OPLIN (Ohio Public Library Information Network) provides Internet services to the public library systems of Ohio. For the most part, we provide one broadband connection to the main library of each system, and access to the commodity Internet for any public library which routes Internet-bound traffic through our network core in Columbus, Ohio. While OPLIN also provides some other services to libraries, none of them are possible without our dependable, robust, broadband network connections.
One of the unusual characteristics of OPLIN is the fact that it provides and manages this physical network connecting libraries to the Internet; most other library “information networks” primarily deliver content and services over a physical network provided by some other organization. When OPLIN was established in 1995-96, the network was built from copper-wire ‘T1’ circuits. In 2006, fiber-optic ‘Ethernet’ circuits began replacing the older T1 circuits.
- Incident Response: OPLIN staff will respond within one hour to malfunctions of Internet connections during regular business hours Monday through Friday from 8:00 a.m. to 5:00 p.m., excluding State of Ohio holidays; contact us through the OPLIN Support site. After-hours support is provided 24/7/365 through the Ohio Office of Information Technology (OIT): AFTER HOURS NUMBER FOR NETWORK OUTAGES ONLY, 614-644-6860.
- Incident Resolution: OPLIN staff and/or OIT staff will open an incident ticket with the telecommunications vendor(s) and will work collaboratively toward resolving the incident within 4 hours.
- How does OPLIN decide how much bandwidth my library will get?
We try to buy circuits big enough so every OPLIN participant has an Internet connection that is large enough to insure that the participant's average circuit utilization does not exceed 70% during peak hours.
- Does our library have to go through OPLIN for network services?
No. Libraries can purchase network services from any vendor. However, since OPLIN offers a free connection between each library system and the Internet, OPLIN network service is almost always the best deal.
- Does my library have to go through OPLIN to get network connections for branches?
No. We recommend you first contact your local telephone company and any nearby cable or wireless providers for their circuit rates. We also offer the option to go through our state contracts (at discounted rates) for library branch connection circuits. Each library must decide the best compromise of quality, price, and performance to meet their needs. The OPLIN Support Center will be happy to review any plans provided by local vendors and give advice.
- Does OPLIN provide any help with network planning?
To help you keep up with the network demands of your libraries, OPLIN staff can prepare bandwidth usage reports and a review of options available through the State of Ohio. Contact the OPLIN Support Center for more information.
- How far in advance do I need to contact the OPLIN Support Center if my library needs to get a new circuit or move an existing circuit?
We recommend that you contact the OPLIN Support Center for information and costs prior to placing any circuit request, and we also recommend that you place your circuit request at least ninety (90) days before your library needs to have the circuit installed or removed.
Network Testing ServiceNetwork Testing Service
While OPLIN's responsibility for Internet connection management ends with the OPLIN router placed at the library end of OPLIN-provided circuits, it is not uncommon for libraries to have internal network issues that affect the throughput capacity of their Internet connection. These problems sometimes come to light in conversations with libraries or in the course of monitoring OPLIN network performance, and over the years OPLIN staff have more and more frequently assisted local library IT staff with some problem solving. OPLIN wants to be sure local libraries are able to take full advantage of the bandwidth OPLIN provides to them.
In April 2013, the OPLIN Board expressed an interest in formalizing this practice and providing free network testing for libraries that seem to be having internal network problems. This document provides a description of this new OPLIN service.
When will local network testing be provided?
The need for network testing will be identified by contact with local library IT staff who report slow network response time while OPLIN monitoring tools indicate that a significant portion of the OPLIN-provided bandwidth is not being used. OPLIN staff may also identify a potential problem based on the characteristics of the data flow over the library's OPLIN circuit, and then initiate contact with local library IT staff. In either case, once the library has agreed to allow OPLIN testing of their internal network, OPLIN staff will perform the testing within two months.
What will the network testing provide?
OPLIN will provide local library IT staff and/or consultants with data about their internal network and help them interpret the meaning of the data. This data will consist of:
- A diagram or description of the topology of the high-level network devices in the library that connect to the OPLIN router
- The bandwidth throughput from:
- the OPLIN router to the OPLIN core at the SOCC
- the internal library network to the OPLIN router
With the possible exception of simple physical changes, OPLIN staff will not take action to remedy any identified problems; that responsibility remains with the library IT staff and/or consultants.
How will the network testing be done?
OPLIN staff will travel to the library where the OPLIN router is located and use various software and hardware tools to test the network and gather data. This will involve connecting computers to the OPLIN router and to various points in the internal library network. It will be the responsibility of the library to provide safe physical access to the network devices and cabling. Once testing data has been gathered, OPLIN staff on site at the library may verbally discuss network issues with library IT staff and/or consultants, but in all cases a written diagnostic summary will be sent to the library after the testing data has been processed and analyzed at the OPLIN office.
