Secure management of access to host device remote management functionality

We claim: 1 . A gateway device comprising: a processor; a host-facing network interface to connect to a network interface of a host device at which remote management functionality of the host device is exposed; a network-facing network interface to connect to a network; a first network port to expose remote functionality of the host device, wherein the first network port is open at the network interface of the host device and at the host-facing network interface, and wherein the first network port is closed at the network-facing network interface; a network switch to drop first incoming network traffic received over the network at the network-facing network interface that is determined by the gateway device to be unrelated to the remote management functionality of the host device and to route second incoming network traffic determined by the gateway device to be related to the remote management functionality of the host device to the processor of the gateway device, wherein the processor is to: receive the second incoming network traffic, and route the second incoming network traffic to the host-facing network interface; and a memory storing program code executable by the processor to securely manage access over the network to the remote management functionality of the host device, wherein the network-facing network interface is to receive a client request from a client device on a second network port over which the remote functionality is not exposed, wherein the gateway device is further to: determine that the client request received over the network is in a format not understandable by the host device and is related to the remote management functionality of the host device; grant the client request; in response to granting the client request, generate a host request corresponding to the client request and in a format that is understandable by the host device; and send, via the host-facing network interface, the host request to the host device to permit the client device access to the remote management functionality of the host device in accordance with the client request. 2 . The gateway device of claim 1 , wherein the program code is executable by the processor to permit access over the network to a limited subset of the remote management functionality of the host device. 3 . The gateway device of claim 1 , wherein the host-facing network interface is a first host-facing network interface, the network interface of the host device is a first network interface of the host device, and the gateway device further comprises: a second host-facing network interface to connect to a second network interface of the host device at which the remote management functionality of the host device is not exposed. 4 . The gateway device of claim 3 , wherein network communication related to the remote management functionality of the host device is routed through the first host-facing network interface, and network communication unrelated to the remote management functionality of the host device is routed through the second host-facing network interface. 5 . The gateway device of claim 3 , further comprising: the network switch that includes the first and second host-facing and the network-facing network interfaces, the network switch to redirect communication related to the remote management functionality of the host device to the processor. 6 . The gateway device of claim 1 , further comprising: the network switch of which the host-facing and the network-facing network interfaces area a part, the network switch to redirect communication related to the remote management functionality of the host device to the processor. 7 . The gateway device of claim 1 , wherein both network communication related to the remote management functionality of the host device and network communication unrelated to the remote management functionality of the host device are routed through the host-facing network interface. 8 . The gateway device of claim 1 , wherein a logical network port on which the remote management functionality of the host device is accessible is open at the network interface of the host device and at the host-facing network interface, and is closed at the network-facing network interface. 9 . The gateway device of claim 1 , wherein network communication unrelated to the remote management functionality of the host device is passed through between the host device and the network. 10 . The gateway device of claim 1 , wherein the program code is executable by the processor to act as a remote desktop session proxy between remote desktop session server software running on the host device and remote desktop session client software running on the client device connected to the network. 11 . The gateway device of claim 1 , further comprising: an input/output (I/O) interface to connect to an I/O interface of the host device; and a display interface to connect to a display interface of the host device, wherein the program code is executable by the processor to act as a keyboard-video mouse (KYM) proxy between the I/O and display interfaces of the host device and the client device connected to the network. 12 . The gateway device of claim 1 , wherein the processor of the gateway device routes network traffic, relating to remote management functionality of the host device, to the client device via the network-facing network interface. 13 . A non-transitory computer-readable data storage medium storing program code that when executed by a gateway device cause the gateway device to perform processing comprising: receiving, via a network-facing network interface of the gateway device, a client request from a client device on a first network port over which remote functionality is not exposed to access remote management functionality of a host device connected to a host-facing network interface of the gateway device; exposing, at a second network port, remote functionality of the host device, wherein the second network port is open at a network-facing network interface of the host device and at the host-facing network interface of the gateway device, and wherein the second network port is closed at the network-facing network interface of the gateway device; determining, by the gateway device, that the client request received over the network is in a format not understandable by the host device and is related to the remote management functionality of the host device; granting the client request; in response to granting the client request, generating a host request corresponding to the client request and in a format that is understandable by the host device; sending, by the gateway device, via the host-facing network interface, the host request to the host device to permit the client device access to the remote management functionality of the host device in accordance with the client request; receiving, by a network switch of the gateway device, incoming network traffic; routing, by the network switch, a portion of the incoming network traffic to a processor of the gateway device, wherein the portion of the incoming network traffic is related to the remote management functionality of the host device; and routing, by the processor, the portion of the incoming network traffic to the host device. 14 . The non-transitory computer-readable data storage medium of claim 13 , wherein the processing further comprises: receiving, via the host-facing network interface of the gateway device, a host response from the host device; responsively generating a client response corresponding to the host response and understandabl