我对 Microsoft 文档的解读使我相信我可以在两个不同的 Azure 目录中连接两个虚拟网络网关,但这需要通过 PowerShell 来完成。这是正确的吗?
如果可以的话,有人能否给我指出实现这一目标的正确步骤?
任何帮助将不胜感激。
答案1
看起来我把我需要做的事情过于复杂了,因为我只需使用 PowerShell 在两个独立的 Azure 目录原则之间建立网络对等连接即可。
尽管 Azure 门户确实允许在同一个 Azure 目录租户内进行网络对等,但它没有显示在两个不同租户之间的网络之间设置网络对等的选项。下面是我用来实现此目的的 Powershell 脚本:
## Peer AzureUK to AzureUS
## Selecting the UK Subscription where the domain controllers virtual network resides.
Set-AzContext -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
## Select the UK Virtual Network and the Resource Group containing the domain controllers
$vNetA=Get-AzVirtualNetwork -Name Azure.yourdomain.com -vnet -ResourceGroupName Azure.yourdomain.com
Add-AzVirtualNetworkPeering `
## Specify the name of the Peering as seen from the UK directory tenant.
-Name 'AzureUK-to-AzureUS-Peering' `
-VirtualNetwork $vNetA `
## Specify the Resource ID of the remote virtual network within the US directory tenant.
-RemoteVirtualNetworkId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx/resourceGroups/Networks/providers/Microsoft.Network/virtualNetworks/PulicNetworks"
## Peer AzureUS to AzureUK
## The selecting the US Subscription which contains the virtual network you would like to work with.
Set-AzContext -SubscriptionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
## Select the US Virtual Network and the Resource Group which you would like linking to grant access to the UK domain controller network.
$vNetA=Get-AzVirtualNetwork -Name PublicNetworks -ResourceGroupName PublicNetworks
Add-AzVirtualNetworkPeering `
## Specify the name of the Peering as seen from the US directory tenant
-Name 'AzureUS-to-AzureUK-Peering' `
-VirtualNetwork $vNetA `
## Specify the Resource ID of the remote virtual network within the UK directory tenant.
-RemoteVirtualNetworkId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx/resourceGroups/Azure.yourdomain.com/providers/Microsoft.Network/virtualNetworks/Azure.yourdomain.com-vnet"
https://docs.microsoft.com/en-gb/azure/virtual-network/create-peering-different-subscriptions#cli