Which version of vShield are you running? This was a problem initally, but the latest version of vShield offers a way around the problem.
Have a look at Duncan's post and workarounds: http://www.yellow-bricks.com/2012/03/17/excluding-your-vcenter-server-from-vshield-app-protection/
As for separating management from other VMs this is a common practice, however it is limited by available resources. In your case, the above post should address the issue.