快速入門:使用 Azure CLI 建立虛擬網路Quickstart: Create a virtual network using the Azure CLI

虛擬網路可讓 Azure 資源 (例如虛擬機器 (VM)) 彼此及與網際網路進行私密通訊。A virtual network enables Azure resources, like virtual machines (VMs), to communicate privately with each other, and with the internet. 在此快速入門中,您將了解如何建立虛擬網路。In this quickstart, you learn how to create a virtual network. 建立虛擬網路之後,您需將兩個 VM 部署至虛擬網路中。After creating a virtual network, you deploy two VMs into the virtual network. 接著,您需從網際網路連線至其中一個 VM,然後透過新的虛擬網路進行私密通訊。You then connect to the VMs from the internet, and communicate privately over the new virtual network.

先決條件Prerequisites

如果您沒有 Azure 訂用帳戶,請立即建立免費帳戶If you don't have an Azure subscription, create a free account now.

使用 Azure Cloud ShellUse Azure Cloud Shell

Azure Cloud Shell 是裝載於 Azure 中的互動式殼層環境,可在瀏覽器中使用。Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. 您可以使用 Bash 或 PowerShell 搭配 Cloud Shell,與 Azure 服務共同使用。You can use either Bash or PowerShell with Cloud Shell to work with Azure services. Azure Cloud Shell 已預先安裝一些命令,可讓您執行本文提到的程式碼,而不必在本機環境上安裝任何工具。You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

要啟動 Azure Cloud Shell:To start Azure Cloud Shell:

選項Option 範例/連結Example/Link
選取程式碼區塊右上角的 [試試看]。Select Try It in the upper-right corner of a code block. 選取 [試用] 並不會自動將程式碼複製到 Cloud Shell 中。Selecting Try It doesn't automatically copy the code to Cloud Shell. Azure Cloud Shell 的試試看範例
請前往 https://shell.azure.com 或選取 [啟動 Cloud Shell] 按鈕,在瀏覽器中開啟 Cloud Shell。Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. 在新視窗中啟動 Cloud ShellLaunch Cloud Shell in a new window
選取 Azure 入口網站右上方功能表列上的 [Cloud Shell] 按鈕。Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Azure 入口網站中的 [Cloud Shell] 按鈕

若要在 Azure Cloud Shell 中執行本文中的程式碼:To run the code in this article in Azure Cloud Shell:

  1. 啟動 Cloud Shell。Start Cloud Shell.

  2. 選取程式碼區塊上的 [複製] 按鈕,複製程式碼。Select the Copy button on a code block to copy the code.

  3. 在 Windows 和 Linux 上選取 Ctrl+Shift+V;或在 macOS 上選取 Cmd+Shift+V,將程式碼貼到 Cloud Shell 工作階段中。Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. 選取 Enter 鍵執行程式碼。Select Enter to run the code.

如果您決定改為在本機安裝和使用 CLI,本快速入門會要求您使用 Azure CLI 2.0.28 版或更新版本。If you decide to install and use Azure CLI locally instead, this quickstart requires you to use Azure CLI version 2.0.28 or later. 若要尋找您安裝的版本,請執行 az --versionTo find your installed version, run az --version. 如需安裝或升級的資訊,請參閱安裝 Azure CLISee Install Azure CLI for install or upgrade info.

建立資源群組和虛擬網路Create a resource group and a virtual network

建立虛擬網路之前,您必須先建立資源群組來裝載虛擬網路。Before you can create a virtual network, you have to create a resource group to host the virtual network. 使用 az group create 來建立資源群組。Create a resource group with az group create. 此範例會在 eastus 位置中建立名為 myResourceGroup 的資源群組:This example creates a resource group named myResourceGroup in the eastus location:

az group create --name myResourceGroup --location eastus

使用 az network vnet create 建立虛擬網路。Create a virtual network with az network vnet create. 此範例會建立一個名為 myVirtualNetwork 的預設虛擬網路,其中含有一個名為 default 的子網路:This example creates a default virtual network named myVirtualNetwork with one subnet named default:

az network vnet create \
  --name myVirtualNetwork \
  --resource-group myResourceGroup \
  --subnet-name default

建立虛擬機器Create virtual machines

在虛擬網路內建立兩個 VM。Create two VMs in the virtual network.

