System and method for providing an integrated firewall for secure network communication in a multi-tenant environment

What is claimed is: 1. A method for providing network security in a multi-tenant environment comprising a plurality of application servers, a plurality of database services providing access to data of each of a plurality of tenants, and a connection-based switched fabric, the method comprising: providing a subnet manager in the connection-based switched fabric; using the subnet manager to configure a host channel adapter of each of the plurality of application servers to associate each of a plurality of database service consumers hosted on said application server with a unique database service consumer identity, such that each of the plurality of database service consumers cannot modify or spoof the unique database service identity associated with said each of the plurality of database service consumers; using the subnet manager to configure the host channel adapter of each of the plurality of application servers to include the database service consumer identity associated with each of the plurality of database service consumers hosted on said application server in each communication packet transmitted from said database service consumer towards said plurality of database services; maintaining an access control list which identifies said plurality of data services and one or more database service consumer identities associated with one or more database service consumers allowed to access said each of said plurality of database services; and controlling access to the plurality of database services by the plurality of database service consumers using the access control list and the database service consumer identity included in each communication packet transmitted from said plurality of database service consumers towards said plurality of database services. 2. The method of claim 1 , wherein said communication packets are address resolution protocol (ARP) requests, and wherein controlling access to the plurality of database services comprises: using said access control list in combination with a database consumer identity included in a communication packet received at a network interface of a database server hosting a database service of the plurality of database services to prevent access of the database consumer associated with the database consumer identity to a database service of said plurality of database services unless said access control list identifies said database service consumer as allowed to access said database service. 3. The method of claim 1 , wherein using the subnet manager to configure the host channel adapter of each of the plurality of application servers to include the database service consumer identity associated with each of the plurality of database service consumers hosted on said application server in each communication packet transmitted from said database service consumer towards said plurality of database services comprises: setting a global routing header (GRH) flag in a partition including the plurality of application servers whereby the host channel adapter of each of the plurality of application servers is caused to include the database service consumer identity associated with each of the plurality of database service consumers hosted on said application server in the global routing header (GRH) of each communication packet transmitted from said database service consumer towards said plurality of database services. 4. The method of claim 1 , wherein using the subnet manager to configure the host channel adapter of each of the plurality of application servers to include the database service consumer identity associated with each of the plurality of database service consumers hosted on said application server in each communication packet transmitted from said database service consumer towards said plurality of database services comprises: setting a hoplink limit in a partition including the plurality of application servers whereby the host channel adapter of each of the plurality of application servers is provoked to include the database service consumer identity associated with each of the plurality of database service consumers hosted on said application server in the global routing header (GRH) of each communication packet transmitted from said database service consumer towards said plurality of database services. 5. The method of claim 1 , wherein using the subnet manager to configure a host channel adapter of each of the plurality of application servers to associate each of a plurality of database service consumers hosted on said application server with a unique database service consumer identity, such that each of the plurality of database service consumers cannot modify or spoof the unique database service identity associated with said each of the plurality of database service consumers comprises: using the subnet manager to configure a port global unique identifier table stored in a secure memory of the host channel adapter of each of the plurality of application servers. 6. The method of claim 1 , wherein using the subnet manager to configure a host channel adapter of each of the plurality of application servers to associate each of a plurality of database service consumers hosted on said application server with a unique database service consumer identity, such that each of the plurality of database service consumers cannot modify or spoof the unique database service identity associated with said each of the plurality of database service consumers comprises: using the subnet manager to configure a port global unique identifier table stored in a secure memory of the host channel adapter of each of the plurality of application servers such that the host channel adapter securely associates consumer identifiers from the port global unique identifier table with each of the plurality of database service consumers. 7. The method of claim 1 , wherein controlling access to the plurality of database services by the plurality of database service consumers using the access control list and the database service consumer identity included in each communication packet transmitted from said plurality of database service consumers towards said plurality of database services comprises: preventing establishment of a connection to the database service in response to a connection establishment request if the access control list does not identify said database service consumer as authorized to access said database service. 8. The method of claim 1 , wherein controlling access to the plurality of database services by the plurality of database service consumers using the access control list and the database service consumer identity included in each communication packet transmitted from said plurality of database service consumers towards said plurality of database services comprises: terminating connections if the access control list does not identify said database service consumer as authorized to access a database service. 9. The method of claim 1 , wherein controlling access to the plurality of database services by the plurality of database service consumers using the access control list and the database service consumer identity included in each communication packet transmitted from said plurality of database service consumers towards said plurality of database services comprises: dropping a data packet unless it includes the database service consumer identity included in a hardware context associated with a connection. 10. The method of claim 1 , wherein controlling access to the plurality of database services by the plurality of database service consumers using the access control list and the database service consumer identity included in each communication packet transmitted from said pl