Azure 中的虛擬網路和虛擬機器Virtual networks and virtual machines in Azure

當您建立 Azure 虛擬機器 (VM) 時,您必須建立虛擬網路 (VNet),或使用現有的 VNet。When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. 您也需要決定如何在 VNet 上存取您的 VM。You also need to decide how your VMs are intended to be accessed on the VNet. 請務必在建立資源前進行規劃,並確定您已了解網路資源的限制It is important to plan before creating resources and make sure that you understand the limits of networking resources.

在下圖中,VM 是以 Web 伺服器和資料庫伺服器表示。In the following figure, VMs are represented as web servers and database servers. 每一組 VM 都會指派給 VNet 中的個別子網路。Each set of VMs are assigned to separate subnets in the VNet.

Azure 虛擬網路

您在建立 VM 之前可以先建立 VNet,也可以在建立 VM 時建立 VNet。You can create a VNet before you create a VM or you can as you create a VM. 您可建立下列資源來支援與 VM 的通訊︰You create these resources to support communication with a VM:

  • 網路介面Network interfaces
  • IP 位址IP addresses
  • 虛擬網路和子網路Virtual network and subnets

除了上述基本資源以外,您也應該考慮下列選擇性資源︰In addition to those basic resources, you should also consider these optional resources:

  • 網路安全性群組Network security groups
  • 負載平衡器Load balancers

網路介面Network interfaces

網路介面 (NIC) 是 VM 與虛擬網路 (VNet) 之間互相連線的橋樑。A network interface (NIC) is the interconnection between a VM and a virtual network (VNet). VM 必須有至少一個 NIC,但視您所建立的 VM 大小而定,可以有一個以上的 NIC。A VM must have at least one NIC, but can have more than one, depending on the size of the VM you create. 深入瞭解每個 VM 大小所支援的 Nic 數目,請參閱 vm 大小Learn about how many NICs each VM size supports, see VM sizes.

您可以使用多個 NIC 來建立 VM,並透過 VM 的生命週期來新增或移除 NIC。You can create a VM with multiple NICs, and add or remove NICs through the lifecycle of a VM. 多個 NIC 允許 VM 連線到不同的子網路,並透過最適當的介面來傳送或接收流量。Multiple NICs allow a VM to connect to different subnets and send or receive traffic over the most appropriate interface. 有任意多個網路介面的 VM (最多可達 VM 大小所支援的數目) 可存在於相同的可用性設定組中。VMs with any number of network interfaces can exist in the same availability set, up to the number supported by the VM size.

連接到 VM 的每個 NIC 都必須與 VM 位於相同的位置和訂用帳戶。Each NIC attached to a VM must exist in the same location and subscription as the VM. 每個 NIC 都必須連接到與 NIC 位於相同 Azure 位置和訂用帳戶中的 VNet。Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. 您可以變更 VM 建立之後所要連線的子網路,但無法變更它所連線的 VNet。You can change the subnet a VM is connected to after it's created, but you cannot change the VNet. 連線到 VM 的每個 NIC 會被指派 MAC 位址,該 MAC 位址在 VM 刪除前不會變更。Each NIC attached to a VM is assigned a MAC address that doesn't change until the VM is deleted.

下表列出可用於建立網路介面的方法。This table lists the methods that you can use to create a network interface.

方法Method 描述Description
Azure 入口網站Azure portal 當您在 Azure 入口網站中建立 VM 時,系統會自動為您建立網路介面 (您無法使用您個別建立的 NIC)。When you create a VM in the Azure portal, a network interface is automatically created for you (you cannot use a NIC you create separately). 入口網站會建立只有一個 NIC 的 VM。The portal creates a VM with only one NIC. 如果您想要建立具有多個 NIC 的 VM,您必須使用不同的方法來建立它。If you want to create a VM with more than one NIC, you must create it with a different method.
Azure PowerShellAzure PowerShell 使用 New-AzNetworkInterface (英文) 搭配 -PublicIpAddressId 參數,來提供您先前建立之公用 IP 位址的識別碼。Use New-AzNetworkInterface with the -PublicIpAddressId parameter to provide the identifier of the public IP address that you previously created.
Azure CLIAzure CLI 若要提供您先前建立之公用 IP 位址的識別碼,請使用 az network nic create 搭配 --public-ip-address 參數。To provide the identifier of the public IP address that you previously created, use az network nic create with the --public-ip-address parameter.
範本Template 使用虛擬網路中具有公用 IP 位址的網路介面做為使用範本部署網路介面的指南。Use Network Interface in a Virtual Network with Public IP Address as a guide for deploying a network interface using a template.

