共用方式為


快速入門:使用 ARM 範本建立私人端點

本快速入門中會使用 Azure Resource Manager 範本 (ARM 範本) 來建立私人端點。

Azure Resource Manager 範本是一個 JavaScript 物件標記法 (JSON) 檔案,會定義專案的基礎結構和設定。 範本使用宣告式語法。 您可以描述預期的部署,而不需要撰寫程式設計命令順序來建立部署。

也可以使用 Azure 入口網站Azure PowerShellAzure CLI 來建立私人端點。

如果您的環境符合必要條件,而且您很熟悉 ARM 範本,請在這裡選取 [部署至 Azure] 按鈕。 ARM 範本會在 Azure 入口網站中開啟。

將 Resource Manager 範本部署至 Azure 的按鈕。

在私人端點快速入門中建立的資源圖表。

必要條件

您需要具有有效訂用帳戶的 Azure 帳戶。 如果您尚未擁有 Azure 帳戶,請建立免費帳戶

檢閱範本

此範本會建立 Azure SQL Database 執行個體的私人端點。

本快速入門中使用的範本是來自 Azure 快速入門範本

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.5.6.12127",
      "templateHash": "14846974543330599630"
    }
  },
  "parameters": {
    "sqlAdministratorLogin": {
      "type": "string",
      "metadata": {
        "description": "The administrator username of the SQL logical server"
      }
    },
    "sqlAdministratorLoginPassword": {
      "type": "secureString",
      "metadata": {
        "description": "The administrator password of the SQL logical server."
      }
    },
    "vmAdminUsername": {
      "type": "string",
      "metadata": {
        "description": "Username for the Virtual Machine."
      }
    },
    "vmAdminPassword": {
      "type": "secureString",
      "metadata": {
        "description": "Password for the Virtual Machine. The password must be at least 12 characters long and have lower case, upper characters, digit and a special character (Regex match)"
      }
    },
    "VmSize": {
      "type": "string",
      "defaultValue": "Standard_D2_v3",
      "metadata": {
        "description": "The size of the VM"
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for all resources."
      }
    }
  },
  "variables": {
    "vnetName": "myVirtualNetwork",
    "vnetAddressPrefix": "10.0.0.0/16",
    "subnet1Prefix": "10.0.0.0/24",
    "subnet1Name": "mySubnet",
    "sqlServerName": "[format('sqlserver{0}', uniqueString(resourceGroup().id))]",
    "databaseName": "[format('{0}/sample-db', variables('sqlServerName'))]",
    "privateEndpointName": "myPrivateEndpoint",
    "privateDnsZoneName": "[format('privatelink{0}', environment().suffixes.sqlServerHostname)]",
    "pvtEndpointDnsGroupName": "[format('{0}/mydnsgroupname', variables('privateEndpointName'))]",
    "vmName": "[take(format('myVm{0}', uniqueString(resourceGroup().id)), 15)]",
    "publicIpAddressName": "[format('{0}PublicIP', variables('vmName'))]",
    "networkInterfaceName": "[format('{0}NetInt', variables('vmName'))]",
    "osDiskType": "StandardSSD_LRS"
  },
  "resources": [
    {
      "type": "Microsoft.Sql/servers",
      "apiVersion": "2021-11-01-preview",
      "name": "[variables('sqlServerName')]",
      "location": "[parameters('location')]",
      "tags": {
        "displayName": "[variables('sqlServerName')]"
      },
      "properties": {
        "administratorLogin": "[parameters('sqlAdministratorLogin')]",
        "administratorLoginPassword": "[parameters('sqlAdministratorLoginPassword')]",
        "version": "12.0",
        "publicNetworkAccess": "Disabled"
      }
    },
    {
      "type": "Microsoft.Sql/servers/databases",
      "apiVersion": "2021-11-01-preview",
      "name": "[variables('databaseName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Basic",
        "tier": "Basic",
        "capacity": 5
      },
      "tags": {
        "displayName": "[variables('databaseName')]"
      },
      "properties": {
        "collation": "SQL_Latin1_General_CP1_CI_AS",
        "maxSizeBytes": 104857600,
        "sampleName": "AdventureWorksLT"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2021-05-01",
      "name": "[variables('vnetName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[variables('vnetAddressPrefix')]"
          ]
        }
      }
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-05-01",
      "name": "[format('{0}/{1}', variables('vnetName'), variables('subnet1Name'))]",
      "properties": {
        "addressPrefix": "[variables('subnet1Prefix')]",
        "privateEndpointNetworkPolicies": "Disabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/privateEndpoints",
      "apiVersion": "2021-05-01",
      "name": "[variables('privateEndpointName')]",
      "location": "[parameters('location')]",
      "properties": {
        "subnet": {
          "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), variables('subnet1Name'))]"
        },
        "privateLinkServiceConnections": [
          {
            "name": "[variables('privateEndpointName')]",
            "properties": {
              "privateLinkServiceId": "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]",
              "groupIds": [
                "sqlServer"
              ]
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Sql/servers', variables('sqlServerName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), variables('subnet1Name'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/privateDnsZones",
      "apiVersion": "2020-06-01",
      "name": "[variables('privateDnsZoneName')]",
      "location": "global",
      "properties": {},
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
      "apiVersion": "2020-06-01",
      "name": "[format('{0}/{1}', variables('privateDnsZoneName'), format('{0}-link', variables('privateDnsZoneName')))]",
      "location": "global",
      "properties": {
        "registrationEnabled": false,
        "virtualNetwork": {
          "id": "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZoneName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
      "apiVersion": "2021-05-01",
      "name": "[variables('pvtEndpointDnsGroupName')]",
      "properties": {
        "privateDnsZoneConfigs": [
          {
            "name": "config1",
            "properties": {
              "privateDnsZoneId": "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZoneName'))]"
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZoneName'))]",
        "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[variables('publicIpAddressName')]",
      "location": "[parameters('location')]",
      "tags": {
        "displayName": "[variables('publicIpAddressName')]"
      },
      "properties": {
        "publicIPAllocationMethod": "Dynamic"
      }
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2021-05-01",
      "name": "[variables('networkInterfaceName')]",
      "location": "[parameters('location')]",
      "tags": {
        "displayName": "[variables('networkInterfaceName')]"
      },
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipConfig1",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIpAddressName'))]"
              },
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), variables('subnet1Name'))]"
              }
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIpAddressName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnetName'), variables('subnet1Name'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[variables('vmName')]",
      "location": "[parameters('location')]",
      "tags": {
        "displayName": "[variables('vmName')]"
      },
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('VmSize')]"
        },
        "osProfile": {
          "computerName": "[variables('vmName')]",
          "adminUsername": "[parameters('vmAdminUsername')]",
          "adminPassword": "[parameters('vmAdminPassword')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "MicrosoftWindowsServer",
            "offer": "WindowsServer",
            "sku": "2019-Datacenter",
            "version": "latest"
          },
          "osDisk": {
            "name": "[format('{0}OsDisk', variables('vmName'))]",
            "caching": "ReadWrite",
            "createOption": "FromImage",
            "managedDisk": {
              "storageAccountType": "[variables('osDiskType')]"
            },
            "diskSizeGB": 128
          }
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]"
      ]
    }
  ]
}

