共用方式為


快速入門:使用 ARM 範本來建立公用負載平衡器以平衡 VM 的負載

本快速入門示範如何部署標準負載平衡器來平衡虛擬機器的負載。 負載平衡器會將流量分散到後端集區中的多部虛擬機。 此範本也會建立虛擬網路、網路介面、NAT 閘道和 Azure Bastion 實例。

針對標準公用負載平衡器所部署的資源圖表。

相較於其他部署方法,使用 ARM 範本所需的步驟比較少。

Azure Resource Manager 範本是一個 JavaScript 物件標記法 (JSON) 檔案,會定義專案的基礎結構和設定。 範本使用宣告式語法。 您可以描述預期的部署,而不需要撰寫程式設計命令順序來建立部署。

如果您的環境符合必要條件,而且您很熟悉 ARM 範本,請選取 [部署至 Azure] 按鈕。 範本會在 Azure 入口網站中開啟。

將 Resource Manager 範本部署至 Azure 的按鈕。

必要條件

如果您沒有 Azure 訂用帳戶,請在開始前建立免費帳戶

檢閱範本

本快速入門中使用的範本是來自 Azure 快速入門範本

負載平衡器和公用 IP SKU 必須相符。 當您建立標準負載平衡器時,您也必須建立新的標準公用 IP 位址,而該 IP 位址會設定為標準負載平衡器的前端。 如果您想要建立基本負載平衡器,請使用此範本。 Microsoft 建議對生產工作負載使用標準 SKU。