How much will the network testing cost?
This service will be provided free of charge to any OPLIN participant that appears to have internal network problems.
Connections and Network InfrastructureConnections and Network Infrastructure
The OPLIN Support Center can assist you with obtaining circuits under state contracts ("Contracts" tabs) as well as other connectivity services. There are currently several state contracts with several telecommunications vendors that offer a wide variety of services, prices, and options. You can contact OPLIN Support at 888-966-7546, email@example.com, or http://support.oplin.org to receive assistance with finding the connectivity package that is best for your library.
Ohio Public Library Connectivity DataOhio Public Library Connectivity Data
Each spring, the State Library of Ohio asks all the public libraries in the state to update basic information about their internet connections and use of internet within their library buildings. This data may also reflect contracted services that are in the process of being installed. You can click on the links below to download a spreadsheet of the latest data or simply view the data.
Internet FilteringInternet Filtering
The OPLIN Board has negotiated a contract with Umbrella by OpenDNS to set up a statewide Internet content filtering system that will be available to all public libraries. OPLIN is charged by the Ohio Legislature "...to help local libraries use filters to screen out obscene and illegal internet materials." For many years, OPLIN fulfilled this requirement by distributing individual grants to libraries, but the earmarked funds were never enough to provide assistance to more than about 40-50 library systems. Clearly, a "central" filtering system available to all libraries would be better.
After several unsuccessful tests over the years, OPLIN finally identified Umbrella as a filtering solution which can effectively provide content filtering for all Ohio public libraries, while still allowing each library to have complete control over how, or if, the filter is to be used in their library system.
How it works
OPLIN purchases licenses to Umbrella for all Ohio public libraries. This provides libraries with free usage of Umbrella's web filtering capabilities, which each library can easily manage and customize by using a relatively simple interface. Ohio public libraries of all sizes have been able to adapt Umbrella to their individual needs. Just contact http://support.oplin.org to request access to your Umbrella license.
- Incident Response: OPLIN staff will respond within one hour to malfunctions of the Internet filtering during regular business hours Monday through Friday from 8:00 a.m. to 5:00 p.m., excluding State of Ohio holidays. Contact us through the OPLIN Support site.
- Incident Resolution: OPLIN staff will attempt to resolve every Internet filtering malfunction within 4 business hours of Incident Response.
More technical information:
Rather than filtering content using a proxy based or span port appliance, Umbrella is a filtered Domain Name Server (DNS) service. You set up an account and associate IP address blocks with said account, and then you can control what types of content you want your users to see much like a traditional content filter. For any request to access a website that falls outside what you deem appropriate, Umbrella returns the IP of one of their block servers, instead of the IP for the real web server. The block can be bypassed on a per session basis by inputing a ticket code you create in the web admin interface. This ticket creates a cookie in the user's browser, which the block server detects and proxies the user to the content. Unless a ticket code is in use, the user is never proxied, so there is no worry of interfering with IP authenticated resources. There are also quite a few other options for how you can specify which machines are held to which rules.
In addition, since Umbrella does not have to handle the actual traffic after the initial DNS request, you do not have to worry about bottlenecks like you would with an appliance.
If you have questions about our free, statewide filtering, please contact http://support.oplin.org.
See our Steps for obtaining an OPLIN-paid Umbrella account document for more information.
CIPA RequirementsCIPA Requirements
Public Library Requirements for Complying with CIPA
This document is presented for information purposes only. Libraries should consult their own legal counsel for an analysis of any specific policy.
The American Library Association (ALA) provides a lot of background information about the Children's Internet Protection Act (CIPA) and the Neighborhood Internet Protection Act (NCIPA), which taken together are commonly referred to as "CIPA." (NCIPA is a subtitle of CIPA; NCIPA only affects E-rate applicants.) CIPA requires public libraries to install Internet filtering software on all Internet computers (public and staff) if the library receives federal money from Library Services & Technology Act grants (LSTA) to purchase computers that will access the Internet, or receives federal E-rate (Universal Services) discounts for anything other than services classified as telecommunications.
Both CIPA and NCIPA were included in a large federal appropriations bill that passed Congress in December 2000. In March 2001, the ALA, the American Civil Liberties Union (ACLU) and several other groups filed suit to prevent the enforcement of CIPA's filtering requirement in public libraries. This litigation eventually made its way to the U.S. Supreme Court, which upheld CIPA in June 2003.
When must a public library comply with CIPA?
If the library:
- receives E-rate discounts for any item or service classified as Internal Connections or Internet Access; or
- receives LSTA funds to purchase any computers that will access the Internet, or Internet access (i.e. pay an Internet Service Provider);
then the library must be CIPA-compliant.
A library does NOT have to be CIPA-compliant to receive E-rate discounts on the Data Transmission services only, or to receive LSTA money for any other purpose than buying Internet access or computers that will access the Internet.
