您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

快速入门:使用 ARM 模板创建任意对任意配置Quickstart: Create an Any-to-any configuration using an ARM template

本快速入门介绍如何使用 Azure 资源管理器模板(ARM 模板)来创建任意对任意方案;在该方案中,任何分支都可到达另一个分支。This quickstart describes how to use an Azure Resource Manager template (ARM template) to create an Any-to-any scenario where any spoke can reach another spoke.

ARM 模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。An ARM template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. 模板使用声明性语法。The template uses declarative syntax. 在声明性语法中,你可以在不编写创建部署的编程命令序列的情况下,描述预期部署。In declarative syntax, you describe your intended deployment without writing the sequence of programming commands to create the deployment.

如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. Azure 门户中会打开模板。The template will open in the Azure portal.

部署到 AzureDeploy to Azure

先决条件Prerequisites

  • 如果没有 Azure 订阅,请在开始之前创建一个免费帐户If you don't have an Azure subscription, create a free account before you begin.
  • 此配置要求提供公钥证书数据。Public key certificate data is required for this configuration. 本文提供了示例数据。Sample data is provided in the article. 不过,提供示例数据只是为了满足创建 P2S 网关的模板要求。However, the sample data is provided only to satisfy the template requirements in order to create a P2S gateway. 完成模板并部署资源后,必须使用自己的证书数据更新此字段,以使配置正常工作。After the template completes and the resources are deployed, you must update this field with your own certificate data in order for the configuration to work. 请参阅用户 VPN 证书See User VPN certificates.

查看模板Review the template

本快速入门中使用的模板来自 Azure 快速启动模板The template used in this quickstart is from Azure Quickstart Templates. 本文的模板太长,无法在此处显示。The template for this article is too long to show here. 若要查看模板,请参阅 azuredeploy.jsonTo view the template, see azuredeploy.json.

在此快速入门中,你将创建一个 Azure 虚拟 WAN 多中心部署,包括所有网关和 VNet 连接。In this quickstart, you'll create an Azure Virtual WAN multi-hub deployment, including all gateways and VNet connections. 输入参数列表已有意保持在最小值。The list of input parameters has been purposely kept at a minimum. 可通过修改模板内的变量来更改 IP 寻址方案。The IP addressing scheme can be changed by modifying the variables inside of the template. 方案将在任意对任意方案文章中进一步说明。The scenario is explained further in the Any-to-any scenario article.

部署体系结构

此模板使用以下资源创建功能齐全的 Azure 虚拟 WAN 环境:This template creates a fully functional Azure Virtual WAN environment with the following resources:

  • 2 个不同的中心(分处不同区域)Two distinct hubs in different regions
  • 4 个 Azure 虚拟网络 (VNet)Four Azure virtual networks (VNet)
  • 每个 VWAN 中心有 2 个 VNet 连接Two VNet connections for each VWAN hub
  • 每个中心有 1 个点到站点 (P2S) VPN 网关One Point-to-Site (P2S) VPN gateway in each hub
  • 每个中心有 1 个站点到站点 (S2S) VPN 网关One Site-to-Site (S2S) VPN gateway in each hub
  • 每个中心有 1 个 ExpressRoute 网关One ExpressRoute gateway in each hub

模板中定义了多个 Azure 资源:Multiple Azure resources are defined in the template:

备注

此 ARM 模板不会创建混合连接所需的客户端资源。This ARM template doesn't create the customer-side resources required for hybrid connectivity. 部署模板后,仍然需要创建和配置 P2S VPN 客户端和 VPN 分支(本地站点),并连接 ExpressRoute 线路。After you deploy the template, you still need to create and configure the P2S VPN clients, the VPN branches (Local Sites), and connect the ExpressRoute circuits.

若要查找更多模板,请参阅 Azure 快速入门模板To find more templates, see Azure Quickstart Templates.

部署模板Deploy the template

若要正确部署此模板,必须使用“部署到 Azure”按钮和 Azure 门户,而不是其他方法,原因如下:To deploy this template properly, you must use the button to Deploy to Azure button and the Azure portal, rather than other methods, for the following reasons:

  • 若要创建 P2S 配置,你需要上传根证书数据。In order to create the P2S configuration, you need to upload the root certificate data. 使用 PowerShell 或 CLI 时,数据字段不接受证书数据。The data field does not accept the certificate data when using PowerShell or CLI.
  • 由于证书数据上传,使用 Cloud Shell 时此模板无法正常工作。This template does not work properly using Cloud Shell due to the certificate data upload.
  • 此外,你可在门户中轻松修改模板和参数,以适应 IP 地址范围和其他值。Additionally, you can easily modify the template and parameters in the portal to accommodate IP address ranges and other values.
  1. 单击 “部署到 Azure”Click Deploy to Azure.

    “部署到 Azure”Deploy to Azure

  2. 若要查看模板,请单击“编辑模板”。To view the template, click Edit template. 在此页上,可调整某些值,例如地址空间或某些资源的名称。On this page, you can adjust some of the values such as address space or the name of certain resources. 选择“保存”来保存更改,或者选择“放弃” 。Save to save your changes, or Discard.

  3. 在模板页面上输入值。On the template page, enter the values. 对于此模板,需要提供 P2S 公共证书数据。For this template, the P2S public certificate data is required. 若要用本文进行练习,可使用此 .cer 文件中的以下数据作为两个中心的示例数据。If you are using this article as an exercise, you can use the following data from this .cer file as sample data for both hubs. 在模板运行且部署完成后,必须为自己的部署将此信息替换为公钥证书数据,才能使用 P2S 配置。Once the template runs and deployment is complete, in order to use the P2S configuration, you must replace this information with the public key certificate data for your own deployment.