IP 位址IP addresses

您可以將下列 IP 位址類型指派給 Azure 中的 NIC:You can assign these types of IP addresses to a NIC in Azure:

  • 公用 IP 位址 - 用來進行輸入和輸出 (不需網路位址轉譯 (NAT)) 與網際網路及其他未連接到 VNet 之 Azure 資源的通訊。Public IP addresses - Used to communicate inbound and outbound (without network address translation (NAT)) with the Internet and other Azure resources not connected to a VNet. 將公用 IP 位址指派給 NIC 是選擇性作業。Assigning a public IP address to a NIC is optional. 公用 IP 位址有象徵性費用,而每個訂用帳戶都有可用的數目上限。Public IP addresses have a nominal charge, and there's a maximum number that can be used per subscription.
  • 私用 IP 位址 - 用於在 VNet、內部部署網路和網際網路 (需要 NAT) 內的通訊。Private IP addresses - Used for communication within a VNet, your on-premises network, and the Internet (with NAT). 您必須將至少一個私人 IP 位址指派給 VM。You must assign at least one private IP address to a VM. 若要了解 Azure 中的 NAT,請參閱了解 Azure 中的輸出連線To learn more about NAT in Azure, read Understanding outbound connections in Azure.

您可以將公用 IP 位址指派給 VM 或網際網路面向的負載平衡器。You can assign public IP addresses to VMs or internet-facing load balancers. 您可以將私人 IP 位址指派給 VM 和內部負載平衡器。You can assign private IP addresses to VMs and internal load balancers. 您可使用網路介面將 IP 位址指派給 VM。You assign IP addresses to a VM using a network interface.

有兩種方法可將 IP 位址配置給資源:動態或靜態。There are two methods in which an IP address is allocated to a resource - dynamic or static. 預設配置方法為動態,此方法不會在建立 IP 位址時進行配置。The default allocation method is dynamic, where an IP address is not allocated when it's created. 然而,IP 位址會在您建立 VM 或啟動已停止的 VM 時進行配置。Instead, the IP address is allocated when you create a VM or start a stopped VM. 此 IP 位址會在您停止或刪除 VM 時釋出。The IP address is released when you stop or delete the VM.

若要確保 VM 的 IP 位址維持不變,您可以明確地將配置方法設定為靜態。To ensure the IP address for the VM remains the same, you can set the allocation method explicitly to static. 在此情況下會立即指派 IP 位址。In this case, an IP address is assigned immediately. 只有在您刪除 VM 或將其配置方法變更為動態時,才會釋出 IP 位址。It is released only when you delete the VM or change its allocation method to dynamic.

下表列出可用於建立 IP 位址的方法。This table lists the methods that you can use to create an IP address.

方法Method 描述Description
Azure 入口網站Azure portal 依照預設,公用 IP 位址是動態的,而且與其相關聯的位址可能會在停止或刪除 VM 時變更。By default, public IP addresses are dynamic and the address associated to them may change when the VM is stopped or deleted. 若要保證 VM 一律使用相同的公用 IP 位址,請建立靜態公用 IP 位址。To guarantee that the VM always uses the same public IP address, create a static public IP address. 根據預設,入口網站會在建立 VM 時將動態私人 IP 位址指派給 NIC。By default, the portal assigns a dynamic private IP address to a NIC when creating a VM. 您可以在 VM 建立後,將此 IP 位址變更為靜態。You can change this IP address to static after the VM is created.
Azure PowerShellAzure PowerShell 您可以使用 New-AzPublicIpAddress (英文) 搭配 Dynamic 或 Static 的 -AllocationMethod 參數。You use New-AzPublicIpAddress with the -AllocationMethod parameter as Dynamic or Static.
Azure CLIAzure CLI 您可使用 az network public-ip create 搭配 [動態] 或 [靜態] 的 --allocation-method 參數。You use az network public-ip create with the --allocation-method parameter as Dynamic or Static.
範本Template 使用虛擬網路中具有公用 IP 位址的網路介面做為使用範本部署公用 IP 位址的指南。Use Network Interface in a Virtual Network with Public IP Address as a guide for deploying a public IP address using a template.

