If your VMs aren't persistent, you might want to decide how long they'll be active. You may decide to exclude them entirely from software and hardware inventories, or to run very selective delta inventories. If you do run inventories, keep an eye on performance in vCenter so you know what impact it's having on your hosts. You could work with your virtualization team to determine what sort of randomization is necessary.
An AD import is the best way to ensure they get the correct policies. A naming convention is the last option I would choose, and relying on Distinguished Name in inventory isn't great. If you have certain IP ranges defined for these non-persistent VMs, or other inventory gathered by basic inventory (such as the adapter's MAC address, which you could translate the first and second octets into a vendor like VMWare), you could include them in a filter that's included in the target of your policies.
Most of them will be detected in the Default view as a Virtual Machine resource, but that might be too broad for your environment.
The default Software Update target includes all computers that are not included in other Software Update targets, so just ensure you have a policy assigned to these non-persistent virtual computers. The policy should receive no patch approvals and have patch windows way in the future, just in case. From a security perspective, however, you will still need to ensure the patches are applied to the VMs in a timely manner, and you'll have to remember that you're patching two environments: first the physical in Altiris, and then the virtual in your master image.
I'd also pay attention to local package caches for software deliveries, since there isn't much sense in keeping a 2.3GB package cached locally once it's been installed. That would eat up expensive server disk.
As always, test everything first and then run a small pilot to ensure everything functions as you expect, before moving everything to production.