Hi,
GETVPN introduced the idea of group encryption amongst trusted members of a group. With this concept, the Key Server is responsible for authenticating group members, manage and maintain security policies and keys, etc. Since GETVPN has done away with pair-wise tunnels, the GM's will no longer need to establish IPSec tunnels with other GM's. All they need to is to register themselves with the KS, download the security policy, and use them. Also, since there is no more tunnels, that also eliminates the need for an overlay routing infrastructure. For more details, please check out:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf
Hope this helps.
Thanks,
Wen