建立公用 IP 位址之後,您可以將它指派給 NIC 以建立其與 VM 的關聯。After you create a public IP address, you can associate it with a VM by assigning it to a NIC.

虛擬網路和子網路Virtual network and subnets

子網路是 VNet 中的 IP 位址範圍。A subnet is a range of IP addresses in the VNet. 您可以針對組織和安全性,將 VNet 分割成多個子網路。You can divide a VNet into multiple subnets for organization and security. VM 中的每個 NIC 都會連接到一個 VNet 中的一個子網路。Each NIC in a VM is connected to one subnet in one VNet. 連接到 VNet 內 (相同或不同) 子網路的 NIC 不需要進行額外設定,就可以彼此通訊。NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

當您設定 VNet 時,您可以指定拓撲,包括可用的位址空間和子網路。When you set up a VNet, you specify the topology, including the available address spaces and subnets. 如果 VNet 要連接至其他 Vnet 或內部部署網路,您必須選取不重疊的位址範圍。If the VNet is to be connected to other VNets or on-premises networks, you must select address ranges that don't overlap. IP 位址是私人位址而無法從網際網路存取,此情況只有針對不可路由傳送的 IP 位址才成立,例如 10.0.0.0/8、172.16.0.0/12 或 192.168.0.0/16。The IP addresses are private and can't be accessed from the Internet, which was true only for the non-routable IP addresses such as 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. 現在,Azure 會將任何位址範圍視為私人 VNet IP 位址空間的一部分,而該位址空間僅能在 VNet、互連式 VNet 中,以及從內部部署位置進行存取。Now, Azure treats any address range as part of the private VNet IP address space that is only reachable within the VNet, within interconnected VNets, and from your on-premises location.

如果您在由他人負責內部網路的組織中工作,您應該先洽詢該人員,再選取您的位址空間。If you work within an organization in which someone else is responsible for the internal networks, you should talk to that person before selecting your address space. 請確定沒有重疊,並且讓他們知道您想要使用的空間,他們才不會嘗試使用相同的 IP 位址範圍。Make sure there is no overlap and let them know the space you want to use so they don't try to use the same range of IP addresses.

根據預設,子網路之間沒有任何安全界限,所以每個子網路中的 VM 都可以彼此通訊。By default, there is no security boundary between subnets, so VMs in each of these subnets can talk to one another. 不過,您可以設定網路安全性群組 (NSG),以便控制往返子網路及往返 VM 的流量。However, you can set up Network Security Groups (NSGs), which allow you to control the traffic flow to and from subnets and to and from VMs.

下表列出可用於建立 VNet 和子網路的方法。This table lists the methods that you can use to create a VNet and subnets.

方法Method 描述Description
Azure 入口網站Azure portal 如果您讓 Azure 在您建立 VM 時建立 VNet,則名稱為包含 VNet 和 -vnet 的資源群組名稱組合。If you let Azure create a VNet when you create a VM, the name is a combination of the resource group name that contains the VNet and -vnet. 位址空間是 10.0.0.0/24,必要的子網路名稱是default,而子網路位址範圍是 10.0.0.0/24。The address space is 10.0.0.0/24, the required subnet name is default, and the subnet address range is 10.0.0.0/24.
Azure PowerShellAzure PowerShell 您可以使用 New-AzVirtualNetworkSubnetConfig (英文) 和 New-AzVirtualNetwork (英文) 來建立子網路和 VNet。You use New-AzVirtualNetworkSubnetConfig and New-AzVirtualNetwork to create a subnet and a VNet. 您也可以使用 Add-AzVirtualNetworkSubnetConfig (英文) 來將子網路新增至現有的 VNet。You can also use Add-AzVirtualNetworkSubnetConfig to add a subnet to an existing VNet.
Azure CLIAzure CLI 子網路和 VNet 會在同一時間建立。The subnet and the VNet are created at the same time. --subnet-name 參數提供給包含子網路名稱的 az network vnet createProvide a --subnet-name parameter to az network vnet create with the subnet name.
[範本]Template 建立 VNet 和子網路的最簡單方式就是下載現有的範本 (例如具有兩個子網路的虛擬網路),並針對您的需求加以修改。The easiest way to create a VNet and subnets is to download an existing template, such as Virtual Network with two subnets, and modify it for your needs.

