My server management group just merged with another server management group in my organization.  In doing so, I've added seven clusters of ESX/ESXi 4.0 to my vSphere server.  Our goal is to make everything uniform.  While our software configuration differs, the two groups hardware configuration is almost identical, using IBM x3650s and IBM bladecenters, with the same Cisco switch components in the bladecenters (so extending the necessary VLANs shouldn't be an issue).  My existing ESX 4.1 clusters are configured like this:

• vSwitch0 (spread across two ports in two different NICs)
  • Service Console is on a private management VLAN
  • VMkernel is on a private VLAN only extended to my ESX servers
• vSwitch1 (spread across four ports in two different NICs) has multiple Virtual Machine Port Groups corresponding to different VLANs, all for our guest VMs.

The "new" (to me, at least) ESX clusters are configured as such:

• vSwitch0 (associated with a single NIC)
  • Service Console with no VLAN specified.  The IP address is similar to that of the IPs of the guest machines on vSwitch1.
  • VMkernel Port with no VLAN specified.  The IP address is similar to that of the IPs of the guest machines on vSwitch1.
• vSwitch1 (spread across two NICs) has a single Virtual Machine Port Group with no VLAN specified and a network label that does not match our networking naming standard.
• vSwitch2 (associated with a single NIC) has a single VMkernel Port with no VLAN specified.  The IP address of this port is different from the IP addresses used  on the other vSwitches.

The "new" (to me, at least) ESXi clusters are configured as such:

• vSwitch0 (associated with a single NIC) has a VMkernel Port with no VLAN specified.  The IP address is similar to that of the IPs of the guest machines on vSwitch1
• vSwitch1 (spread across two NICs) has a single Virtual Machine Port Group with no VLAN specified and a network label that does not match our networking naming standard.
• vSwitch2 (associated with a single NIC) has a single VMkernel Port with no VLAN specified.  The IP address of this port is different from the IP addresses used  on the other vSwitches.

That's the high-level snapshot.  All of the hosts in all clusters attach to storage via Fibre channel, no network attached storage.  All of the hosts in the "new" clusters are throwing configuration issues that there is no managment network redundancy - I want to fix that.  I would also like to move the service consoles and VMkernel ports to our more secure, less advertised VLANs.  Finally, I'd like to have all the VLANs for guest OSes available on all of my hosts across all my clusters. 

My questions are what's the best method for achieving this?  Reconfigure the current hosts or rebuild the hosts with the networking to match our standards?  The hosts are all at 4.0 and need to upgraded to 4.1, so I could justify the rebuild (though I was thinking of doing that only with Update Manager).  Also, as I reconfigure the ESX hosts, how do I move my VMs from a VM Port Group with one label to another?  All of the VMs are in production, so I would prefer no service outage (but would understand and could make a case for it to management).  The label makes or breaks the VMotion capability, so that's going to be important across all the vSwitches.  The VLAN for VMs on the new cluster are also nearing complete usage, so being able to add additional VLAN would be highly beneficial.

Thank you for any and all assistance.