快速入門:使用 PowerShell 建立虛擬網路Quickstart: Create a virtual network using PowerShell

虛擬網路可讓 Azure 資源 (例如虛擬機器 (VM)) 彼此及與網際網路進行私密通訊。A virtual network lets Azure resources, like virtual machines (VMs), communicate privately with each other, and with the internet. 在此快速入門中,您將了解如何建立虛擬網路。In this quickstart, you learn how to create a virtual network. 建立虛擬網路之後,您需將兩個 VM 部署至虛擬網路中。After creating a virtual network, you deploy two VMs into the virtual network. 接著,您需從網際網路連線至其中一個 VM,然後透過虛擬網路進行私密通訊。You then connect to the VMs from the internet, and communicate privately over the virtual network.

如果您沒有 Azure 訂用帳戶,請立即建立免費帳戶If you don't have an Azure subscription, create a free account now.

使用 Azure Cloud ShellUse Azure Cloud Shell

Azure Cloud Shell 是裝載於 Azure 中的互動式殼層環境,可在瀏覽器中使用。Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. Cloud Shell 可讓您使用 bashPowerShell 以與 Azure 服務搭配使用。Cloud Shell lets you use either bash or PowerShell to work with Azure services. Azure Cloud Shell 已預先安裝一些命令,可讓您執行本文提到的程式碼,而不必在本機環境上安裝任何工具。You can use the Cloud Shell pre-installed commands to run the code in this article without having to install anything on your local environment.

若要啟動 Azure Cloud Shell:To launch Azure Cloud Shell:

選項Option 範例/連結Example/Link
選取程式碼區塊右上角的 [試試看] 。Select Try It in the upper-right corner of a code block. 選取 [試用] 並不會自動將程式碼複製到 Cloud Shell 中。Selecting Try It doesn't automatically copy the code to Cloud Shell. Azure Cloud Shell 的試試看範例
請前往 https://shell.azure.com 或選取 [啟動 Cloud Shell] 按鈕,在瀏覽器中開啟 Cloud Shell。Go to https://shell.azure.com or select the Launch Cloud Shell button to open Cloud Shell in your browser. 在新視窗中啟動 Cloud ShellLaunch Cloud Shell in a new window
選取 Azure 入口網站右上角功能表列中的 [Cloud Shell] 按鈕。Select the Cloud Shell button on the top-right menu bar in the Azure portal. Azure 入口網站中的 [Cloud Shell] 按鈕

若要在 Azure Cloud Shell 中執行本文中的程式碼:To run the code in this article in Azure Cloud Shell:

  1. 開啟 Cloud Shell。Open Cloud Shell.
  2. 選取程式碼區塊上的 [複製] 按鈕,複製程式碼。Select the Copy button on a code block to copy the code.
  3. 在 Windows 和 Linux 上按 Ctrl+Shift+V;或在 macOS 上按 Cmd+Shift+V,將程式碼貼到 Cloud Shell工作階段中。Paste the code into the Cloud Shell session with Ctrl+Shift+V on Windows and Linux, or Cmd+Shift+V on macOS.
  4. 按下 Enter 鍵執行程式碼。Press Enter to run the code.

如果您決定在本機安裝和使用 PowerShell,則在進行此快速入門時,您必須使用 Azure PowerShell 模組 1.0.0 版或更新版本。If you decide to install and use PowerShell locally instead, this quickstart requires you to use Azure PowerShell module version 1.0.0 or later. 若要尋找已安裝的版本,請執行 Get-Module -ListAvailable AzTo find the installed version, run Get-Module -ListAvailable Az. 如需安裝和升級的資訊,請參閱安裝 Azure PowerShell 模組See Install Azure PowerShell module for install and upgrade info.

最後,如果您在本機執行 PowerShell,也需要執行 Connect-AzAccountFinally, if you're running PowerShell locally, you'll also need to run Connect-AzAccount. 該命令會建立與 Azure 的連線。That command creates a connection with Azure.

建立資源群組和虛擬網路Create a resource group and a virtual network

若要設定資源群組和虛擬網路,您必須逐步執行幾個實用的步驟。There are a handful of steps you have to walk through to get your resource group and virtual network configured.

