They would be connected via SOAP over HTTPS, so as long as your PGP UN is in the DMZ, which is where it should be, the machine running the PGPCL will be able to find it no problem.
You then tell the PGPCL where the keys are stored via the --usp-server command.
Have a look in https://www-secure.symantec.com/connect/security/forums/key-management for some scripts like securly transferring the keys if you create them at the PGPCL end