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.26.54.24096",
      "templateHash": "14680538243429534307"
    }
  },
  "parameters": {
    "projectName": {
      "type": "string",
      "metadata": {
        "description": "Specifies a project name that is used for generating resource names."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Specifies the location for all of the resources created by this template."
      }
    },
    "adminUsername": {
      "type": "string",
      "metadata": {
        "description": "Specifies the virtual machine administrator username."
      }
    },
    "adminPassword": {
      "type": "securestring",
      "metadata": {
        "description": "Specifies the virtual machine administrator password."
      }
    },
    "vmSize": {
      "type": "string",
      "defaultValue": "Standard_D2s_v3",
      "metadata": {
        "description": "Size of the virtual machine"
      }
    },
    "OSVersion": {
      "type": "string",
      "defaultValue": "2022-datacenter-azure-edition",
      "allowedValues": [
        "2016-datacenter-gensecond",
        "2016-datacenter-server-core-g2",
        "2016-datacenter-server-core-smalldisk-g2",
        "2016-datacenter-smalldisk-g2",
        "2016-datacenter-with-containers-g2",
        "2016-datacenter-zhcn-g2",
        "2019-datacenter-core-g2",
        "2019-datacenter-core-smalldisk-g2",
        "2019-datacenter-core-with-containers-g2",
        "2019-datacenter-core-with-containers-smalldisk-g2",
        "2019-datacenter-gensecond",
        "2019-datacenter-smalldisk-g2",
        "2019-datacenter-with-containers-g2",
        "2019-datacenter-with-containers-smalldisk-g2",
        "2019-datacenter-zhcn-g2",
        "2022-datacenter-azure-edition",
        "2022-datacenter-azure-edition-core",
        "2022-datacenter-azure-edition-core-smalldisk",
        "2022-datacenter-azure-edition-smalldisk",
        "2022-datacenter-core-g2",
        "2022-datacenter-core-smalldisk-g2",
        "2022-datacenter-g2",
        "2022-datacenter-smalldisk-g2"
      ],
      "metadata": {
        "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version."
      }
    },
    "imageSku": {
      "type": "string",
      "defaultValue": "vs-2019-ent-latest-win11-n-gen2",
      "allowedValues": [
        "vs-2019-ent-latest-win11-n-gen2",
        "vs-2019-pro-general-win11-m365-gen2",
        "vs-2019-comm-latest-win11-n-gen2",
        "vs-2019-ent-general-win10-m365-gen2",
        "vs-2019-ent-general-win11-m365-gen2",
        "vs-2019-pro-general-win10-m365-gen2"
      ],
      "metadata": {
        "description": "Linux Sku"
      }
    },
    "securityType": {
      "type": "string",
      "defaultValue": "TrustedLaunch",
      "allowedValues": [
        "Standard",
        "TrustedLaunch"
      ],
      "metadata": {
        "description": "Security Type of the Virtual Machine."
      }
    }
  },
  "variables": {
    "securityProfileJson": {
      "uefiSettings": {
        "secureBootEnabled": true,
        "vTpmEnabled": true
      },
      "securityType": "[parameters('securityType')]"
    },
    "lbName": "[format('{0}-lb', parameters('projectName'))]",
    "lbSkuName": "Standard",
    "lbPublicIpAddressName": "[format('{0}-lbPublicIP', parameters('projectName'))]",
    "lbFrontEndName": "LoadBalancerFrontEnd",
    "lbBackendPoolName": "LoadBalancerBackEndPool",
    "lbProbeName": "loadBalancerHealthProbe",
    "nsgName": "[format('{0}-nsg', parameters('projectName'))]",
    "vNetName": "[format('{0}-vnet', parameters('projectName'))]",
    "vNetAddressPrefix": "10.0.0.0/16",
    "vNetSubnetName": "BackendSubnet",
    "vNetSubnetAddressPrefix": "10.0.0.0/24",
    "bastionName": "[format('{0}-bastion', parameters('projectName'))]",
    "bastionSubnetName": "AzureBastionSubnet",
    "vNetBastionSubnetAddressPrefix": "10.0.1.0/24",
    "bastionPublicIPAddressName": "[format('{0}-bastionPublicIP', parameters('projectName'))]",
    "vmStorageAccountType": "Premium_LRS",
    "extensionName": "GuestAttestation",
    "extensionPublisher": "Microsoft.Azure.Security.WindowsAttestation",
    "extensionVersion": "1.0",
    "maaTenantName": "GuestAttestation",
    "maaEndpoint": "[substring('emptyString', 0, 0)]",
    "ascReportingEndpoint": "[substring('emptystring', 0, 0)]",
    "natGatewayName": "[format('{0}-natgateway', parameters('projectName'))]",
    "natGatewayPublicIPAddressName": "[format('{0}-natPublicIP', parameters('projectName'))]"
  },
  "resources": [
    {
      "copy": {
        "name": "project_vm_1_networkInterface",
        "count": "[length(range(0, 3))]"
      },
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}-vm{1}-networkInterface', parameters('projectName'), add(range(0, 3)[copyIndex()], 1))]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig1",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]"
              },
              "loadBalancerBackendAddressPools": [
                {
                  "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('lbBackendPoolName'))]"
                }
              ]
            }
          }
        ],
        "networkSecurityGroup": {
          "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/loadBalancers', variables('lbName'))]",
        "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]"
      ]
    },
    {
      "copy": {
        "name": "project_vm_1_InstallWebServer",
        "count": "[length(range(0, 3))]"
      },
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}-vm{1}/InstallWebServer', parameters('projectName'), add(range(0, 3)[copyIndex()], 1))]",
      "location": "[parameters('location')]",
      "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.10",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "commandToExecute": "powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item 'C:\\inetpub\\wwwroot\\iisstart.htm' && powershell.exe Add-Content -Path 'C:\\inetpub\\wwwroot\\iisstart.htm' -Value $('Hello World from ' + $env:computername)"
        }
      },
      "dependsOn": [
        "project_vm_1"
      ]
    },
    {
      "copy": {
        "name": "project_vm_1",
        "count": "[length(range(1, 3))]"
      },
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}-vm{1}', parameters('projectName'), range(1, 3)[copyIndex()])]",
      "location": "[parameters('location')]",
      "zones": [
        "[string(range(1, 3)[copyIndex()])]"
      ],
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmSize')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "MicrosoftWindowsServer",
            "offer": "WindowsServer",
            "sku": "[parameters('OSVersion')]",
            "version": "latest"
          },
          "osDisk": {
            "createOption": "FromImage",
            "managedDisk": {
              "storageAccountType": "[variables('vmStorageAccountType')]"
            }
          }
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-vm{1}-networkInterface', parameters('projectName'), range(1, 3)[copyIndex()]))]"
            }
          ]
        },
        "osProfile": {
          "computerName": "[format('{0}-vm{1}', parameters('projectName'), range(1, 3)[copyIndex()])]",
          "adminUsername": "[parameters('adminUsername')]",