網路安全性群組Network security groups

網路安全性群組 (NSG) 包含存取控制清單 (ACL) 規則的清單,可允許或拒絕子網路、NIC 或兩者的網路流量。A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets, NICs, or both. NSG 可與子網路或連接到子網路的個別 VM 相關聯。NSGs can be associated with either subnets or individual NICs connected to a subnet. 當 NSG 與子網路相關聯時,ACL 規則便會套用至該子網路中的所有 VM。When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. 此外,將 NSG 直接關聯至 NIC,即可限制個別 NIC 的流量。In addition, traffic to an individual NIC can be restricted by associating an NSG directly to a NIC.

NSG 包含兩組規則:輸入和輸出。NSGs contain two sets of rules: inbound and outbound. 規則的優先順序在每一個集合中必須是唯一的。The priority for a rule must be unique within each set. 每個規則都有通訊協定、來源和目的地連接埠範圍、位址前置詞、流量方向、優先順序和存取類型的屬性。Each rule has properties of protocol, source and destination port ranges, address prefixes, direction of traffic, priority, and access type.

所有 NSG 都包含一組預設規則。All NSGs contain a set of default rules. 預設規則無法刪除,但因為其會指派為最低優先權,因此可以由您所建立的規則覆寫預設規則。The default rules cannot be deleted, but because they are assigned the lowest priority, they can be overridden by the rules that you create.

當您將 NSG 與 NIC 建立關聯時,NSG 中的網路存取規則只會套用到該 NIC。When you associate an NSG to a NIC, the network access rules in the NSG are applied only to that NIC. 如果 NSG 已套用到多重 NIC VM 上的單一 NIC,則不會影響其他 NIC 的流量。If an NSG is applied to a single NIC on a multi-NIC VM, it does not affect traffic to the other NICs. 您可以將不同的 NSG 與 NIC (或 VM,根據部署模型而定) 和 NIC 或 VM 所繫結的子網路建立關聯。You can associate different NSGs to a NIC (or VM, depending on the deployment model) and the subnet that a NIC or VM is bound to. 優先順序是根據流量的方向來提供。Priority is given based on the direction of traffic.

請務必在規劃 VM 和 VNet 時規劃 NSG。Be sure to plan your NSGs when you plan your VMs and VNet.

下表列出可用於建立網路安全性群組的方法。This table lists the methods that you can use to create a network security group.

方法Method 描述Description
Azure 入口網站Azure portal 當您在 Azure 入口網站中建立 VM 時,NSG 會自動建立並與入口網站所建立的 NIC 產生關聯。When you create a VM in the Azure portal, an NSG is automatically created and associated to the NIC the portal creates. NSG 名稱是 VM 名稱與 -nsg 的組合。The name of the NSG is a combination of the name of the VM and -nsg. 此 NSG 包含一個輸入規則,其優先順序為 1000、服務設定為 RDP、通訊協定設定為 TCP、連接埠設定為 3389,而動作設定為 [允許]。This NSG contains one inbound rule with a priority of 1000, service set to RDP, the protocol set to TCP, port set to 3389, and action set to Allow. 如果想要允許 VM 的任何其他輸入流量,您必須將其他規則新增至 NSG。If you want to allow any other inbound traffic to the VM, you must add additional rules to the NSG.
Azure PowerShellAzure PowerShell 使用 New-AzNetworkSecurityRuleConfig (英文) 並提供必要的規則資訊。Use New-AzNetworkSecurityRuleConfig and provide the required rule information. 使用 New-AzNetworkSecurityGroup (英文) 來建立 NSG。Use New-AzNetworkSecurityGroup to create the NSG. 使用 Set-AzVirtualNetworkSubnetConfig (英文) 來設定子網路的 NSG。Use Set-AzVirtualNetworkSubnetConfig to configure the NSG for the subnet. 使用 Set-AzVirtualNetwork (英文) 來將 NSG 新增至 VNet。Use Set-AzVirtualNetwork to add the NSG to the VNet.
Azure CLIAzure CLI 使用 az network nsg create 初始建立 NSG。Use az network nsg create to initially create the NSG. 使用 az network nsg create 將規則新增至 NSG。Use az network nsg rule create to add rules to the NSG. 使用 az network vnet subnet update 將 NSG 新增至子網路。Use az network vnet subnet update to add the NSG to the subnet.
範本Template 使用建立網路安全性群組做為使用範本部署網路安全性群組的指南。Use Create a Network Security Group as a guide for deploying a network security group using a template.

