Centralized management of remote endpoint devices

What is claimed is: 1. A system, comprising: one or more processors and one or more memories to store computer-executable instructions that, when executed, cause the one or more processors to implement agent software configured to: receive, by the agent software from a centralized management service of a multi-tenant provider network, information indicative of a configuration associated with a software package, wherein the software package is selected from a plurality of software packages of a marketplace service in the multi-tenant provider network, wherein the configuration comprises a network address of a virtual private network (VPN) server, and wherein the agent software is associated with an endpoint device external to the multi-tenant provider network; deploy, by the agent software to the endpoint device, the configuration associated with the software package including the received network address of the VPN server to permit access by the endpoint device, via a secure connection, to the VPN server of the multi-tenant provider network according to the received network address; and send, from the agent software to the centralized management service, an acknowledgement of deployment of the configuration associated with the software package. 2. The system as recited in claim 1 , wherein the software package comprises a virtual private network (VPN) server, and wherein the configuration permits the endpoint device to establish a secure connection with the VPN server. 3. The system as recited in claim 1 , wherein the one or more memories store additional computer-executable instructions that, when executed, cause the one or more processors to: receive, by the agent software from the centralized management service, an installer associated with the software package; install, by the agent software using the installer, the software package on the endpoint device; and send, from the agent software to the centralized management service, an acknowledgement of installation of the software package. 4. The system as recited in claim 1 , wherein the one or more memories store additional computer-executable instructions that, when executed, cause the one or more processors to: generate, by the agent software, a system image of the endpoint device, wherein functionality of the endpoint device is migrated to one or more computational resources of the multi-tenant provider network based at least in part on the system image. 5. The system as recited in claim 1 , wherein the one or more memories store additional computer-executable instructions that, when executed, cause the one or more processors to: send, from the agent software to the centralized management service, information descriptive of a status of the endpoint device. 6. The system as recited in claim 1 , wherein the configuration is associated with security management at the endpoint device. 7. A computer-implemented method, comprising: receiving, by agent software from a centralized management service of a multi-tenant provider network, information indicative of a configuration associated with a software package, wherein the software package is selected from a plurality of software packages of a marketplace service in the multi-tenant provider network, wherein the configuration comprises a network address of a virtual private network (VPN) server, and wherein the agent software is associated with an endpoint device external to the multi-tenant provider network; deploying, by the agent software to the endpoint device, the configuration associated with the software package including the received network address of the VPN server to permit access by the endpoint device, via a secure connection, to the VPN server of the multi-tenant provider network according to the received network address; and sending, from the agent software to the centralized management service, an acknowledgement of deployment of the configuration associated with the software package. 8. The method as recited in claim 7 , wherein the software package comprises a virtual private network (VPN) server, and wherein the configuration permits the endpoint device to establish a secure connection with the VPN server. 9. The method as recited in claim 7 , further comprising: receiving, by the agent software from the centralized management service, an installer associated with the software package; installing, by the agent software using the installer, the software package on the endpoint device; and sending, from the agent software to the centralized management service, an acknowledgement of installation of the software package. 10. The method as recited in claim 7 , further comprising: generating, by the agent software, a system image of the endpoint device, wherein functionality of the endpoint device is migrated to one or more computational resources of the multi-tenant provider network based at least in part on the system image. 11. The method as recited in claim 7 , further comprising: sending, from the agent software to the centralized management service, information descriptive of a status of the endpoint device. 12. The method as recited in claim 7 , wherein the configuration is associated with security management at the endpoint device. 13. The method as recited in claim 7 , further comprising: sending, from the agent software to the centralized management service, an acknowledgement of installation of the agent software on the endpoint device, wherein the information indicative of the configuration associated with the software package is sent to the agent software based at least in part on the centralized management service determining that the endpoint device is associated with the software package. 14. One or more non-transitory computer-readable storage media storing program instructions that, when executed on or across one or more processors, perform: receiving, by agent software from a centralized management service of a multi-tenant provider network, information indicative of a configuration associated with a software package, wherein the software package is selected from a plurality of software packages of a marketplace service in the multi-tenant provider network, wherein the configuration comprises a network address of a virtual private network (VPN) server, and wherein the agent software is associated with an endpoint device external to the multi-tenant provider network; deploying, by the agent software to the endpoint device, the configuration associated with the software package including the received network address of the VPN server to permit access by the endpoint device, via a secure connection, to the VPN server of the multi-tenant provider network according to the received network address; and sending, from the agent software to the centralized management service, an acknowledgement of deployment of the configuration associated with the software package. 15. The one or more non-transitory computer-readable storage media as recited in claim 14 , wherein the software package comprises a virtual private network (VPN) server, and wherein the configuration permits the endpoint device to establish a secure connection with the VPN server. 16. The one or more non-transitory computer-readable storage media as recited in claim 14 , further comprising additional program instructions that, when executed on or across the one or more processors, perform: receiving, by the agent software from the centralized management service, an installer associated with the software package; installing, by the agent software using the installer, the software package on