          "adminPassword": "[parameters('adminPassword')]",
          "windowsConfiguration": {
            "enableAutomaticUpdates": true,
            "provisionVMAgent": true
          }
        },
        "securityProfile": "[if(equals(parameters('securityType'), 'TrustedLaunch'), variables('securityProfileJson'), null())]"
      },
      "dependsOn": [
        "project_vm_1_networkInterface"
      ]
    },
    {
      "copy": {
        "name": "projectName_vm_1_3_GuestAttestation",
        "count": "[length(range(1, 3))]"
      },
      "condition": "[and(equals(parameters('securityType'), 'TrustedLaunch'), and(equals(variables('securityProfileJson').uefiSettings.secureBootEnabled, true()), equals(variables('securityProfileJson').uefiSettings.vTpmEnabled, true())))]",
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "2022-03-01",
      "name": "[format('{0}-vm{1}/GuestAttestation', parameters('projectName'), range(1, 3)[copyIndex()])]",
      "location": "[parameters('location')]",
      "properties": {
        "publisher": "[variables('extensionPublisher')]",
        "type": "[variables('extensionName')]",
        "typeHandlerVersion": "[variables('extensionVersion')]",
        "autoUpgradeMinorVersion": true,
        "enableAutomaticUpgrade": true,
        "settings": {
          "AttestationConfig": {
            "MaaSettings": {
              "maaEndpoint": "[variables('maaEndpoint')]",
              "maaTenantName": "[variables('maaTenantName')]"
            },
            "AscSettings": {
              "ascReportingEndpoint": "[variables('ascReportingEndpoint')]",
              "ascReportingFrequency": ""
            },
            "useCustomToken": "false",
            "disableAlerts": "false"
          }
        }
      },
      "dependsOn": [
        "project_vm_1"
      ]
    },
    {
      "type": "Microsoft.Network/natGateways",
      "apiVersion": "2021-05-01",
      "name": "[variables('natGatewayName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "idleTimeoutInMinutes": 4,
        "publicIpAddresses": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('natGatewayPublicIPAddressName'))]"
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', variables('natGatewayPublicIPAddressName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[variables('natGatewayPublicIPAddressName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}/{1}', variables('vNetName'), variables('bastionSubnetName'))]",
      "properties": {
        "addressPrefix": "[variables('vNetBastionSubnetAddressPrefix')]"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('vNetSubnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-08-01",
      "name": "[format('{0}/{1}', variables('vNetName'), variables('vNetSubnetName'))]",
      "properties": {
        "addressPrefix": "[variables('vNetSubnetAddressPrefix')]",
        "natGateway": {
          "id": "[resourceId('Microsoft.Network/natGateways', variables('natGatewayName'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', variables('natGatewayName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', variables('vNetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/bastionHosts",
      "apiVersion": "2021-08-01",
      "name": "[variables('bastionName')]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "IpConf",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('bastionPublicIPAddressName'))]"
              },
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('bastionSubnetName'))]"
              }
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', variables('bastionPublicIPAddressName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vNetName'), variables('bastionSubnetName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-08-01",
      "name": "[variables('bastionPublicIPAddressName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "[variables('lbSkuName')]"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static"
      }
    },
    {
      "type": "Microsoft.Network/loadBalancers",
      "apiVersion": "2021-08-01",
      "name": "[variables('lbName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "[variables('lbSkuName')]"
      },
      "properties": {
        "frontendIPConfigurations": [
          {
            "name": "[variables('lbFrontEndName')]",
            "properties": {
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('lbPublicIpAddressName'))]"
              }
            }
          }
        ],
        "backendAddressPools": [
          {
            "name": "[variables('lbBackendPoolName')]"
          }
        ],
        "loadBalancingRules": [
          {
            "name": "myHTTPRule",
            "properties": {
              "frontendIPConfiguration": {
                "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', variables('lbName'), variables('lbFrontEndName'))]"
              },
              "backendAddressPool": {
                "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('lbName'), variables('lbBackendPoolName'))]"
              },
              "frontendPort": 80,
              "backendPort": 80,
              "enableFloatingIP": false,
              "idleTimeoutInMinutes": 15,
              "protocol": "Tcp",
              "enableTcpReset": true,
              "loadDistribution": "Default",
              "disableOutboundSnat": true,
              "probe": {
                "id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('lbName'), variables('lbProbeName'))]"
              }
            }
          }
        ],
        "probes": [
          {
            "name": "[variables('lbProbeName')]",
            "properties": {
              "protocol": "Tcp",
              "port": 80,
              "intervalInSeconds": 5,
              "numberOfProbes": 2
            }
          }
        ],
        "outboundRules": []
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', variables('lbPublicIpAddressName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-08-01",
      "name": "[variables('lbPublicIpAddressName')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "[variables('lbSkuName')]"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static"
      }
    },
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2021-08-01",
      "name": "[variables('nsgName')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "AllowHTTPInbound",
            "properties": {
              "protocol": "*",
              "sourcePortRange": "*",
              "destinationPortRange": "80",
              "sourceAddressPrefix": "Internet",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 100,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2021-08-01",
      "name": "[variables('vNetName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[variables('vNetAddressPrefix')]"
          ]
        }
      }
    }
  ],
  "outputs": {
    "location": {
      "type": "string",
      "value": "[parameters('location')]"
    },
    "name": {
      "type": "string",
      "value": "[variables('lbName')]"
    },
    "resourceGroupName": {
      "type": "string",
      "value": "[resourceGroup().name]"
    },
    "resourceId": {
      "type": "string",
      "value": "[resourceId('Microsoft.Network/loadBalancers', variables('lbName'))]"
    }
  }
}