建立第一個 VMCreate the first VM

使用 az vm create 建立 VM。Create a VM with az vm create. 如果預設金鑰位置中還沒有 SSH 金鑰,此命令將會建立這些金鑰。If SSH keys don't already exist in a default key location, the command creates them. 若要使用一組特定金鑰,請使用 --ssh-key-value 選項。To use a specific set of keys, use the --ssh-key-value option. --no-wait 選項會在背景建立 VM,以便您繼續進行下一步。The --no-wait option creates the VM in the background, so that you can continue to the next step. 此範例會建立一個名為 myVm1 的 VM:This example creates a VM named myVm1:

az vm create \
  --resource-group myResourceGroup \
  --name myVm1 \
  --image UbuntuLTS \
  --generate-ssh-keys \
  --no-wait

建立第二個 VMCreate the second VM

因為您在上一個步驟中使用 --no-wait 選項,您可以繼續並建立名為 myVm2 的第二個 VM。Since you used the --no-wait option in the previous step, you can go ahead and create the second VM named myVm2.

az vm create \
  --resource-group myResourceGroup \
  --name myVm2 \
  --image UbuntuLTS \
  --generate-ssh-keys

Azure CLI 輸出訊息Azure CLI output message

可能需要數分鐘才會建立虛擬機器。The VMs take a few minutes to create. 在 Azure 建立 VM 之後,Azure CLI 會傳回如下列的輸出:After Azure creates the VMs, the Azure CLI returns output like this:

{
  "fqdns": "",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVm2",
  "location": "eastus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.5",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "myResourceGroup"
  "zones": ""
}

請記下 publicIpAddressTake note of the publicIpAddress. 在下一個步驟中,您將使用此位址來從網際網路連線至 VM。You will use this address to connect to the VM from the internet in the next step.

從網際網路連線至 VMConnect to a VM from the internet

在此命令中,將 <publicIpAddress> 取代為 myVm2 VM 的公用 IP 位址:In this command, replace <publicIpAddress> with the public IP address of your myVm2 VM:

ssh <publicIpAddress>

虛擬機器之間的通訊Communicate between VMs

若要確認 myVm2myVm1 VM 之間的私密通訊,請輸入此命令:To confirm private communication between the myVm2 and myVm1 VMs, enter this command:

ping myVm1 -c 4

您將會從 10.0.0.4 收到四個回覆。You'll receive four replies from 10.0.0.4.

結束與 myVm2 VM 的 SSH 工作階段。Exit the SSH session with the myVm2 VM.

清除資源Clean up resources

您可以使用 az group delete 來移除不再需要的資源群組,以及其所具有的所有資源:When no longer needed, you can use az group delete to remove the resource group and all the resources it has:

az group delete --name myResourceGroup --yes

後續步驟Next steps

在此快速入門中,您建立了一個預設的虛擬網路和兩個 VM。In this quickstart, you created a default virtual network and two VMs. 您從網際網路連線至其中一個 VM,然後在兩個 VM 之間進行私密通訊。You connected to one VM from the internet and communicated privately between the two VMs. Azure 可讓 VM 之間進行無限制的私密通訊。Azure lets unrestricted private communication between VMs. 根據預設,Azure 只會讓 Windows VM 的輸入遠端桌面連線從網際網路連線。By default, Azure only lets inbound remote desktop connections to Windows VMs from the internet. 請前往下一篇文章以深入了解如何設定不同類型的 VM 網路通訊:Advance to the next article to learn more about configuring different types of VM network communications: