SSL certificates are often stored in memory or on disk as part of an operating system or other piece of software's configuration. However, SSL certificates may also be stored in a removable form of physical media such as a USB dongle or magnetic card.
Removable (and often, read-only) storage is most commonly associated with client certificates is because dongles and cards and other removable media can be carried by individual people; to forge a hardware-based credential, you need to be in possession of the hardware. Server certificates need to be continually available and are thus almost always tied into software. In fact, the use of removable storage with server certificates could make it easier for people to steal a server's private key as servers are frequently left unattended.
Regardless of how an SSL client certificate is stored, if an SSL-enabled web browser or FTP client can read that certificate, then it may be used to authenticate with MOVEit DMZ.
Not all hardware client certificates work the same way. Some require "phoning home" to a central authentication server before they can be used, while others (such as the Aladdin eToken described below) are "standalone". Some SSL clients (such as MOVEit Freely) can use hardware certificates that automatically tie into the operating system store, while other SSL clients will need their own direct access to the SSL hardware. Despite these variables, the bottom line is that MOVEit DMZ will be able to make use of an SSL hardware token as long as the CLIENT can obtain the appropriate credential from the SSL hardware token and pass it to MOVEit DMZ as part of the normal SSL negotiation.