範本會定義多個 Azure 資源:

部署範本

執行下列動作,將 ARM 範本部署至 Azure:

  1. 選取這裡的 [部署至 Azure] 按鈕,即可登入 Azure 並開啟 ARM 範本。 此範本會建立私人端點、SQL Database 的執行個體、網路基礎結構,以及要驗證的虛擬機器。

    將 Resource Manager 範本部署至 Azure 的按鈕。

  2. 選取您的資源群組,或建立新的資源群組。

  3. 輸入 SQL 管理員的登入名稱和密碼。

  4. 輸入虛擬機器管理員的使用者名稱和密碼。

  5. 閱讀條款及條件聲明。 如果您同意,請選取 [我同意上方所述的條款及條件],然後選取 [購買]。 部署可能需要 20 分鐘或更久的時間才能完成。

驗證部署

注意

ARM 範本會為虛擬機器 myVm{uniqueid} 資源以及為 SQL Database sqlserver{uniqueid} 資源產生唯一的名稱。 請以您產生的值替代 {uniqueid}

從網際網路連線至 VM

執行下列動作,從網際網路連線至 VM myVm{uniqueid}

  1. 在入口網站的搜尋列中,輸入 myVm{uniqueid}

  2. 選取 Connect。 [連線至虛擬機器] 隨即開啟。

  3. 選取 [下載 RDP 檔案]。 Azure 會建立一個「遠端桌面通訊協定」(RDP) 檔案,並下載至您的電腦。

  4. 開啟所下載的 RDP 檔案。

    a. 如果出現提示,請選取 [連線]
    b. 輸入您在建立 VM 時所指定的使用者名稱和密碼。

    注意

    可能需要選取 [更多選擇]>[使用不同的帳戶],以指定您在建立 VM 時輸入的認證。

  5. 選取 [確定]。

    您可能會在登入過程中收到憑證警告。 如果如此,請選取 [是] 或 [繼續]

  6. 在 VM 桌面出現之後,將其最小化以回到您的本機桌面。

從 VM 私下存取 SQL Database 伺服器

若要使用私人端點從 VM 連線到 SQL Database 伺服器,請執行下列動作:

  1. 在 myVM{uniqueid} 的遠端桌面中,開啟 PowerShell。

  2. 執行以下命令:

    nslookup sqlserver{uniqueid}.database.windows.net

    您會收到類似如下的訊息:

      Server:  UnKnown
      Address:  168.63.129.16
      Non-authoritative answer:
      Name:    sqlserver.privatelink.database.windows.net
      Address:  10.0.0.5
      Aliases:  sqlserver.database.windows.net
    
  3. 安裝 SQL Server Management Studio。

  4. 在 [連線至伺服器] 窗格中,執行下列動作:

    • 對於 [伺服器類型],選取 [資料庫引擎]
    • 對於 [伺服器名稱],選取 [sqlserver{uniqueid}.database.windows.net]
    • 對於 [使用者名稱],輸入稍早提供的使用者名稱。
    • 對於 [密碼],輸入稍早提供的密碼。
    • 對於 [記住密碼],選取 [是]
  5. 選取 Connect

  6. 在左窗格中,選取 [資料庫]。 (選擇性) 您可以從 sample-db 建立或查詢資訊。

  7. 關閉對 myVm{uniqueid} 的遠端桌面連線。

清除資源

當您不再需要先前為私人端點建立的資源時,請刪除資源群組。 如此會移除私人端點和所有相關資源。

若要刪除資源群組,請執行 Remove-AzResourceGroup Cmdlet:

Remove-AzResourceGroup -Name <your resource group name>

下一步

如需支援私人端點的服務詳細資訊,請參閱: