vCenter Protect can handle patch management of your templates and Windows based guests, which could include vCenter if hosted on a Windows OS.
As for VUM and vCenter on the same OS, we do that and have never had any issues. Our vCenter Server uses a remote SQL DB while VUM uses a local SQL Express Install. If you need to patch a host that vCenter resides on, you'll just need to vMotion your vCenter VM and then you can use VUM to patch the host.