您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

快速入门:通过专用 IP 地址和浏览器安全地连接到 VMQuickstart: Connect to a VM securely through a browser via private IP address

可以使用 Azure 门户和 Azure Bastion 通过浏览器连接到虚拟机 (VM)。You can connect to a virtual machine (VM) through your browser using the Azure portal and Azure Bastion. 本快速入门文章介绍了如何根据 VM 设置配置 Azure Bastion,然后通过门户连接到 VM。This quickstart article shows you how to configure Azure Bastion based on your VM settings, and then connect to your VM through the portal. VM 不需要公共 IP 地址、客户端软件、代理或特殊配置。The VM doesn't need a public IP address, client software, agent, or a special configuration. 预配服务后,RDP/SSH 体验即可用于同一虚拟网络中的所有虚拟机。Once the service is provisioned, the RDP/SSH experience is available to all of the virtual machines in the same virtual network. 有关 Azure Bastion 的详细信息,请参阅什么是 Azure BastionFor more information about Azure Bastion, see What is Azure Bastion?.

先决条件Prerequisites

  • 具有活动订阅的 Azure 帐户。An Azure account with an active subscription. 如果没有,请免费创建一个If you don't have one, create one for free. 为了能够使用 Bastion 通过浏览器连接到 VM,必须能够登录 Azure 门户。To be able to connect to a VM through your browser using Bastion, you must be able to sign in to the Azure portal.

  • 虚拟网络中的 Windows 虚拟机。A Windows virtual machine in a virtual network. 如果没有 VM,请按照快速入门:创建 VM 的说明创建一个。If you don't have a VM, create one using Quickstart: Create a VM.

    • 如果需要示例值,请参阅提供的示例值If you need example values, see the provided Example values.
    • 如果已有虚拟网络,请确保在创建 VM 时在“网络”选项卡上选择它。If you already have a virtual network, make sure to select it on the Networking tab when you create your VM.
    • 如果还没有虚拟网络,可以在创建 VM 的同时创建一个虚拟网络。If you don't already have a virtual network, you can create one at the same time you create your VM.
    • 此 VM 无需公共 IP 地址即可通过 Azure Bastion 进行连接。You do not need to have a public IP address for this VM in order to connect via Azure Bastion.
  • 所需 VM 角色:Required VM roles:

    • 虚拟机上的读者角色。Reader role on the virtual machine.
    • NIC 上的读者角色(使用虚拟机的专用 IP)。Reader role on the NIC with private IP of the virtual machine.
  • 所需 VM 端口:Required VM ports:

    • 入站端口:RDP (3389)Inbound ports: RDP (3389)

示例值Example values

创建此配置时,可以使用以下示例值,也可以将其替换为自己的值。You can use the following example values when creating this configuration, or you can substitute your own.

基本 VNet 和 VM 值:Basic VNet and VM values:

名称Name Value
虚拟机Virtual machine TestVMTestVM
资源组Resource group TestRGTestRG
区域Region 美国东部East US
虚拟网络Virtual network TestVNet1TestVNet1
地址空间Address space 10.0.0.0/1610.0.0.0/16
子网Subnets FrontEnd:10.0.0.0/24FrontEnd: 10.0.0.0/24

Azure Bastion 值:Azure Bastion values:

名称Name Value
名称Name TestVNet1-bastionTestVNet1-bastion
+ 子网名称+ Subnet Name AzureBastionSubnetAzureBastionSubnet
AzureBastionSubnet 地址AzureBastionSubnet addresses VNet 地址空间中子网掩码为 /27 的子网。A subnet within your VNet address space with a /27 subnet mask. 例如 10.0.1.0/27。For example, 10.0.1.0/27.
公共 IP 地址Public IP address 新建Create new
公共 IP 地址名称Public IP address name VNet1BastionPIPVNet1BastionPIP
公用 IP 地址 SKUPublic IP address SKU StandardStandard
分配Assignment 静态Static

创建 Bastion 主机Create a bastion host

可以通过几种不同的方式来配置堡垒主机。There are a few different ways to configure a bastion host. 可按照以下步骤在 Azure 门户中直接从 VM 创建堡垒主机。In the following steps, you'll create a bastion host in the Azure portal directly from your VM. 从 VM 创建主机时,多个设置可根据虚拟机和/或虚拟网络自动填充。When you create a host from a VM, various settings will automatically populate corresponding to your virtual machine and/or virtual network.

