Network directory and access service

What is claimed is: 1. A method, comprising: receiving from a client, by a first processing device coupled to a first network, an identifier of a first target device; selecting, among a second network connected by a first router to the first network and a third network connected by a second router to the first network, a target network that is coupled to the first target device, wherein the second network and the third network share a private network address space; identifying a target router that is coupled to the first network and to the target network; transmitting, to the client, an identifier of the target router and a device access token identifying the first target device; transmitting, to the target router, a network directory message identifying the client and the first target device; receiving, from the client, by the target router, a service request comprising the device access token; validating the service request by comparing the first target device identified by the network directory message to a second target device identified by the device access token received from the client; and forwarding the service request to the first target device. 2. The method of claim 1 , further comprising authenticating the client by the first processing device. 3. The method of claim 1 , further comprising ascertaining, by the first processing device, whether the client is authorized to access the first target device. 4. The method of claim 1 , further comprising initializing, the target router for routing requests from the client on the first network to the first target device, one of a network address translation (NAT) scheme or a proxy scheme. 5. The method of claim 1 , further comprising discovering, by the first processing device, the first target device by performing at least one of: analyzing a plurality of addresses assigned by a dynamic host configuration protocol (DHCP) server to network devices identified by MAC addresses, sniffing traffic on at least one of the second network or the third network, scanning at least one of the second network or the third network or receiving a message from the first target device. 6. The method of claim 5 , further comprising assigning a device descriptor to the first target device. 7. A computer system, comprising: a memory; and a processing device operatively coupled to the memory, the processing device to: receive, from a directory server, over a first network, a network directory message comprising an identifier of a client and an identifier of a first target device; select, among a second network connected to the first network and a third network connected to the first network, a target network coupled to the first target device, wherein the second network and the third network share a common network address space; configure a router that connects the target network to the first network to route requests from the client on the first network to the first target device, using one of a network address translation (NAT) scheme or a proxy scheme; receive, from the client, a service request associated with a device access token identifying a second target device; validate the device access token using a secret shared between the computer system and the directory server; validate the service request by comparing the first target device identified by the network directory message to a second target device identified by the device access token received from the client; and forward the service request to the first target device. 8. The computer system of claim 7 , wherein the processing device is further to: forward a response from the first target device to the client. 9. The computer system of claim 7 , wherein the processing device is to receive the service request from the client over a secure connection. 10. The computer system of claim 7 , wherein the device access token comprises at least one of: an identifier of a security scheme to be implemented by the processing device for communicating to the first target device or an authentication token for the security scheme. 11. The computer system of claim 10 , wherein the processing device is to implement the security scheme to secure communications to the first target device for forwarding the service request to the first target device. 12. The computer system of claim 7 , wherein the processing device is to configure the router responsive to one of: receiving the network directory message or validating the device access token. 13. The computer system of claim 7 , wherein the processing device is further to: perform a health check of the first target device by performing at least one of: communicating with the first target device, inspecting state information of network devices or performing a device-specific procedure. 14. The computer system of claim 7 , wherein at least one of the network directory message and the device access token further comprises an identifier of a service on the first target device. 15. The computer system of claim 7 , wherein the processing device is further to: responsive to receiving, from the client, a packet addressed to a network interface connected to the first network, substitute a destination address in the packet with the address of the first target device. 16. The computer system of claim 15 , wherein the processing device is further to: implement a transport layer proxy for forwarding the message to the first target device. 17. The computer system of claim 7 , wherein the processing device is further to: disable the NAT scheme or the proxy server responsive to evaluating a pre-defined condition. 18. The computer system of claim 17 , wherein the evaluating comprises at least one of: determining that the device access token has expired, determining that the first target device is off-line, determining that the device access token has been revoked or failing to validate the service request.