建立資源群組Create the resource group

建立虛擬網路之前,您必須先建立資源群組來裝載虛擬網路。Before you can create a virtual network, you have to create a resource group to host the virtual network. 使用 New-AzResourceGroup 來建立資源群組。Create a resource group with New-AzResourceGroup. 此範例會在 eastus 位置中建立名為 myResourceGroup 的資源群組:This example creates a resource group named myResourceGroup in the eastus location:

New-AzResourceGroup -Name myResourceGroup -Location EastUS

建立虛擬網路Create the virtual network

使用 New-AzVirtualNetwork 建立虛擬網路。Create a virtual network with New-AzVirtualNetwork. 此範例會在 EastUS 位置建立名為 myVirtualNetwork 的預設虛擬網路:This example creates a default virtual network named myVirtualNetwork in the EastUS location:

$virtualNetwork = New-AzVirtualNetwork `
  -ResourceGroupName myResourceGroup `
  -Location EastUS `
  -Name myVirtualNetwork `
  -AddressPrefix 10.0.0.0/16

新增子網路Add a subnet

Azure 會將資源部署至虛擬網路內的子網路,因此您必須建立子網路。Azure deploys resources to a subnet within a virtual network, so you need to create a subnet. 使用 Add-AzVirtualNetworkSubnetConfig 建立名為 default 的子網路設定:Create a subnet configuration named default with Add-AzVirtualNetworkSubnetConfig:

$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name default `
  -AddressPrefix 10.0.0.0/24 `
  -VirtualNetwork $virtualNetwork

將子網路與虛擬網路建立關聯Associate the subnet to the virtual network

您可以使用 Set-AzVirtualNetwork,將子網路設定寫入至虛擬網路。You can write the subnet configuration to the virtual network with Set-AzVirtualNetwork. 此命令會建立子網路:This command creates the subnet:

$virtualNetwork | Set-AzVirtualNetwork

建立虛擬機器Create virtual machines

在虛擬網路內建立兩個 VM。Create two VMs in the virtual network.

建立第一個 VMCreate the first VM

使用 New-AzVM 建立第一個 VM。Create the first VM with New-AzVM. 當您執行下一個命令時,系統會提示您輸入認證。When you run the next command, you're prompted for credentials. 輸入 VM 的使用者名稱和密碼:Enter a user name and password for the VM:

New-AzVm `
    -ResourceGroupName "myResourceGroup" `
    -Location "East US" `
    -VirtualNetworkName "myVirtualNetwork" `
    -SubnetName "default" `
    -Name "myVm1" `
    -AsJob

-AsJob 選項會在背景中建立 VM。The -AsJob option creates the VM in the background. 您可以繼續進行下一個步驟。You can continue to the next step.

當 Azure 開始在背景中建立 VM 時,您會收到類似下列內容:When Azure starts creating the VM in the background, you'll get something like this back:

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
--     ----            -------------   -----         -----------     --------             -------
1      Long Running... AzureLongRun... Running       True            localhost            New-AzVM

建立第二個 VMCreate the second VM

使用此命令建立第二個 VM:Create the second VM with this command:

New-AzVm `
  -ResourceGroupName "myResourceGroup" `
  -VirtualNetworkName "myVirtualNetwork" `
  -SubnetName "default" `
  -Name "myVm2"

您必須建立另一個使用者和密碼。You'll have to create another user and password. Azure 需要幾分鐘的時間來建立 VM。Azure takes a few minutes to create the VM.

重要

在 Azure 完成前,請勿繼續進行下一個步驟。Don't continue with the next step until Azure's finished. 當它傳回輸出至 PowerShell 時,您將會知道已經完成。You'll know it's done when it returns output to PowerShell.

從網際網路連線至 VMConnect to a VM from the internet

請使用 Get-AzPublicIpAddress 來傳回 VM 的公用 IP 位址。Use Get-AzPublicIpAddress to return the public IP address of a VM. 此範例會傳回 myVm1 VM 的公用 IP 位址:This example returns the public IP address of the myVm1 VM:

Get-AzPublicIpAddress `
  -Name myVm1 `
  -ResourceGroupName myResourceGroup `
  | Select IpAddress

在您的本機電腦上開啟命令提示字元。Open a command prompt on your local computer. 執行 mstsc 命令。Run the mstsc command. <publicIpAddress> 取代為先前步驟傳回的公用 IP 位址:Replace <publicIpAddress> with the public IP address returned from the last step:

注意

如果您已在本機電腦上的 PowerShell 提示字元中執行這些命令,且您所使用的 Az PowerShell 模組為 1.0 版或更新版本,您可以在該介面中繼續進行。If you've been running these commands from a PowerShell prompt on your local computer, and you're using the Az PowerShell module version 1.0 or later, you can continue in that interface.

mstsc /v:<publicIpAddress>
  1. 如果出現提示,請選取 [連接] 。If prompted, select Connect.