負載平衡器Load balancers

Azure Load Balancer 可為您的應用程式提供高可用性和網路效能。Azure Load Balancer delivers high availability and network performance to your applications. 您可以將負載平衡器設定成平衡 VM 的傳入網際網路流量平衡 VNet 中 VM 之間的流量A load balancer can be configured to balance incoming Internet traffic to VMs or balance traffic between VMs in a VNet. 負載平衡器也可以平衡內部部署電腦與跨內部部署網路中 VM 之間的流量,或將外部流量轉送到特定的 VM。A load balancer can also balance traffic between on-premises computers and VMs in a cross-premises network, or forward external traffic to a specific VM.

負載平衡器會對應公用 IP 位址與負載平衡器上連接埠以及私人 IP 位址與 VM 連接埠之間的傳入和傳出流量。The load balancer maps incoming and outgoing traffic between the public IP address and port on the load balancer and the private IP address and port of the VM.

當您建立負載平衡器時,您也必須考慮下列組態元素︰When you create a load balancer, you must also consider these configuration elements:

  • 前端 IP 組態 – 負載平衡器可以包含一或多個前端 IP 位址。Front-end IP configuration – A load balancer can include one or more front-end IP addresses. 這些 IP 位址做為流量的輸入。These IP addresses serve as ingress for the traffic.
  • 後端位址集區 – 與 NIC 相關聯的 IP 位址,而負載會散發到該 NIC。Back-end address pool – IP addresses that are associated with the NIC to which load is distributed.
  • 連接埠轉送 - 定義輸入流量利用輸入 NAT 規則流經前端 IP 並散發到後端 IP 的方式。Port Forwarding - Defines how inbound traffic flows through the front-end IP and distributed to the back-end IP utilizing inbound NAT rules.
  • 負載平衡器規則 - 將指定的前端 IP 與連接埠組合對應到一組後端 IP 位址與連接埠組合。Load balancer rules - Maps a given front-end IP and port combination to a set of back-end IP addresses and port combination. 單一負載平衡器可以有多個負載平衡規則。A single load balancer can have multiple load balancing rules. 每個規則都是與 VM 相關聯的前端 IP 和連接埠以及後端 IP 和連接埠的組合。Each rule is a combination of a front-end IP and port and back-end IP and port associated with VMs.
  • 探查 - 監視 VM 的健康狀態。Probes - Monitors the health of VMs. 當探查無法回應時,負載平衡器會停止將新的連線傳送至狀況不良的 VM。When a probe fails to respond, the load balancer stops sending new connections to the unhealthy VM. 現有的連線不會受到影響,而新的連線會傳送到狀況良好的 VM。The existing connections are not affected, and new connections are sent to healthy VMs.
  • 輸出規則 - 輸出規則會設定輸出網路位址轉譯 (NAT),以便讓標準 Load Balancer 後端集區所識別的所有虛擬機器或執行個體轉譯至前端。Outbound rules - An outbound rule configures outbound Network Address Translation (NAT) for all virtual machines or instances identified by the backend pool of your Standard Load Balancer to be translated to the frontend.

下表列出可用於建立網際網路面向負載平衡器的方法。This table lists the methods that you can use to create an internet-facing load balancer.

方法Method 描述Description
Azure 入口網站Azure portal 您可以使用 Azure 入口網站針對網際網路至 VM 的流量進行負載平衡You can load balance internet traffic to VMs using the Azure portal.
Azure PowerShellAzure PowerShell 若要提供您先前建立之公用 IP 位址的識別碼,請使用 New-AzLoadBalancerFrontendIpConfig (英文) 搭配 -PublicIpAddress 參數。To provide the identifier of the public IP address that you previously created, use New-AzLoadBalancerFrontendIpConfig with the -PublicIpAddress parameter. 使用 New-AzLoadBalancerBackendAddressPoolConfig (英文) 來建立後端位址集區的設定。Use New-AzLoadBalancerBackendAddressPoolConfig to create the configuration of the back-end address pool. 使用 New-AzLoadBalancerInboundNatRuleConfig (英文) 來建立與您建立之前端 IP 設定相關聯的輸入 NAT 規則。Use New-AzLoadBalancerInboundNatRuleConfig to create inbound NAT rules associated with the front-end IP configuration that you created. 使用 New-AzLoadBalancerProbeConfig (英文) 來建立您所需的探查。Use New-AzLoadBalancerProbeConfig to create the probes that you need. 使用 New-AzLoadBalancerRuleConfig (英文) 來建立負載平衡器設定。Use New-AzLoadBalancerRuleConfig to create the load balancer configuration. 使用 New-AzLoadBalancer (英文) 來建立負載平衡器。Use New-AzLoadBalancer to create the load balancer.
Azure CLIAzure CLI 使用 az network lb create 建立初始的負載平衡器組態。Use az network lb create to create the initial load balancer configuration. 使用 az network lb frontend-ip create 新增您先前建立的公用 IP 位址。Use az network lb frontend-ip create to add the public IP address that you previously created. 使用 az network lb address-pool create 新增後端位址集區的組態。Use az network lb address-pool create to add the configuration of the back-end address pool. 使用 az network lb inbound-nat-rule create 新增 NAT 規則。Use az network lb inbound-nat-rule create to add NAT rules. 使用 az network lb rule create 新增負載平衡器規則。Use az network lb rule create to add the load balancer rules. 使用 az network lb probe create 新增探查。Use az network lb probe create to add the probes.
範本Template 負載平衡器中的 2 部 VM 並在 LB 上設定 NAT 規則做為使用範本部署負載平衡器的指南。Use 2 VMs in a Load Balancer and configure NAT rules on the LB as a guide for deploying a load balancer using a template.

下表列出可用於建立內部負載平衡器的方法。This table lists the methods that you can use to create an internal load balancer.

方法Method 描述Description
Azure 入口網站Azure portal 您可以在 Azure 入口網站中使用負載平衡器來平衡內部流量負載You can balance internal traffic load with a load balancer in the Azure portal.
Azure PowerShellAzure PowerShell 若要在網路子網路中提供私人 IP 位址,請使用 New-AzLoadBalancerFrontendIpConfig (英文) 搭配 -PrivateIpAddress 參數。To provide a private IP address in the network subnet, use New-AzLoadBalancerFrontendIpConfig with the -PrivateIpAddress parameter. 使用 New-AzLoadBalancerBackendAddressPoolConfig (英文) 來建立後端位址集區的設定。Use New-AzLoadBalancerBackendAddressPoolConfig to create the configuration of the back-end address pool. 使用 New-AzLoadBalancerInboundNatRuleConfig (英文) 來建立與您建立之前端 IP 設定相關聯的輸入 NAT 規則。Use New-AzLoadBalancerInboundNatRuleConfig to create inbound NAT rules associated with the front-end IP configuration that you created. 使用 New-AzLoadBalancerProbeConfig (英文) 來建立您所需的探查。Use New-AzLoadBalancerProbeConfig to create the probes that you need. 使用 New-AzLoadBalancerRuleConfig (英文) 來建立負載平衡器設定。Use New-AzLoadBalancerRuleConfig to create the load balancer configuration. 使用 New-AzLoadBalancer (英文) 來建立負載平衡器。Use New-AzLoadBalancer to create the load balancer.
Azure CLIAzure CLI 使用 az network lb create 命令建立初始的負載平衡器組態。Use the az network lb create command to create the initial load balancer configuration. 若要定義私人 IP 位址,請使用 az network lb frontend-ip create 搭配 --private-ip-address 參數。To define the private IP address, use az network lb frontend-ip create with the --private-ip-address parameter. 使用 az network lb address-pool create 新增後端位址集區的組態。Use az network lb address-pool create to add the configuration of the back-end address pool. 使用 az network lb inbound-nat-rule create 新增 NAT 規則。Use az network lb inbound-nat-rule create to add NAT rules. 使用 az network lb rule create 新增負載平衡器規則。Use az network lb rule create to add the load balancer rules. 使用 az network lb probe create 新增探查。Use az network lb probe create to add the probes.
範本Template 負載平衡器中的 2 部 VM 並在 LB 上設定 NAT 規則做為使用範本部署負載平衡器的指南。Use 2 VMs in a Load Balancer and configure NAT rules on the LB as a guide for deploying a load balancer using a template.

