System and method for providing an integrated firewall for secure network communication in a multi-tenant environment

What is claimed is: 1. A method for providing network security in a multi-tenant environment, the method comprising: receiving an access control list at a database server of a plurality of database servers, wherein the access control list identifies a plurality of database services provided by the plurality of database servers and wherein the access control list identifies, for each of said plurality of database services, one or more database service consumer identities associated with one or more database service consumers allowed to access said each of said plurality of database services; receiving at the database server, a plurality of communication packets transmitted over a connection-based switched fabric directly connecting the plurality of database servers with a plurality of application servers; and performing in the database server for each communication packet of said plurality of communication packets: if the communication packet does not include any database service consumer identity, discarding the communication packet, or if the communication packet does include a database service consumer identity: using the database service consumer identity included in the communication packet to identify a database service consumer that sent the communication packet, and using said access control list in combination with said database service consumer identity included in the communication packet to prevent access of the database service consumer to a database service of said plurality of database services unless said access control list identifies said database service consumer as being allowed to access said database service. 2. The method of claim 1 , wherein said communication packet is an address resolution protocol (ARP) request, and wherein using said access control list in combination with said database consumer identity included in the communication packet to prevent access of the database consumer to a database service of said plurality of database services unless said access control list identifies said database consumer as allowed to access said database service comprises: determining in the database server whether the access control list identifies said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server; and dropping the ARP request without transmitting an ARP response if the access control list does not identify said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server. 3. The method of claim 1 , wherein said communication packet is a connection establishment request, and wherein using said access control list in combination with said database consumer identity included in the communication packet to prevent access of the database consumer to a database service of said plurality of database services unless said access control list identifies said database consumer as allowed to access said database service comprises: determining in the database server whether the access control list identifies said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server; and dropping the connection establishment request without establishing a connection if the access control list does not identify said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server. 4. The method of claim 1 , wherein said communication packet is a connection establishment request, and wherein using said access control list in combination with said database consumer identity included in the communication packet to prevent access of the database consumer to a database service of said plurality of database services unless said access control list identifies said database consumer as allowed to access said database service comprises: determining in the database server to which database service the connection establishment request is requesting to make a connection; and preventing establishment of a connection to the database service in response to said connection establishment request if the access control list does not identify said database service consumer as authorized to access said database service. 5. The method of claim 1 , wherein said communication packet is a connection establishment request, and wherein using said access control list in combination with said database consumer identity included in the communication packet to prevent access of the database consumer to a database service of said plurality of database services unless said access control list identifies said database consumer as allowed to access said database service comprises: creating a connection in response to said connection establishment request; receiving over said connection an identification of a database service intended to be accessed by the database service consumer over said connection; and terminating said connection if the access control list does not identify said database service consumer as authorized to access said database service. 6. The method of claim 1 , wherein said communication packet is a data packet received over a connection established between the database service consumer a database service, and wherein using said access control list in combination with said database consumer identity included in the communication packet to prevent access of the database consumer to a database service of said plurality of database services unless said access control list identifies said database consumer as allowed to access said database service comprises: associating a hardware context with said connection established between the database service consumer and the database service, wherein the hardware context includes the database service consumer identifier of the database service consumer; dropping said data packet unless it includes the database service consumer identity included in the hardware context associated with the connection. 7. The method of claim 6 , wherein said data packet is received at a host channel adapter of the database server and the hardware context is stored in a memory of said host channel adapter, and wherein dropping said data packet unless it includes the database service consumer identity included in the hardware context associated with the connection comprises: dropping said data packet using the host channel adapter unless it includes the database service consumer identity included in the hardware context associated with the connection and stored in the memory of said host channel adapter. 8. The method of claim 1 , wherein using said access control list in combination with said database consumer identity included in the communication packet to prevent access of the database consumer to a database service of said plurality of database services unless said access control list identifies said database consumer as allowed to access said database service comprises: performing one of address resolution access control, connection establishment access control, and data exchange access control based on said access control list. 9. The method of claim 1 , wherein said connection-based switched fabric is a point-to-point switched fabric and wherein said communication packet is a point-to-point switched fabric protocol communication packet received at the database server over the point-to-point switched fabric directly connecting the plurality of database servers with the plurality of servers, and wherein the steps performed by the database server for the communication packet of said plurality of comm