範本中已定義多個 Azure 資源:

重要

無論輸出資料使用量為何,每小時價格都是從部署 Bastion 的那一刻開始計費。 如需詳細資訊,請參閱價格SKU。 如果您要將 Bastion 部署為教學課程或測試的一部分,建議您在完成使用之後刪除此資源。

若要尋找更多有關 Azure Load Balancer 的範本,請參閱 Azure 快速入門範本

部署範本

  1. 選取以下程式碼區塊的 [試用] 以開啟 Azure Cloud Shell,然後遵循指示登入 Azure。

    $projectName = Read-Host -Prompt "Enter a project name with 12 or less letters or numbers that is used to generate Azure resource names"
    $location = Read-Host -Prompt "Enter the location (i.e. centralus)"
    $adminUserName = Read-Host -Prompt "Enter the virtual machine administrator account name"
    $adminPassword = Read-Host -Prompt "Enter the virtual machine administrator password" -AsSecureString
    
    $resourceGroupName = "${projectName}rg"
    $templateUri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/load-balancer-standard-create/azuredeploy.json"
    
    New-AzResourceGroup -Name $resourceGroupName -Location $location
    New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri -Name $projectName -location $location -adminUsername $adminUsername -adminPassword $adminPassword
    
    Write-Host "Press [ENTER] to continue."
    

    等候直到您看見主控台的提示字元。

  2. 從先前的程式碼區塊選取 [複製] 以複製 PowerShell 指令碼。

  3. 以滑鼠右鍵按一下殼層主控台窗格,然後選取 [貼上]

  4. 輸入這些值。

    範本部署會建立三個可用性區域。 只有特定的區域支援可用性區域。 使用其中一個支援區域。 如果您不確定,請輸入 centralus

    資源群組名稱是附加 rg 的專案名稱。 您會在下一節中用到資源群組名稱。

部署範本需要約 10 分鐘。 完成時,輸出如下:

Azure Standard Load Balancer Resource Manager 範本 PowerShell 部署輸出

Azure PowerShell 用於部署範本。 您也可以使用 Azure 入口網站、Azure CLI 和 REST API。 若要了解其他部署方法,請參閱部署範本

檢閱已部署的資源

  1. 登入 Azure 入口網站

  2. 選取左側面板中的 [資源群組]

  3. 選取您在上一節中建立的資源群組。 預設的資源群組名稱是附加 -rg 的專案名稱。

  4. 選取負載平衡器。 其預設名稱是附加 -lb 的專案名稱。

  5. 僅將公用 IP 位址中 IP 位址的部分複製並貼到您瀏覽器的網址列。

    Azure 標準負載平衡器 Resource Manager 範本公用 IP

    瀏覽器會顯示 Internet Information Services (IIS) Web 伺服器的預設頁面。

    IIS 網頁伺服器

若要查看負載平衡器如何將流量分散於所有三部 VM,您可以從用戶端機器中強制重新整理您的網頁瀏覽器。

清除資源

當您不再需要時,請將其刪除:

  • 資源群組
  • 負載平衡器
  • 相關資源

移至 Azure 入口網站,選取包含負載平衡器的資源群組,然後選取 [刪除資源群組]

下一步

在本快速入門中,您將:

  • 建立適用於負載平衡器和虛擬機器的虛擬網路。
  • 建立用於管理的 Azure Bastion 主機。
  • 建立標準負載平衡器,並且與 VM 連結。
  • 設定了負載平衡器流量規則和健全狀態探查。
  • 測試了負載平衡器。

若要深入了解,請繼續進行 Azure Load Balancer 的教學課程。