Hello Torb,
You can have your public keys on the DMZ server, but not your private keys. It is never recommended to do so.
Once the user is enrolled on his IOS device, his keyring will gets downloaded and saved on his device.
Symantec Mobile Encryption for iOS app requires that users be in a Symantec Encryption Management Server-managed environment where the LDAP Directory Synchronization feature is enabled and each user has an existing account with authentication credentials on the LDAP directory.
During configuration, your users will be required to enroll with a specific Symantec Encryption Management Server. The user must connect to Symantec Encryption Management Server over the corporate network.
Enrollment information can be provided automatically using a configuration file you supply or by manually entering the information.
Symantec Mobile Encryption for iOS app users enroll with their Symantec Encryption Management Server using their LDAP credentials, whether they are automatically or manually providing enrollment information. This requires that the Symantec Encryption Management Server managing your Symantec Mobile Encryption for iOS app users has the LDAP Directory Synchronization feature enabled and that each user
has an existing account with authentication credentials on the LDAP directory.
Best Regards, Ankush Sharma