How to comply
There are three requirements that must be met.
Requirement #1: Use a technology protection measure
"Technology protection measure" means a filter on the Internet that blocks visual depictions that are obscene, child pornography, or harmful to minors (defined as any person less than 17 years of age). The filter need not affect text or audio, whatever the content. "Obscene" and "child pornography" have rather vague definitions in U.S. obscenity law. The CIPA legislation defines "harmful to minors" as nudity and sex without literary, artistic, political, or scientific value. See the Ohio Library Council's CIPA FAQ [pdf] for the complete definition.
You must be able to turn off the filter at the request of an adult "without significant delay."
- Possible filter configuration:
If you are using the OpenDNS Web Content Filtering available free from OPLIN, the easiest way to meet this requirement is to select content filtering level "Low," which filters websites in the categories Pornography, Tasteless, Sexuality, and Proxy/Anonymizer (to prevent bypassing the filter). The descriptions of these categories can be found at https://community.opendns.com/domaintagging/categories. If you want to select your own filtering categories, rather than using the pre-selected categories in the Low level, the Tasteless category is probably not necessary for CIPA compliance.
Note that OpenDNS also has a Nudity category that is not selected in the Low level. CIPA requires blocking images that "appeal to a prurient interest in nudity," and OpenDNS almost always tags websites in the Pornography category with a Nudity tag, too. Websites that only have a Nudity tag and no Pornography tag likely have artistic or scientific value and are not intended to be prurient.
- Proving that you have a filter:
E-rate's Program Integrity Assurance (PIA) process for reviewing applications sometimes requests proof that a library has a filter. A screenshot of a filtering log or a purchase order should be sufficient. If you are using the free OPLIN OpenDNS filtering, then the email from OPLIN confirming the establishment of your account would take the place of a purchase order.
Requirement #2: Adopt an Internet Safety Policy
The library must adopt and enforce an Internet Safety Policy that includes the use of a technology protection measure. If the library is applying for E-rate discounts, the policy must address the following items:
- access by minors to inappropriate matter on the Internet and the Web;
- the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications;
- unauthorized access and other unlawful activities by minors online;
- unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and
- measures designed to restrict minors' access to materials harmful to minors.
Note that the Ohio Revised Code (3375.64-C) already requires that libraries receiving OPLIN Internet connections "…establish and enforce procedures designed to keep juveniles who use the participant's services from having access to materials or performances that may be obscene or harmful to juveniles and to keep persons who are not juveniles and who use the participant's services from having access to materials or performances that may be obscene." The OPLIN office has copies of such policies on file from every Ohio public library.
Requirement #3: Hold a public hearing
The Internet Safety Policy must be adopted after a public hearing, or as the CIPA language says, libraries "shall provide reasonable public notice and hold at least one public hearing or meeting to address the proposed Internet safety policy." [Title 47, §254(h)(6)] The regularly scheduled library board of trustees meeting may be used as the required public meeting, assuming the agenda is made public before the meeting and the meeting allows for public comments.
Declaring CIPA compliance
Libraries must certify their CIPA compliance, and there are several ways to do this. Libraries with OPLIN Internet connections are required to send OPLIN an E-rate Form 479 each year that declares whether or not the library is CIPA-compliant. No additional certification is necessary, but if a library is applying for E-rate discounts, the filing of a Form 486 also confirms CIPA compliance.
Steps for obtaining an OPLIN-paid Umbrella accountSteps for obtaining an OPLIN-paid Umbrella account
Cisco Umbrella first steps
Note: Cisco Umbrella is the new name and branding of Umbrella by OpenDNS
1. Send an email to firstname.lastname@example.org stating that you would like to participate, along with the contact information for the person to whom we should email the account login details.
2. The contact's account will be set to an administrator level for your library account. This user will have the ability to send out additional invitations to other staff members, and also elevate them to administrator status.
3. From now on, your library is in complete control of your account. To get started, see Cisco Umbrella's Getting Started Guide.
You will want to use the Umbrella name servers on your network. The IPs for those servers are 188.8.131.52 and 184.108.40.206. If you want to test out the service before making it live on the entire network, you can always change the DNS servers on just your workstation to those two IPs and verify the filtering is working as you want it to. If you're ready to make filtering live, the place to use those two IPs will vary depending on how your network is currently configured.
- If you statically define every workstation with its DNS settings (ex. the state DNS servers at 220.127.116.11) then you would need to change every workstation to use these two new IPs.
- If your workstations point to a local device for DNS (ex. a firewall/router/ActiveDirectory server) then the place you would use the two OpenDNS IPs would be in the forwarders settings of that device. Changing the IPs on a top level device like this will make filtering live for every workstation pointing to said device.
Questions? Please ask at http://support.oplin.org.