Your illustration shows multiple endpoints behind each NAT-based router. If you're using a port-forwarding approach, then you'll need to register a different port number for each endpoint in your various routers. It would be a pain to track and configure, but would allow your central management server instant access to each of your endpoints.
If you control the software on your endpoints, you can have them poll a central server for instructions. No configuration would be needed in the routers because the requests originate from the private side. The amount of traffic would be trivial, assuming the typical message from the server is something like "OK". The downside is that delivery of an instruction by the central server wouldn't be instantaneous. The client won't know a message is available until its next polling interval.
Somewhere between the two extremes, but at an added cost, is a distributed management approach. If you already have a server behind each NAT router, you can have it relay instructions to each of the endpoints. Your central management server can control a small handful of local management servers, one behind each NAT firewall, and each of those servers will have direct access to the endpoints within its same LAN.