I agree is a big issue with VCD right now. Catalogs are not high availability. The issue is a catalog VM is owned by a host, so that host must be online and not busy in order to clone from that VM. It does seem to me VCD should handle catalog VM's different than standard VMs.
We have a VCO script that will migrate stopped VM's first, then call the normal "enter maintenance mode" - this way a host gets the catalog items off the system before it thinks it goes busy. The issue is admins need to know to use the VCO workflow to place hosts in maintenance mode, and this does not help against unexpected host failure.