  2. 輸入您在建立 VM 時指定的使用者名稱和密碼。Enter the user name and password you specified when creating the VM.

    注意

    您可能需要選取 [其他選擇] > [使用不同的帳戶] ,以指定您在建立 VM 時輸入的認證。You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.

  3. 選取 [確定] 。Select OK.

  4. 您可能會收到憑證警告。You may receive a certificate warning. 如果如此,請選取 [是] 或 [繼續] 。If you do, select Yes or Continue.

虛擬機器之間的通訊Communicate between VMs

  1. myVm1 的遠端桌面中,開啟 PowerShell。In the Remote Desktop of myVm1, open PowerShell.

  2. 輸入 ping myVm2Enter ping myVm2.

    您會得到類似此內容:You'll get something like this back:

    PS C:\Users\myVm1> ping myVm2
    
    Pinging myVm2.ovvzzdcazhbu5iczfvonhg2zrb.bx.internal.cloudapp.net
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    
    Ping statistics for 10.0.0.5:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    

    Ping 失敗,因為它使用網際網路控制訊息通訊協定 (ICMP)。The ping fails, because it uses the Internet Control Message Protocol (ICMP). 根據預設,ICMP 不允許通過 Windows 防火牆。By default, ICMP isn't allowed through your Windows firewall.

  3. 為了讓 myVm2 在稍後的步驟中可以 Ping myVm1,輸入此命令:To allow myVm2 to ping myVm1 in a later step, enter this command:

    New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4
    

    該命令可讓 ICMP 輸入通過 Windows 防火牆。That command lets ICMP inbound through the Windows firewall.

  4. 關閉對 myVm1 的遠端桌面連線。Close the remote desktop connection to myVm1.

  5. 重複從網際網路連線至 VM 中的步驟。Repeat the steps in Connect to a VM from the internet. 這一次,連線到 myVm2This time, connect to myVm2.

  6. myVm2 VM 上的命令提示字元中,輸入 ping myvm1From a command prompt on the myVm2 VM, enter ping myvm1.

    您會得到類似此內容:You'll get something like this back:

    C:\windows\system32>ping myVm1
    
    Pinging myVm1.e5p2dibbrqtejhq04lqrusvd4g.bx.internal.cloudapp.net [10.0.0.4] with 32 bytes of data:
    Reply from 10.0.0.4: bytes=32 time=2ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    Reply from 10.0.0.4: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.0.0.4:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 2ms, Average = 0ms
    

    您會從 myVm1 收到回覆,因為您在先前的步驟中允許 ICMP 通過 myVm1 VM 上的 Windows 防火牆。You receive replies from myVm1, because you allowed ICMP through the Windows firewall on the myVm1 VM in a previous step.

  7. 關閉對 myVm2 的遠端桌面連線。Close the remote desktop connection to myVm2.

清除資源Clean up resources

當您完成使用虛擬網路和 VM 時,使用 Remove-AzResourceGroup 來移除資源群組以及其具有的所有資源:When you're done with the virtual network and the VMs, use Remove-AzResourceGroup to remove the resource group and all the resources it has:

Remove-AzResourceGroup -Name myResourceGroup -Force

後續步驟Next steps

在此快速入門中,您建立了一個預設的虛擬網路和兩個 VM。In this quickstart, you created a default virtual network and two VMs. 您從網際網路連線至其中一個 VM,然後在該 VM 與另一個 VM 進行私密通訊。You connected to one VM from the internet and communicated privately between the VM and another VM. 若要深入了解虛擬網路設定,請參閱管理虛擬網路To learn more about virtual network settings, see Manage a virtual network.

Azure 允許虛擬機器之間進行無限制的私密通訊。Azure allows unrestricted private communication between virtual machines. 根據預設,Azure 只允許從網際網路連線到 Windows VM 的輸入遠端桌面連線。By default, Azure only allows inbound remote desktop connections to Windows VMs from the internet. 若要深入了解設定不同類型的 VM 網路通訊,請移至篩選網路流量教學課程。To learn more about configuring different types of VM network communications, go to the Filter network traffic tutorial.