System and method for providing for secure network communication in a multi-tenant environment

What is claimed is: 1. A method for providing network security in a multi-tenant environment, the method comprising: configuring a connection-based switched fabric of the multi-tenant environment to have a database access partition accessible to a plurality of database service consumers and accessible to a plurality of database servers which provide a plurality of database services wherein each of the plurality of database services utilizes data associated with a plurality of different tenants, the data being held in a plurality of storage cells; configuring the connection-based switched fabric of the multi-tenant environment to have a storage access partition accessible to a plurality of said plurality of database servers and accessible to a plurality of storage cells, but not accessible to said plurality of database service consumers, wherein each of the plurality of database services utilizes the data associated with the plurality of different tenants held in the plurality of storage cells; securely configuring a network interface controller of each of the plurality of application servers to associate each of the plurality of database service consumers hosted on said application server in association with the plurality of different tenants with a unique database service consumer identity, such that each of the plurality of database service consumers cannot modify or spoof the unique database service identity associated with said each of the plurality of database service consumers; configuring the network interface controller of each of the plurality of application servers to include the database service consumer identity associated with each of the plurality of database service consumers hosted on said application server in each communication packet transmitted from said database service consumer towards said plurality of database services; providing an access control list to each of the plurality of database servers, wherein the access control list identifies said plurality of database services and identifies for each of said plurality of database services one or more database service consumer identities associated with one or more database service consumers allowed to access said each of said plurality of database services; discarding with a network interface of each of the plurality of database servers all communication packets received from said plurality of application servers which do not include a database service consumer identity; and using said access control list in combination with a database service consumer identity included in a communication packet received at a network interface of a database server of the plurality of database servers to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service. 2. The method of claim 1 , wherein said communication packet is an address resolution protocol (ARP) request, and wherein using said access control list in combination with a database consumer identity included in a communication packet received at a network interface of a database server of the plurality of database servers to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service comprises: determining whether the access control list identifies said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server; and dropping the ARP request without transmitting an ARP response if the access control list does not identify said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server. 3. The method of claim 1 , wherein said communication packet is a connection establishment request, and wherein using said access control list in combination with a database consumer identity included in a communication packet received at a network interface of a database server of the plurality of database servers to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service comprises: determining in the database server whether the access control list identifies said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server; and dropping the connection establishment request without establishing a connection if the access control list does not identify said database service consumer as authorized to access any one of said plurality of databases services which is provided by said database server. 4. The method of claim 1 , wherein said communication packet is a connection establishment request, and wherein using said access control list in combination with a database consumer identity included in a communication packet received at a network interface of a database server of the plurality of database servers to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service comprises: determining in the database server to which database service the connection establishment request is requesting to make a connection; and preventing establishment of a connection to the database service in response to said connection establishment request if the access control list does not identify said database service consumer as authorized to access said database service. 5. The method of claim 1 , wherein said communication packet is a connection establishment request, and wherein using said access control list in combination with a database consumer identity included in a communication packet received at a network interface of a database server of the plurality of database servers to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service comprises: creating a connection in response to said connection establishment request; receiving over said connection an identification of a database service intended to be accessed by the database service consumer over said connection; and terminating said connection if the access control list does not identify said database service consumer as authorized to access said database service. 6. The method of claim 1 , wherein said communication packet is a data packet received over a connection established between the database service consumer a database service, and wherein using said access control list in combination with a database consumer identity included in a communication packet received at a network interface of a database server of the plurality of database servers to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service comprises: associating a hardware context with said connection established between the database ser