previous command, and then enter the following command:

mstsc /v:<publicIpAddress>

A Remote Desktop Protocol (.rdp) file is created and downloaded to your computer. Open the downloaded rdp file. If prompted, select Connect. Enter the user name and password you specified when creating the VM. You may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM. Select OK. You may receive a certificate warning during the sign-in process. If you receive the warning, select Yes or Continue, to proceed with the connection.

Communicate between VMs

From PowerShell on the myVm1 VM, enter ping myvm2. Ping fails, because ping uses the Internet Control Message Protocol (ICMP), and ICMP is not allowed through the Windows firewall, by default.

To allow myVm2 to ping myVm1 in a later step, enter the following command from PowerShell, which allows ICMP inbound through the Windows firewall:

New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4

Close the remote desktop connection to myVm1.

Complete the steps in Connect to a VM from the internet again, but connect to myVm2.

From a command prompt on the myVm2 VM, enter ping myvm1.

You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a previous step.

Close the remote desktop connection to myVm2.

Clean up resources

When no longer needed, you can use Remove-AzureRmResourceGroup to remove the resource group and all of the resources it contains:

Remove-AzureRmResourceGroup -Name myResourceGroup -Force

Next steps

In this quickstart, you created a default virtual network and two VMs. You connected to one VM from the internet and communicated privately between the VM and another VM. To learn more about virtual network settings, see Manage a virtual network.

By default, Azure allows unrestricted private communication between virtual machines, but only allows inbound remote desktop connections to Windows VMs from the internet. To learn how to allow or restrict different types of network communication to and from VMs, continue to the Filter network traffic tutorial.