    MIIC5zCCAc+gAwIBAgIQGxd3Av1q6LJDZ71e3TzqcTANBgkqhkiG9w0BAQsFADAW
    MRQwEgYDVQQDDAtQMlNSb290Q2VydDAeFw0yMDExMDkyMjMxNTVaFw0yMTExMDky
    MjUxNTVaMBYxFDASBgNVBAMMC1AyU1Jvb3RDZXJ0MIIBIjANBgkqhkiG9w0BAQEF
    AAOCAQ8AMIIBCgKCAQEA33fFra/E0YmGuXLKmYcdvjsYpKwQmw8DjjDkbwhE9jcc
    Dp50e7F1P6Rxo1T6Hm3dIhEji+0QkP4Ie0XPpw0eW77+RWUiG9XJxGqtJ3Q4tyRy
    vBfsHORcqMlpV3VZOXIxrk+L/1sSm2xAc2QGuOqKaDNNoKmjrSGNVAeQHigxbTQg
    zCcyeuhFxHxAaxpW0bslK2hEZ9PhuAe22c2SHht6fOIDeXkadzqTFeV8wEZdltLr
    6Per0krxf7N2hFo5Cfz0KgWlvgdKLL7dUc9cjHo6b6BL2pNbLh8YofwHQOQbwt6H
    miAkEnx1EJ5N8AWuruUTByR2jcWyCnEAUSH41+nk4QIDAQABozEwLzAOBgNVHQ8B
    Af8EBAMCAgQwHQYDVR0OBBYEFJMgnJSYHH5AJ+9XB11usKRwjbjNMA0GCSqGSIb3
    DQEBCwUAA4IBAQBOy8Z5FBd/nvgDcjvAwNCw9h5RHzgtgQqDP0qUjEqeQv3ALeC+
    k/F2Tz0OWiPEzX5N+MMrf/jiYsL2exXuaPWCF5U9fu8bvs89GabHma8MGU3Qua2x
    Imvt0whWExQMjoyU8SNUi2S13fnRie9ZlSwNh8B/OIUUEtVhQsd4OfuZZFVH4xGp
    ibJMSMe5JBbZJC2tCdSdTLYfYJqrLkVuTjynXOjmz2JXfwnDNqEMdIMMjXzlNavR
    J8SNtAoptMOK5vAvlySg4LYtFyXkl0W0vLKIbbHf+2UszuSCijTUa3o/Y1FoYSfi
    eJH431YTnVLuwdd6fXkXFBrXDhjNsU866+hE
    
  4. 输入值后,选择“查看 + 创建”。When you have finished entering values, select Review + create.

  5. 在“查看 + 创建”页面上,验证通过后选择“创建” 。On the Review + create page, after validation passes, select Create.

  6. 需要大约 75 分钟才能完成部署。It takes about 75 minutes for the deployment to complete. 可在模板概述页面上查看进度。You can view the progress on the template Overview page. 即使关闭门户,部署也将继续。If you close the portal, deployment will continue.

    部署完成示例

验证部署Validate the deployment

  1. 登录 Azure 门户Sign in to the Azure portal.

  2. 从左侧窗格中选择“资源组”。Select Resource groups from the left pane.

  3. 选择你在上一部分中创建的资源组。Select the resource group that you created in the previous section. 在概述页面上,你将看到如下例所示的内容: 资源示例

  4. 单击虚拟 WAN 以查看中心。Click the virtual WAN to view the hubs. 在虚拟 WAN 页面上,单击每个中心以查看连接和其他中心信息。On the virtual WAN page, click each hub to view connections and other hub information. 中心示例

完成混合配置Complete the hybrid configuration

该模板不会配置混合网络所需的部分设置。The template does not configure all of the settings necessary for a hybrid network. 根据要求,你需要完成以下配置和设置。You need to complete the following configurations and settings, depending on your requirements.

清理资源Clean up resources

当不再需要所创建的资源时,请将其删除。When you no longer need the resources that you created, delete them. 由于存在依赖关系,必须按特定顺序删除某些虚拟 WAN 资源。Some of the Virtual WAN resources must be deleted in a certain order due to dependencies. 大约需要 30 分钟才能完成删除。Deleting can take about 30 minutes to complete.

  1. 打开所创建的虚拟 WAN。Open the virtual WAN that you created.
  2. 选择与虚拟 WAN 关联的虚拟中心来打开中心页面。Select a virtual hub associated to the virtual WAN to open the hub page.
  3. 单击 “删除”Click Delete. 删除中心内的所有实体(连接、网关等)。Delete all entities (connections, gateways, etc.) in the hub. 此步骤可能需要 30 分钟才能完成。This can take 30 minutes to complete.
  4. 你可在此时删除中心,也可稍后在删除资源组时删除它。You can either delete the hub at this point, or delete it later when you delete the resource group.
  5. 对与虚拟 WAN 关联的所有中心重复此操作。Repeat for all hubs associated to the virtual WAN.
  6. 在 Azure 门户中,导航到资源组。Navigate to the resource group in the Azure portal.
  7. 选择“删除资源组”。Select Delete resource group. 这将删除资源组中的所有内容,包括中心和虚拟 WAN。This deletes everything in the resource group, including the hubs and the virtual WAN.

后续步骤Next steps