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 导航到要连接的 VM,然后选择“连接”。Navigate to the VM that you want to connect to, then select Connect.

    虚拟机设置

  3. 在下拉列表中,选择“Bastion”。From the dropdown, select Bastion.

  4. 在“TestVM | 连接”页上,选择“使用 Bastion” 。On the TestVM | Connect page, select Use Bastion.

    选择“Bastion”

  5. 在“Bastion”页上,填写以下设置字段:On the Bastion page, fill out the following settings fields:

    • 名称:为 Bastion 主机命名。Name: Name the bastion host.
    • 子网:这是将向其中部署 Bastion 资源的虚拟网络地址空间。Subnet: This is the virtual network address space to which the Bastion resource will be deployed. 必须使用名称 AzureBastionSubnet 创建子网。The subnet must be created with the name AzureBastionSubnet. 使用至少为 /27 或更大(/27、/26、/25 等)的子网。Use a subnet of at least /27 or larger (/27, /26, /25, and so on).
    • 选择“管理子网配置”。Select Manage subnet configuration.
  6. 在“子网”页中,选择“+ 子网” 。On the Subnets page, select +Subnet.

    + 子网

  7. 在“添加子网”页上,为“名称”键入 AzureBastionSubnet 。On Add subnet page, for Name, type AzureBastionSubnet.

    • 对于子网地址范围,请选择你的虚拟网络地址空间中的子网地址。For subnet address range, choose a subnet address that is within your virtual network address space.
    • 请勿调整任何其他设置。Don't adjust any other settings. 选择“确定”以接受并保存子网更改。Select OK to accept and save the subnet changes.

    添加子网

  8. 单击浏览器上的后退按钮,导航回“Bastion”页,然后继续指定值。Click the back button on your browser to navigate back to the Bastion page, and continue specifying values.

    • 公共 IP 地址:保留“新建”。Public IP address: Leave as Create new.
    • 公共 IP 地址名称:公共 IP 地址资源的名称。Public IP address name: The name of the public IP address resource.
    • 分配:默认为“静态”。Assignment: Defaults to Static. 不能对 Azure Bastion 使用“动态”分配。You can't use a Dynamic assignment for Azure Bastion.
    • 资源组:与 VM 相同的资源组。Resource group: The same resource group as the VM.

    创建 Bastion 主机

  9. 选择“创建”以创建 Bastion 主机。Select Create to create the bastion host. Azure 会验证设置,然后创建主机。Azure validates your settings, then creates the host. 主机和其资源的创建及部署大约需要 5 分钟。The host and its resources take about 5 minutes to create and deploy.

连接Connect

在将 Bastion 部署到虚拟网络后,屏幕切换到连接页面。After Bastion has been deployed to the virtual network, the screen changes to the connect page.

  1. 键入虚拟机的用户名和密码。Type the username and password for your virtual machine. 然后,选择“连接”。Then, select Connect.

    屏幕截图显示“使用 Azure Bastion 进行连接”对话框。

  2. 连接到此虚拟机的 RDP 将使用端口 443 和 Bastion 服务在 Azure 门户中(通过 HTML5)直接打开。The RDP connection to this virtual machine will open directly in the Azure portal (over HTML5) using port 443 and the Bastion service.

    RDP 连接

清理资源Clean up resources

使用完虚拟网络和虚拟机之后,请删除资源组和其包含的所有资源:When you're done using the virtual network and the virtual machines, delete the resource group and all of the resources it contains:

  1. 在门户顶部的“搜索”框中输入资源组的名称,并从搜索结果中选择资源组。Enter the name of your resource group in the Search box at the top of the portal and select it from the search results.

  2. 选择“删除资源组” 。Select Delete resource group.

  3. 在“键入资源组名称”中输入资源组名称,然后选择“删除” 。Enter your resource group for TYPE THE RESOURCE GROUP NAME and select Delete.

后续步骤Next steps

在本快速入门中,你为虚拟网络创建了一个堡垒主机,然后通过 Bastion 安全连接到了虚拟机。In this quickstart, you created a bastion host for your virtual network, and then connected to a virtual machine securely via Bastion. 接下来,如果要连接到虚拟机规模集,可以继续执行以下步骤。Next, you can continue with the following step if you want to connect to a virtual machine scale set.