does the cloud console talk to my console?
If by 'cloud console' you mean the protectcloud.shavlik.com site - then yes it does have communication with the Protect console for agent check in process and policy updates. This would be https - so port 443.
Do I need to ensure my console has patches downloaded in order for remote users to get them, or is the whole thing independent of my control and console used on network?
This depends on how you have your agent policy set for 'Engine, data, and patch download location'. If it's set to use Vendor over Internet each agent will go out to the internet and download any needed files for patching.
I also find the machine view of agent machines to work less than optimally, because some of the machines I have targeted for remote agents have never been scanned by my console. Any recommendations on this?
Once your agents are successfully running patch scans and sending results back to the Protect console you should start to see them show up - however, when you're using the cloud agents function for the agents to check in and return results it can take longer than normal for the updated information to show up in machine view. I'd just give it some to start populating with this info.
I hope that helps to answer your questions.