Well don's already mentioned my article "Virtual Lab with VMware" (see the link in don's post).
My CEH lab consisted of 1 host running VMware. The guests included Windows XP Pro, Windows 2003 Server, Backtrack 1.0, FreeBSD 6.0 and finally a LiveCD VM (usually reserved for Knoppix-STD 1.0). Even though I've already got my CEH I've just recently added an OpenBSD 3.8 VM just to mess around with. I don't have enough RAM to run them all concurrently but I usually have at least 2 or 3 on at the same time so that I can check things out.
The Windows XP Pro machine has been fine tuned in to a mean hacking machine that I find I use just as often as I use Backtrack. It's fully patched and has the following installed on it; Cygwin, WinPcap, Nmap, Netcat, Packetyzer, Cain & Able, John the Ripper, Nessus, Tor (including Vidalia and Privoxy), Metasploit Framework, Security Forest Exploit Tree, Sid2user and User2sid.
I also installed some other stuff on it like VMware Tools (obviously), Acrobat Reader for PDF's, AVG and Zone Alarm for protection and Textpad. I much prefer Textpad over Notepad or Wordpad because it does syntax highlighting of HTML documents and has quite a lot of other features. I also installed 3 browsers; Internet Explorer, Opera and Firefox. Firefox is the default browser and has a few extensions including; FoxTor, User Agent Switcher, DOM Inspector and HTTP Live Headers. Firefox also has bookmarked links to "all the best hacking sites".
The Windows 2003 Server doesn't have any tools on it at all. It is however Active Directory DC and holds the negrita.local domain name zone.
The Windows 2003 Server and FreeBSD machines were usually the victims of my experiments while the XP machine and Backtrack usually did the attacking (though they were sometimes the victims of each other).