虛擬機器擴展集Virtual machine scale sets

如需負載平衡器和虛擬機器擴展集的詳細資訊,請參閱 Azure 虛擬機器擴展集的網路For more information on load balancer and virtual machine scale sets, see Networking for Azure virtual machine scale sets.

VMVMs

您可以在相同的 VNet 中建立 VM,而這些 VM 可以使用私人 IP 位址彼此連接。VMs can be created in the same VNet and they can connect to each other using private IP addresses. 即使它們位於不同的子網路中,仍可連接,而不需設定閘道或使用公用 IP 位址。They can connect even if they are in different subnets without the need to configure a gateway or use public IP addresses. 若要將 VM 放入 VNet 中,您可建立 VNet,然後在建立每個 VM 時,將它指派給 VNet 和子網路。To put VMs into a VNet, you create the VNet and then as you create each VM, you assign it to the VNet and subnet. VM 會在部署或啟動期間取得其網路設定。VMs acquire their network settings during deployment or startup.

VM 會在部署時被指派 IP 位址。VMs are assigned an IP address when they are deployed. 如果您將多部 VM 部署至 VNet 或子網路,它們會在啟動時被指派 IP 位址。If you deploy multiple VMs into a VNet or subnet, they are assigned IP addresses as they boot up. 您也可以將靜態 IP 位址配置給 VM。You can also allocate a static IP to a VM. 如果您要配置靜態 IP,您應該考慮使用特定的子網路,以避免不小心將靜態 IP 重複使用於另一部 VM。If you allocate a static IP, you should consider using a specific subnet to avoid accidentally reusing a static IP for another VM.

如果您建立 VM 而稍後想要將它移轉至 VNet,則不太容易進行組態變更。If you create a VM and later want to migrate it into a VNet, it is not a simple configuration change. 您必須將 VM 重新部署到 VNet 中。You must redeploy the VM into the VNet. 最簡單的重新部署方法就是刪除 VM (但不刪除連接到它的任何磁碟),然後使用原始磁碟在 VNet 中重新建立 VM。The easiest way to redeploy is to delete the VM, but not any disks attached to it, and then re-create the VM using the original disks in the VNet.

下表列出可用於在 VNet 中建立 VM 的方法。This table lists the methods that you can use to create a VM in a VNet.

方法Method 描述Description
Azure 入口網站Azure portal 使用先前所述的預設網路設定來建立具有單一 NIC 的 VM。Uses the default network settings that were previously mentioned to create a VM with a single NIC. 若要建立具有多個 NIC 的 VM,您必須使用不同的方法。To create a VM with multiple NICs, you must use a different method.
Azure PowerShellAzure PowerShell 包含使用 Add-AzVMNetworkInterface (英文) 來將先前建立的 NIC 新增至 VM 設定。Includes the use of Add-AzVMNetworkInterface to add the NIC that you previously created to the VM configuration.
Azure CLIAzure CLI 建立 VM 並加以連線至 Vnet、子網路以及建置作為個別步驟的 NIC。Create and connect a VM to a Vnet, subnet, and NIC that build as individual steps.
範本Template 使用非常簡單的 Windows VM 部署做為使用範本部署 VM 的指南。Use Very simple deployment of a Windows VM as a guide for deploying a VM using a template.

後續步驟Next steps

如需了解如何管理 VM 的 Azure 虛擬網路相關的 VM 特定步驟,請參閱 WindowsLinux 教學課程。For VM-specific steps on how to manage Azure virtual networks for VMs, see the Windows or Linux tutorials.

另外還有關於如何負載平衡 VM 及建立適用於 WindowsLinux 的高可用性應用程式教學課程。There are also tutorials on how to load balance VMs and create highly available applications for Windows or Linux.